Summary: | <app-metrics/pushgateway-1.5.1: basic authentication bypass | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | zmedico |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/prometheus/pushgateway/releases/tag/v1.5.1 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 883639 |
Description
John Helmert III
2022-11-29 19:03:46 UTC
It looks like it is vulnerable, since they specifically cut a release to fix it: https://github.com/prometheus/pushgateway/releases/tag/v1.5.1 Great! Please bump. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=89921c6d9254242e3c74762c57dc3531b5fb102c commit 89921c6d9254242e3c74762c57dc3531b5fb102c Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-11-30 00:50:28 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-11-30 00:50:58 +0000 app-metrics/pushgateway: add 1.5.1 Bug: https://bugs.gentoo.org/883647 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-metrics/pushgateway/Manifest | 2 + app-metrics/pushgateway/pushgateway-1.5.1.ebuild | 48 ++++++++++++++++++++++++ 2 files changed, 50 insertions(+) Thanks! Please cleanup when ready The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27c8f2d94aeb5048f8064bd60e896853c3dfd107 commit 27c8f2d94aeb5048f8064bd60e896853c3dfd107 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-11-30 05:39:55 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-11-30 05:40:22 +0000 app-metrics/pushgateway: drop 1.4.2, 1.4.3 Bug: https://bugs.gentoo.org/883647 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-metrics/pushgateway/Manifest | 4 -- app-metrics/pushgateway/pushgateway-1.4.2.ebuild | 48 ------------------------ app-metrics/pushgateway/pushgateway-1.4.3.ebuild | 48 ------------------------ 3 files changed, 100 deletions(-) Thanks, all done! |