Summary: | <dev-python/pipenv-2022.1.8: code execution via crafted requirements.txt file | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | oz.tiram, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/pypa/pipenv/security/advisories/GHSA-qc9x-gjcv-465w | ||
Whiteboard: | ~2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 831088 | ||
Bug Blocks: |
Description
John Helmert III
2022-01-11 03:33:22 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a0ef72d2208774b6598ff30da002c07f7569934 commit 1a0ef72d2208774b6598ff30da002c07f7569934 Author: Oz N Tiram <oz.tiram@gmail.com> AuthorDate: 2022-01-11 09:20:20 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-12 22:38:05 +0000 dev-python/pipenv: add 2022.1.8 Dropped ~x86 due to unkeyworded dev-python/cerberus, rekeywording pending. Bug: https://bugs.gentoo.org/830982 Signed-off-by: Oz N Tiram <oz.tiram@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/23720 Signed-off-by: Sam James <sam@gentoo.org> dev-python/pipenv/Manifest | 1 + ...ipenv-2022-1-8-remove-first-vendor-import.patch | 162 +++++++++++++++++++++ dev-python/pipenv/pipenv-2022.1.8.ebuild | 96 ++++++++++++ 3 files changed, 259 insertions(+) Thanks! Please cleanup when able Tree is clean. |