CVE-2017-8368 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-8368): Sublime Text 3 Build 3126 might allow user-assisted attackers to execute code via a crafted .mkv file. One threat model is a victim who obtains an untrusted crafted file from a remote location and issues several user-defined commands, as demonstrated by Ctrl-A, Delete, and Ctrl-Z.
@Maintainer please let us know when tree is clean. Thank you
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6ceeca83d1b38890cba5030b27c3bc8c91e36e2a commit 6ceeca83d1b38890cba5030b27c3bc8c91e36e2a Author: David Seifert <soap@gentoo.org> AuthorDate: 2017-12-25 19:21:01 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2017-12-25 19:21:01 +0000 app-editors/sublime-text: Remove vulnerable versions Bug: https://bugs.gentoo.org/635972 Package-Manager: Portage-2.3.19, Repoman-2.3.6 app-editors/sublime-text/Manifest | 4 -- .../sublime-text/sublime-text-2.0.2-r2.ebuild | 62 --------------------- .../sublime-text/sublime-text-3_pre3126-r3.ebuild | 64 ---------------------- 3 files changed, 130 deletions(-)}
@Sec, you can proceed.
thank you. GLSA Vote: No