Summary: | <kde-apps/kleopatra-20.04.3-r1: Unsafe handling of URIs allowing remote code execution (CVE-2020-24972) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | Flags: | nattka:
sanity-check+
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
kde-apps/kleopatra-20.04.3-r1
|
Runtime testing required: | --- |
Description
Sam James
2020-08-29 21:47:24 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bcbbc28935e68cd159ba8c04fac867cc8f284ce5 commit bcbbc28935e68cd159ba8c04fac867cc8f284ce5 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-30 07:54:06 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-30 07:58:22 +0000 kde-apps/kleopatra: Fix CVE-2020-24972 Bug: https://bugs.gentoo.org/739556 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> .../files/kleopatra-20.04.3-CVE-2020-24972.patch | 110 +++++++++++++++++++++ kde-apps/kleopatra/kleopatra-20.04.3-r1.ebuild | 57 +++++++++++ 2 files changed, 167 insertions(+) Thanks asturm! arm64 done x86 stable amd64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e2249e0e4b269e1165100fd4c4b8634ba4c124c commit 6e2249e0e4b269e1165100fd4c4b8634ba4c124c Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-08-30 20:30:13 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-08-30 20:30:13 +0000 kde-apps/kleopatra: Cleanup vulnerable 20.04.3 (r0) Bug: https://bugs.gentoo.org/739556 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-apps/kleopatra/kleopatra-20.04.3.ebuild | 55 ----------------------------- 1 file changed, 55 deletions(-) kde proj done. This issue was resolved and addressed in GLSA 202008-21 at https://security.gentoo.org/glsa/202008-21 by GLSA coordinator Sam James (sam_c). |