Summary: | <net-misc/curl-7.71.0: Multiple vulnerabilities (CVE-2020-8169, CVE-2020-8177) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | blueness |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=730416 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
=net-misc/curl-7.71.0 amd64 arm arm64 hppa ppc ppc64 s390 sparc x86
|
Runtime testing required: | --- |
Description
John Helmert III
2020-06-24 07:01:02 UTC
Maintainer, please bump. Please let us know when ready to stable. (In reply to Sam James (sec padawan) from comment #2) > Please let us know when ready to stable. It should be good to go. KEYWORDS="amd64 arm arm64 hppa ppc ppc64 sparc x86" (In reply to Anthony Basile from comment #3) > (In reply to Sam James (sec padawan) from comment #2) > > Please let us know when ready to stable. > > It should be good to go. > > KEYWORDS="amd64 arm arm64 hppa ppc ppc64 sparc x86" Excellent, thank you! amd64 stable sparc stable x86 stable arm stable ppc stable ppc64 stable hppa stable arm64 stable ---- @maintainer, please cleanup. Also see dependent bug. (In reply to Sam James (sec padawan) from comment #12) > @maintainer, please cleanup. Also see dependent bug. blocker (In reply to Sam James (sec padawan) from comment #13) > (In reply to Sam James (sec padawan) from comment #12) > > @maintainer, please cleanup. Also see dependent bug. > > blocker Please read bug #730416 for more detail, but USE=quiche is stable masked on amd64. So its available for ~amd64 but not for amd64 which is where the bug occurs. It is a known issue and should not block stabilization. I'm moving the blocker to "See Also". s390 stable. Maintainer(s), please cleanup. Security, please vote. (In reply to Anthony Basile from comment #14) > (In reply to Sam James (sec padawan) from comment #13) > > (In reply to Sam James (sec padawan) from comment #12) > > > @maintainer, please cleanup. Also see dependent bug. > > > > blocker > > Please read bug #730416 for more detail, but USE=quiche is stable masked on > amd64. So its available for ~amd64 but not for amd64 which is where the bug > occurs. It is a known issue and should not block stabilization. I'm moving > the blocker to "See Also". (Thank you) GLSA vote: yes This issue was resolved and addressed in GLSA 202007-16 at https://security.gentoo.org/glsa/202007-16 by GLSA coordinator Sam James (sam_c). (In reply to GLSAMaker/CVETool Bot from comment #17) > This issue was resolved and addressed in > GLSA 202007-16 at https://security.gentoo.org/glsa/202007-16 > by GLSA coordinator Sam James (sam_c). Reopening for cleanup. The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f0cf742462897b3ddeb3705b7d606e0f98bf2c5e commit f0cf742462897b3ddeb3705b7d606e0f98bf2c5e Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-27 02:33:27 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-27 03:15:18 +0000 net-misc/curl: security cleanup Closes: https://bugs.gentoo.org/729374 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: Sam James <sam@gentoo.org> net-misc/curl/Manifest | 3 - net-misc/curl/curl-7.68.0.ebuild | 265 --------------------------- net-misc/curl/curl-7.69.1.ebuild | 265 --------------------------- net-misc/curl/curl-7.70.0-r1.ebuild | 267 ---------------------------- net-misc/curl/files/curl-fix-cpu-load.patch | 94 ---------- 5 files changed, 894 deletions(-) |