Summary: | dev-build/bazel: credential disclosure to external server | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED PKGREMOVED | ||
Severity: | minor | CC: | ajak, perfinion, soap |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/bazelbuild/bazel/security/advisories/GHSA-mxr8-q875-rhwq | ||
Whiteboard: | B4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 922374 |
Description
John Helmert III
![]() ![]() ![]() ![]() Ah, fixes are indeed in 4.2.3, 5.3.2, 5.4.0: https://github.com/bazelbuild/bazel/pull/16450. Needs bumps. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=937bb2fe50b5f938cca85d4a3b2ba55dbf71e617 commit 937bb2fe50b5f938cca85d4a3b2ba55dbf71e617 Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2024-02-24 12:50:14 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2024-02-24 12:50:14 +0000 dev-build/bazel: treeclean Bug: https://bugs.gentoo.org/878501 Closes: https://bugs.gentoo.org/906914 Closes: https://bugs.gentoo.org/917689 Closes: https://bugs.gentoo.org/918703 Closes: https://bugs.gentoo.org/634046 Closes: https://bugs.gentoo.org/652776 Closes: https://bugs.gentoo.org/687538 Closes: https://bugs.gentoo.org/747370 Closes: https://bugs.gentoo.org/766243 Closes: https://bugs.gentoo.org/790116 Closes: https://bugs.gentoo.org/820179 Closes: https://bugs.gentoo.org/820182 Closes: https://bugs.gentoo.org/832935 Closes: https://bugs.gentoo.org/837023 Closes: https://bugs.gentoo.org/846464 Closes: https://bugs.gentoo.org/858314 Closes: https://bugs.gentoo.org/867292 Closes: https://bugs.gentoo.org/872455 Closes: https://bugs.gentoo.org/884477 Closes: https://bugs.gentoo.org/895300 Closes: https://bugs.gentoo.org/909434 Closes: https://bugs.gentoo.org/917257 Closes: https://bugs.gentoo.org/919798 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> dev-build/bazel/Manifest | 7 -- dev-build/bazel/bazel-3.7.2-r1.ebuild | 117 --------------------- dev-build/bazel/bazel-4.2.2.ebuild | 100 ------------------ dev-build/bazel/bazel-5.0.0.ebuild | 96 ----------------- dev-build/bazel/bazel-5.1.1.ebuild | 96 ----------------- dev-build/bazel/bazel-5.3.0.ebuild | 102 ------------------ dev-build/bazel/bazel-6.2.0.ebuild | 102 ------------------ dev-build/bazel/bazel-6.4.0.ebuild | 102 ------------------ .../bazel-3.2.0-include-limits-for-gcc-11.patch | 25 ----- .../bazel-3.7.2-musl-temp-failure-retry.patch | 34 ------ .../files/bazel-4.2.2-absl_numeric_limits.patch | 41 -------- dev-build/bazel/metadata.xml | 20 ---- profiles/package.mask | 15 --- profiles/updates/1Q-2024 | 1 - 14 files changed, 858 deletions(-) Vote glsa: no. |