Summary: | <dev-ruby/omniauth-2.0.4: CSRF with Ruby on Rails (CVE-2015-9284) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | ruby |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/omniauth/omniauth/pull/809 | ||
See Also: | https://github.com/gentoo/gentoo/pull/21990 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2020-12-27 18:50:10 UTC
Given the long discussion and history on that bug I think it is best if we wait for a new upstream version for this. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b6e7418ac708d533403b7fbf70b87c9502bcc3be commit b6e7418ac708d533403b7fbf70b87c9502bcc3be Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2021-07-07 07:40:12 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2021-07-07 07:40:12 +0000 profiles/package.mask: mask vulnerable omniauth slot Bug: https://bugs.gentoo.org/761960 Signed-off-by: Hans de Graaff <graaff@gentoo.org> profiles/package.mask | 5 +++++ 1 file changed, 5 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89bcc98ce7ba0cfe3de2910a9aa12c3f0847db94 commit 89bcc98ce7ba0cfe3de2910a9aa12c3f0847db94 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2021-07-07 07:36:31 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2021-07-07 07:37:35 +0000 dev-ruby/omniauth: add 2.0.4 Bug: https://bugs.gentoo.org/761960 Package-Manager: Portage-3.0.20, Repoman-3.0.2 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-ruby/omniauth/Manifest | 1 + dev-ruby/omniauth/omniauth-2.0.4.ebuild | 46 +++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) Thanks! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5424f4f5575040dab0ffa3f1d01148555faa5117 commit 5424f4f5575040dab0ffa3f1d01148555faa5117 Author: Jakov Smolic <jakov.smolic@sartura.hr> AuthorDate: 2021-08-19 11:14:11 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-08-19 11:14:11 +0000 dev-ruby/omniauth: Remove last-rited version Bug: https://bugs.gentoo.org/761960 Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr> Signed-off-by: David Seifert <soap@gentoo.org> dev-ruby/omniauth/Manifest | 1 - dev-ruby/omniauth/omniauth-1.9.1.ebuild | 45 --------------------------------- profiles/package.mask | 5 ---- 3 files changed, 51 deletions(-) All done, thanks! |