Summary: | <app-arch/rpm-4.17.1: signature verification vulnerability (CVE-2021-3521) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 877041 | ||
Bug Blocks: |
Description
Sam James
2022-01-01 04:31:50 UTC
Patches: 1. https://github.com/rpm-software-management/rpm/commit/7b399fcb8f52566e6f3b4327197a85facd08db91 2. https://github.com/rpm-software-management/rpm/commit/236b802a4aa48711823a191d1b7f753c82a89ec5 3. https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 Tangentially: https://github.com/rpm-software-management/rpm/pull/1844#issuecomment-992541341 (there's some other useful, not necessarily strictly related security fixes going on). The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188ca6ba0a28ffdcbb063d0bf126a2ed8769448b commit 188ca6ba0a28ffdcbb063d0bf126a2ed8769448b Author: Sam James <sam@gentoo.org> AuthorDate: 2022-07-05 01:13:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-07-05 01:13:25 +0000 app-arch/rpm: add 4.17.1 Bug: https://bugs.gentoo.org/830380 Signed-off-by: Sam James <sam@gentoo.org> app-arch/rpm/Manifest | 1 + app-arch/rpm/rpm-4.17.1.ebuild | 161 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 162 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5078a9788b7ff36a1af60ad7a701d958e37206e1 commit 5078a9788b7ff36a1af60ad7a701d958e37206e1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2022-10-21 17:53:55 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-21 17:55:15 +0000 app-arch/rpm: drop 4.17.0-r2 Bug: https://bugs.gentoo.org/830380 Signed-off-by: John Helmert III <ajak@gentoo.org> app-arch/rpm/Manifest | 1 - app-arch/rpm/rpm-4.17.0-r2.ebuild | 158 -------------------------------------- 2 files changed, 159 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d1fba8b4347d1cc39def2710ba7880b64f060ea2 commit d1fba8b4347d1cc39def2710ba7880b64f060ea2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:15:56 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:15 +0000 [ GLSA 202210-22 ] RPM: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/830380 Bug: https://bugs.gentoo.org/866716 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-22.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) GLSA released, all done! |