Summary: | <dev-python/flask-cors-3.0.9: Directory traversal (CVE-2020-25032) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | guillaumeseren, proxy-maint, treecleaner, wking |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/corydolphin/flask-cors/releases/tag/3.0.9 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=718834 https://bugs.gentoo.org/show_bug.cgi?id=743256 https://github.com/gentoo/gentoo/pull/16046 |
||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 696640 | ||
Bug Blocks: | 698100 |
Description
John Helmert III
2020-09-20 02:12:36 UTC
CCing treecleaner due to lack of maintenance. Only revdep is media-sound/beets[webserver]. I see beets' maintainer has a PR for this, will get to reviewing it... Hey, I have rebased my branch and bump flask-cors to 3.0.9 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=36c867f82127c775231e5200caa0551f661aa866 commit 36c867f82127c775231e5200caa0551f661aa866 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-12-02 20:46:06 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-12-02 20:47:36 +0000 dev-python/flask-cors: bump to 3.0.9 and add more py compats Bug: https://bugs.gentoo.org/743256 Bug: https://bugs.gentoo.org/743646 Closes: https://bugs.gentoo.org/696640 Closes: https://bugs.gentoo.org/718834 Suggested-by: Guillaume Seren <guillaumeseren@gmail.com> Signed-off-by: Aaron Bauman <bman@gentoo.org> dev-python/flask-cors/Manifest | 1 + dev-python/flask-cors/flask-cors-3.0.9.ebuild | 32 +++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) @arches, please stabilize x86 stable amd64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=049de164f57c0d78595a376097d5236a7707556a commit 049de164f57c0d78595a376097d5236a7707556a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2020-12-03 08:28:39 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2020-12-03 08:29:25 +0000 dev-python/flask-cors: Remove old Bug: https://bugs.gentoo.org/743646 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/flask-cors/Manifest | 1 - dev-python/flask-cors/flask-cors-2.1.0.ebuild | 69 --------------------------- 2 files changed, 70 deletions(-) Tree is clean, thanks all! |