Summary: | net-mail/mailman: password checking timing attack vulnerability | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | trivial | CC: | hanno, ohnobinki, sam | ||||||
Priority: | Normal | Keywords: | PATCH | ||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | ~4 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Attachments: |
|
Description
John Helmert III
2021-12-04 04:57:21 UTC
Created attachment 759930 [details, diff]
mailman-3.3.5-relax-alembic-dependency.patch
It looks like mailman-3.3.6 is already out.
That fix is included in mailman-3.3.5 according to the upstream changelog ( «URI scrubbed because my bugzilla account is less than 24 hours old» ).
This is a patch which I found was required to get mailman-3.3.5 to run while testing. It should also be required for 3.3.6, but I have not tested it.
Created attachment 759983 [details, diff]
mailman-3.3.5-relax-alembic-dependency.patch
Patch from upstream.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fd8719e070a90c8f5494b2b661530eedfaf5a38e commit fd8719e070a90c8f5494b2b661530eedfaf5a38e Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2022-06-05 14:08:28 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2022-06-05 14:16:19 +0000 net-mail/mailman: treeclean Closes: https://bugs.gentoo.org/846149 Closes: https://bugs.gentoo.org/842888 Closes: https://bugs.gentoo.org/836711 Closes: https://bugs.gentoo.org/827257 Closes: https://bugs.gentoo.org/802450 Closes: https://bugs.gentoo.org/766435 Bug: https://bugs.gentoo.org/828115 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> net-mail/mailman/Manifest | 2 - .../mailman/files/mailman-3.3.4-fix-click-8.patch | 75 ---------------------- .../files/mailman-3.3.4-py3.9-importlib.patch | 73 --------------------- net-mail/mailman/mailman-3.3.2.ebuild | 42 ------------ net-mail/mailman/mailman-3.3.4.ebuild | 60 ----------------- net-mail/mailman/metadata.xml | 10 --- profiles/package.mask | 1 - 7 files changed, 263 deletions(-) All done! |