Summary: | <dev-ruby/kramdown-2.3.0: Possible remote code execution (CVE-2020-14001) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | ruby |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kramdown.gettalong.org/news.html | ||
Whiteboard: | ~1 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-07-18 04:06:51 UTC
Cleanup mostly done, but app-text/webgen depends on kramdown-1.x. I have filed a bug for this package: https://github.com/gettalong/webgen/issues/17 Looks like we can cleanup now? dev-ruby/kramdown:0 has now been masked for removal. (In reply to Hans de Graaff from comment #3) > dev-ruby/kramdown:0 has now been masked for removal. Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3915b68bbc814b693c39d43ea67b7a670943f71b commit 3915b68bbc814b693c39d43ea67b7a670943f71b Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-09-14 17:18:23 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-09-14 17:23:44 +0000 dev-ruby/kramdown: Remove masked slot :0 Bug: https://bugs.gentoo.org/733116 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-ruby/kramdown/Manifest | 1 - dev-ruby/kramdown/kramdown-1.17.0-r2.ebuild | 51 ----------------------------- profiles/package.mask | 5 --- 3 files changed, 57 deletions(-) Tree is clean. All done. |