Summary: | <dev-python/GitPython-3.1.30: code execution via crafted input to Repo.clone_from | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/gitpython-developers/GitPython/issues/1515 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 889040 | ||
Bug Blocks: |
Description
John Helmert III
2022-12-06 21:19:47 UTC
"No fix is planned, and this issue is triaged as 'help wanted'." Honestly? I hate this horror of a package and I'd love to see it gone. Unfortunately, it has a bunch of revdeps... 3.1.30 is released according to the issue at URL, and is pushed to PyPI. Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=c77ebbf690aa9db206075b255adc3de59632bb55 commit c77ebbf690aa9db206075b255adc3de59632bb55 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-01 12:20:26 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-01 12:21:08 +0000 [ GLSA 202311-01 ] GitPython: Code Execution via Crafted Input Bug: https://bugs.gentoo.org/884623 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-01.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |