Summary: | net-misc/croc: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | IN_PROGRESS --- | ||
Severity: | trivial | CC: | ajak, maintainer-needed, proxy-maint, zappel |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.openwall.com/lists/oss-security/2023/09/08/2 | ||
See Also: | https://github.com/gentoo/gentoo/pull/35336 | ||
Whiteboard: | ~2 [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2023-11-23 17:58:03 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78152d7c1255762e7a7623de16bee644f4aae414 commit 78152d7c1255762e7a7623de16bee644f4aae414 Author: Armas Spann <zappel@simple-co.de> AuthorDate: 2024-01-31 14:48:31 +0000 Commit: Maciej Barć <xgqt@gentoo.org> CommitDate: 2024-02-01 10:10:14 +0000 net-misc/croc: drop 9.6.2, 9.6.4 Bug: https://bugs.gentoo.org/918091 Closes: https://bugs.gentoo.org/893980 Signed-off-by: Armas Spann <zappel@simple-co.de> Closes: https://github.com/gentoo/gentoo/pull/35115 Signed-off-by: Maciej Barć <xgqt@gentoo.org> net-misc/croc/Manifest | 4 ---- net-misc/croc/croc-9.6.2.ebuild | 50 ----------------------------------------- net-misc/croc/croc-9.6.4.ebuild | 50 ----------------------------------------- 3 files changed, 104 deletions(-) I applogize for my late response on this - But I think we need to "partially" re-open this ticket. As I've updated croc to version 9.6.6 - but none of the bugs mentioned in here are yet closed, see: https://github.com/schollz/croc/issues/593 - open (requested CVE update/clarification for 9.6.6) https://github.com/schollz/croc/issues/594 - open (requested CVE update/clarification for 9.6.6) https://github.com/schollz/croc/issues/595 - open (requested CVE update/clarification for 9.6.6) https://github.com/schollz/croc/issues/598 - open (requested CVE update/clarification for 9.6.6) https://github.com/schollz/croc/issues/596 - open: changed from "bug" to enhancement https://github.com/schollz/croc/issues/597 - open: changed from "bug" to enhancement From my PoV two of them were lowerd to beeing a "feature" instead a vulnerability, whilst the other 4 are still unfixed. Please let me know how we should proceed. > I applogize for my late response on this - But I think we need to "partially" re-open this ticket.
Thanks for noticing! We'll keep this open until they're fixed, or we can split unfixed bugs into another bug once some of them are fixed in-tree.
Thanks for your reply. I just saw the updates from 9.6.7 - 9.6.9 flew by since last week. I'll take care to update the ebuild as soon as possible and will inform you if they fixed it. I have updated the summary version to reflect that we don't have a version in the repository where all vulnerabilities are fixed yet. |