Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 638420 (CVE-2017-1000215) - <net-libs/xrootd-4.8.3: Shell command injection vulnerability
Summary: <net-libs/xrootd-4.8.3: Shell command injection vulnerability
Alias: CVE-2017-1000215
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa+ cve]
Depends on:
Reported: 2017-11-22 03:27 UTC by GLSAMaker/CVETool Bot
Modified: 2019-03-14 01:36 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-11-22 03:27:17 UTC
CVE-2017-1000215 (
  ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated
  shell command injection resulting in remote code execution
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-22 03:29:33 UTC
@Maintainers please call for stabilization when ready.

Thank you
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-12-04 22:09:08 UTC
@arches, please stabilize.
Comment 3 Agostino Sarubbo gentoo-dev 2018-12-05 09:38:31 UTC
amd64 stable
Comment 4 Thomas Deutschmann gentoo-dev Security 2018-12-07 02:43:52 UTC
x86 stable
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2019-03-10 02:02:39 UTC
Arches and Maintainer(s), Thank you for your work.
New GLSA Request filed.
Comment 6 Guilherme Amadio gentoo-dev 2019-03-13 13:48:22 UTC
Since xrootd-4.8.3 is now stable, I dropped earlier versions from the tree and bumped unstable to 4.9.0.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2019-03-14 01:36:49 UTC
This issue was resolved and addressed in
 GLSA 201903-11 at
by GLSA coordinator Aaron Bauman (b-man).