Summary: | <net-p2p/syncthing-1.23.5: XSS via shared folder names | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | gentoo-setan, maintainer-needed, marecki |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/syncthing/syncthing/security/advisories/GHSA-9rp6-23gf-4c3h | ||
Whiteboard: | B4 [glsa?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 908046 | ||
Bug Blocks: |
Description
John Helmert III
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e69d298d016e0b8c970785bca2e9b3652b11ee8 commit 0e69d298d016e0b8c970785bca2e9b3652b11ee8 Author: Marek Szuba <marecki@gentoo.org> AuthorDate: 2023-06-08 13:15:14 +0000 Commit: Marek Szuba <marecki@gentoo.org> CommitDate: 2023-06-08 13:16:51 +0000 net-p2p/syncthing: drop 1.23.4-r1 No versions vulnerable to CVE-2022-46165 left in the tree. Bug: https://bugs.gentoo.org/908034 Signed-off-by: Marek Szuba <marecki@gentoo.org> net-p2p/syncthing/Manifest | 1 - net-p2p/syncthing/syncthing-1.23.4-r1.ebuild | 112 --------------------------- 2 files changed, 113 deletions(-) Can this be closed if we no longer support this version? (In reply to gentoo-setan from comment #2) > Can this be closed if we no longer support this version? No, a decision on a GLSA still needs to be made. |