Summary: | <kde-plasma/discover-5.20.5-r1, <kde-plasma/discover-5.21.3: no verification of link protocol (CVE-2021-28117) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | Flags: | nattka:
sanity-check-
|
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://kde.org/info/security/advisory-20210310-1.txt | ||
Whiteboard: | B4 [noglsa] | ||
Package list: |
kde-plasma/discover-5.20.5-r1
|
Runtime testing required: | --- |
Description
John Helmert III
2021-03-22 21:49:44 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee5b2b3f04e3e3ee919334c251ae26dce7e761d2 commit ee5b2b3f04e3e3ee919334c251ae26dce7e761d2 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-04-04 12:09:16 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-04-04 13:19:36 +0000 kde-plasma/discover: Fix CVE-2021-28117 See also: https://kde.org/info/security/advisory-20210310-1.txt Bug: https://bugs.gentoo.org/777777 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-plasma/discover/discover-5.20.5-r1.ebuild | 84 ++++++++++++++++++++++ .../files/discover-5.20.5-CVE-2021-28117.patch | 28 ++++++++ 2 files changed, 112 insertions(+) x86 stable amd64 done arm64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=add9c9bd0bc97aa41016081c84cfc968c77ea10a commit add9c9bd0bc97aa41016081c84cfc968c77ea10a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2021-04-06 19:56:12 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2021-04-06 20:07:50 +0000 kde-plasma/discover: Cleanup vulnerable 5.20.5 Bug: https://bugs.gentoo.org/777777 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> kde-plasma/discover/discover-5.20.5.ebuild | 82 ------------------------------ 1 file changed, 82 deletions(-) Unable to check for sanity:
> no match for package: kde-plasma/discover-5.20.5-r1
This bug should be marked as resolved maybe? (In reply to Reva Denis from comment #8) > This bug should be marked as resolved maybe? Whiteboard at [glsa?] means the bug needs a GLSA vote. I vote no, closing. |