Summary: | dev-lang/scala <dev-lang/scala-bin-2.13.9: deserialization gadget chain | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | java |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/scala/scala/pull/10118 | ||
See Also: | https://github.com/gentoo/gentoo/pull/31661 | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 909324 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-24 19:59:42 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e35d7d6b7a1e56e29fb6e515693208ab0ba370c9 commit e35d7d6b7a1e56e29fb6e515693208ab0ba370c9 Author: Florian Schmaus <flow@gentoo.org> AuthorDate: 2022-09-28 15:38:31 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-09-28 15:39:46 +0000 dev-lang/scala-bin: add 2.13.9 Bug: https://bugs.gentoo.org/872695 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-lang/scala-bin/Manifest | 1 + dev-lang/scala-bin/scala-bin-2.13.9.ebuild | 77 ++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) Thanks Flow! Not sure how I missed the existence of scala-bin. I'm not sure if we can trust the CVE's assertion that this only affects Scala 2.13.x, so keeping at [ebuild] for now for dev-lang/scala itself. Please stabilize scala-bin-2.13.9 when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e44201d7f3ae177c3b8449d53e55fa71ff229c7 commit 0e44201d7f3ae177c3b8449d53e55fa71ff229c7 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2023-06-28 17:55:24 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2023-06-29 06:08:55 +0000 dev-lang/scala-bin: drop 2.13.6 Bug: https://bugs.gentoo.org/872695 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/31661 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-lang/scala-bin/Manifest | 1 - dev-lang/scala-bin/scala-bin-2.13.6.ebuild | 77 ------------------------------ 2 files changed, 78 deletions(-) Actually, it looks like LazyLists are a 2.13 feature of Scala, so scala itself isn't affected. All done. |