Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 911550 (CVE-2023-36325)

Summary: <net-vpn/i2p-2.3.0: Eepsite deanonymization attack
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: normal CC: java, proxy-maint, tharvik
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://xeiaso.net/blog/CVE-2023-36325
See Also: https://i2pgit.org/i2p-hackers/i2p.i2p/-/issues/397
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---
Bug Depends on: 911551    
Bug Blocks:    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-08-01 07:43:13 UTC 
Writeup at https://xeiaso.net/blog/CVE-2023-36325.

Let's stable 2.3.0 immediately.
Comment 1 tharvik 2024-08-03 12:13:51 UTC 
this has been fixed for a while now, can we close it?
Comment 2 Hans de Graaff gentoo-dev Security 2024-08-04 06:57:47 UTC 
(In reply to tharvik from comment #1)
> this has been fixed for a while now, can we close it?

No, this still needs a decision on whether we want to issue a GLSA (and yes, we have a large backlog here).