Summary: | <net-im/coturn-4.5.2: Loopback bypass (CVE-2020-26262) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kenton Groombridge <concord> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | jstein, nativemad |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p | ||
See Also: | https://github.com/gentoo/gentoo/pull/19539 | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Kenton Groombridge
2021-01-12 20:43:03 UTC
Thanks for the report! They're really helpful for keeping on top of various vulnerabilities in packages, especially when they haven't received a (public) CVE yet. I've adjusted the summary because we don't version them until we have a fixed version in Gentoo. @maintainer, please bump to 4.5.2. ping I bumped the ebuild to 4.5.2 and removed the old version now. Sorry for the delay! (In reply to Andreas Schürch from comment #3) > I bumped the ebuild to 4.5.2 and removed the old version now. > Sorry for the delay! Thanks! Tree is clean, all done. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. |