Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 808651 (CVE-2021-38711)

Summary: www-apps/gitit: information leak via Export feature (CVE-2021-38711)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: haskell
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-08-16 23:14:01 UTC
CVE-2021-38711 (https://github.com/jgm/gitit/commit/eed32638f4f6e3b2f4b8a9a04c4b72001acf9ad8):

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.

Please bump.
Comment 1 Larry the Git Cow gentoo-dev 2022-08-21 21:32:18 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6b5cb9c708bbfed9ce7d0489d1ec3ad127e6d5da

commit 6b5cb9c708bbfed9ce7d0489d1ec3ad127e6d5da
Author:     Jakov Smolić <jsmolic@gentoo.org>
AuthorDate: 2022-08-21 21:10:54 +0000
Commit:     Jakov Smolić <jsmolic@gentoo.org>
CommitDate: 2022-08-21 21:31:01 +0000

    www-apps/gitit: treeclean
    
    Closes: https://bugs.gentoo.org/657552
    Closes: https://bugs.gentoo.org/808651
    Signed-off-by: Jakov Smolić <jsmolic@gentoo.org>

 profiles/package.mask                              |  1 -
 www-apps/gitit/Manifest                            |  1 -
 .../gitit/files/gitit-0.13.0.0-pandoc-2.12.patch   | 43 -----------
 www-apps/gitit/gitit-0.13.0.0-r1.ebuild            | 88 ----------------------
 www-apps/gitit/metadata.xml                        | 42 -----------
 5 files changed, 175 deletions(-)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-23 20:16:00 UTC
Thanks Jakov!