Summary: | <net-p2p/syncthing-1.15.1: relay server/client DoS | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | minor | CC: | gentoo-setan, maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/syncthing/syncthing/security/advisories/GHSA-x462-89pf-6r5h | ||
Whiteboard: | B3 [glsa?] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d3a39dc0c31ae1bb493766e48a0ca9e39ed9f05d commit d3a39dc0c31ae1bb493766e48a0ca9e39ed9f05d Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2021-04-07 08:02:15 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2021-04-07 08:08:23 +0000 net-p2p/syncthing: bump to 1.15.1 Addresses CVE-2021-21404. Bug: https://bugs.gentoo.org/780678 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-p2p/syncthing/Manifest | 30 ++ net-p2p/syncthing/syncthing-1.15.1.ebuild | 781 ++++++++++++++++++++++++++++++ 2 files changed, 811 insertions(+) ppc64 done x86 done arm done arm64 done amd64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d36439b60ace1b6e526717543e33e8475a94f64 commit 6d36439b60ace1b6e526717543e33e8475a94f64 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2021-04-12 16:58:17 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2021-04-12 16:58:57 +0000 net-p2p/syncthing: remove versions vulnerable to CVE-2021-21404 Bug: https://bugs.gentoo.org/780678 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-p2p/syncthing/Manifest | 46 -- net-p2p/syncthing/syncthing-1.13.1.ebuild | 797 ------------------------------ 2 files changed, 843 deletions(-) Thanks! Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Shouldn't we close this, or something? (In reply to Marek Szuba from comment #16) > Shouldn't we close this, or something? Yes, once a GLSA is released. it's been two years, can this be closed? (In reply to gentoo-setan from comment #18) > it's been two years, can this be closed? A decision on a GLSA still needs to be made. We have a backlog here and work our way down through the priorities. |