Summary: | <sys-cluster/spark-bin-2.4.6: Remote code execution vulnerability (CVE-2020-9480) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | alec, java, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://spark.apache.org/security.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/16383 | ||
Whiteboard: | ~1 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-06-23 01:58:05 UTC
Maintainers, please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=517a73e1a50509ad8f834400a45eb9a987fe35b9 commit 517a73e1a50509ad8f834400a45eb9a987fe35b9 Author: Alec Ten Harmsel <alec@alectenharmsel.com> AuthorDate: 2020-06-23 10:43:02 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-07-16 14:38:42 +0000 sys-cluster/spark-bin: Remove 2.4.5 Insecure (see CVE-2020-9480). Bug: https://bugs.gentoo.org/729222 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Alec Ten Harmsel <alec@alectenharmsel.com> Closes: https://github.com/gentoo/gentoo/pull/16383 Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-cluster/spark-bin/Manifest | 1 - sys-cluster/spark-bin/spark-bin-2.4.5.ebuild | 61 ---------------------------- 2 files changed, 62 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9c182e63b5cb2e159edd60c2ebaebfefe46504d9 commit 9c182e63b5cb2e159edd60c2ebaebfefe46504d9 Author: Alec Ten Harmsel <alec@alectenharmsel.com> AuthorDate: 2020-06-23 10:39:15 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-07-16 14:38:42 +0000 sys-cluster/spark-bin: Bump to 2.4.6 2.4.5 and earlier are insecure (see CVE-2020-9480). Bug: https://bugs.gentoo.org/729222 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Alec Ten Harmsel <alec@alectenharmsel.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> sys-cluster/spark-bin/Manifest | 1 + sys-cluster/spark-bin/spark-bin-2.4.6.ebuild | 61 ++++++++++++++++++++++++++++ 2 files changed, 62 insertions(+) Thanks. All done. All done, noglsa, closing. |