Summary: | <net-news/liferea-1.12.10: Fix RCE vulnerability on feed enrichment | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | CFuga <cfuga> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ajak, proxy-maint, ykonotopov |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/30103 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 901261 | ||
Bug Blocks: |
Description
CFuga
2023-03-13 21:26:09 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=64cf62ae757f2c35ec0a9b7db4a81998a6be8bcc commit 64cf62ae757f2c35ec0a9b7db4a81998a6be8bcc Author: Sam James <sam@gentoo.org> AuthorDate: 2023-03-15 05:00:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-15 05:00:23 +0000 net-news/liferea: drop 1.14.0 Bug: https://bugs.gentoo.org/901085 Signed-off-by: Sam James <sam@gentoo.org> net-news/liferea/Manifest | 1 - net-news/liferea/liferea-1.14.0.ebuild | 72 ---------------------------------- 2 files changed, 73 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ff30e326baee3f26591724553397e1f9cca0a0d9 commit ff30e326baee3f26591724553397e1f9cca0a0d9 Author: Cristian Othón Martínez Vera <cfuga@cfuga.mx> AuthorDate: 2023-03-13 21:32:23 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-03-15 05:00:11 +0000 net-news/liferea: add 1.12.10, 1.14.1 (Fix RCE vulnerability on feed enrichment) Fix CVE-2023-1350. Bug: https://bugs.gentoo.org/901085 Closes: https://github.com/gentoo/gentoo/pull/30103 Signed-off-by: Cristian Othón Martínez Vera <cfuga@cfuga.mx> Signed-off-by: Sam James <sam@gentoo.org> net-news/liferea/Manifest | 2 + net-news/liferea/liferea-1.12.10.ebuild | 74 +++++++++++++++++++++++++++++++++ net-news/liferea/liferea-1.14.1.ebuild | 69 ++++++++++++++++++++++++++++++ 3 files changed, 145 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e050c0668826f5cc3f8190c9cb8d787aebea816d commit e050c0668826f5cc3f8190c9cb8d787aebea816d Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-04-19 04:21:51 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-04-19 04:26:29 +0000 net-news/liferea: drop 1.12.9-r2 Bug: https://bugs.gentoo.org/901085 Signed-off-by: John Helmert III <ajak@gentoo.org> net-news/liferea/Manifest | 1 - net-news/liferea/liferea-1.12.9-r2.ebuild | 74 ------------------------------- 2 files changed, 75 deletions(-) Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4ae2e26a770ee27c081f2011f4d1f220735c82ad commit 4ae2e26a770ee27c081f2011f4d1f220735c82ad Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-01 05:56:34 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-07-01 06:09:15 +0000 [ GLSA 202407-03 ] Liferea: Remote Code Execution Bug: https://bugs.gentoo.org/901085 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202407-03.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |