CVE-2016-10075 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-10075): The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local users to execute arbitrary code via a crafted repo with a malicious git log in the current working directory.
@Maintainer please call for stabilization when a fixed version is available. Thank you
amd64 stable
x86 stable
GLSA request filed @maintainer(s), please clean.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0533e6d1bf1a12c1b26d94af77ad23067a18a2ae commit 0533e6d1bf1a12c1b26d94af77ad23067a18a2ae Author: Mikle Kolyada <zlogene@gentoo.org> AuthorDate: 2018-07-11 13:16:54 +0000 Commit: Mikle Kolyada <zlogene@gentoo.org> CommitDate: 2018-07-11 13:16:54 +0000 dev-python/tqdm: Drop old Bug: https://bugs.gentoo.org/636384 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-python/tqdm/Manifest | 1 - dev-python/tqdm/tqdm-4.10.0.ebuild | 20 -------------------- 2 files changed, 21 deletions(-)
This issue was resolved and addressed in GLSA 201807-01 at https://security.gentoo.org/glsa/201807-01 by GLSA coordinator Aaron Bauman (b-man).