Summary: | <dev-python/aiohttp-3.7.4: Open redirect vulnerability in `aiohttp` (CVE-2021-21330) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michał Górny <mgorny> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python, zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
Michał Górny
2021-02-25 19:40:59 UTC
Unable to check for sanity:
> no match for package: dev-python/aiohttp-3.7.4
Resetting sanity check; keywords are not fully specified and arches are not CC-ed. Thank you! x86 done ppc64 done ppc done arm64 done hppa/sparc stable arm done amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7123d5d2aee72acfa4b2e90fc66331b9948eddc5 commit 7123d5d2aee72acfa4b2e90fc66331b9948eddc5 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2021-02-28 21:40:29 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2021-02-28 21:40:32 +0000 dev-python/aiohttp: Remove old Bug: https://bugs.gentoo.org/772932 Signed-off-by: Michał Górny <mgorny@gentoo.org> dev-python/aiohttp/Manifest | 4 - dev-python/aiohttp/aiohttp-3.6.2-r1.ebuild | 156 ----------------------------- dev-python/aiohttp/aiohttp-3.7.1-r1.ebuild | 90 ----------------- dev-python/aiohttp/aiohttp-3.7.2-r1.ebuild | 91 ----------------- dev-python/aiohttp/aiohttp-3.7.3.ebuild | 91 ----------------- 5 files changed, 432 deletions(-) Thank you! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=39083bb85acf1f7a1d43ba6502dcfae335e3bf80 commit 39083bb85acf1f7a1d43ba6502dcfae335e3bf80 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 22:31:38 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 22:33:21 +0000 [ GLSA 202208-19 ] aiohttp: Open redirect vulnerability Bug: https://bugs.gentoo.org/772932 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-19.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) GLSA released, all done! |