From $URL: The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. CVE Details:https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11610
@security, I'm noting the possible fixed version in tree as 3.1.4, however it's unclear atm if same vulnerability applies to package or not, so im reporting because it's a new CVE.
$Update: @security, fixes were applied for exact cve on (2017-07-24) as noted here: https://github.com/Supervisor/supervisor/blob/3.1.4/CHANGES.txt Also, this report may be a duplicate of: https://bugs.gentoo.org/show_bug.cgi?id=626100 please follow procedure to close on report, thank you. Daj'Uan (mbailey_j) Gentoo Security Scout
*** This bug has been marked as a duplicate of bug 626100 ***