Summary: | <app-admin/doas-6.8.1: fails to always reset PATH (CVE-2019-25016) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | felix.janda, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | C1 [glsa+ cve] | ||
Package list: |
app-admin/doas-6.8.1-r1
|
Runtime testing required: | --- |
Description
Sam James
2021-01-28 21:33:47 UTC
Please bump to 6.8.1. (NOTE: Provisionally calling it C1, but not super happy with that classification.) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bc1b8dc0675ff0ff0c6d7c5b9576d3f6808bbdd commit 1bc1b8dc0675ff0ff0c6d7c5b9576d3f6808bbdd Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-30 21:37:21 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-30 21:37:21 +0000 app-admin/doas: security bump to 6.8.1 Bug: https://bugs.gentoo.org/767781 Package-Manager: Portage-3.0.14, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> app-admin/doas/Manifest | 1 + app-admin/doas/doas-6.8.1.ebuild | 51 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+) Unable to check for sanity:
> no match for package: app-admin/doas-6.8.2
arm64 done arm done amd64 done all arches done Please cleanup! Cleanup done: commit 30e45562f3aa3d48e64d08fe5db01b39c84e42ca Author: Joonas Niilola <juippis@gentoo.org> Date: Sat Mar 20 09:10:15 2021 +0200 app-admin/doas: drop 6.0, 6.6.1, 6.8 Signed-off-by: Joonas Niilola <juippis@gentoo.org> delete mode 100644 app-admin/doas/doas-6.0.ebuild delete mode 100644 app-admin/doas/doas-6.6.1.ebuild delete mode 100644 app-admin/doas/doas-6.8.ebuild New GLSA request filed. Unable to check for sanity:
> no match for package: app-admin/doas-6.8.1
This issue was resolved and addressed in GLSA 202107-11 at https://security.gentoo.org/glsa/202107-11 by GLSA coordinator Sam James (sam_c). |