698224 – dev-python/astropy: the bundled CFITSIO library before 3.430 has critical security vulnerability

Bug 698224 - dev-python/astropy: the bundled CFITSIO library before 3.430 has critical security vulnerability

Summary: dev-python/astropy: the bundled CFITSIO library before 3.430 has critical sec...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/astropy/astropy/pu...
Whiteboard:	B3 [ebuild/stable?]
Keywords:

Depends on:
Blocks:

Reported:	2019-10-21 18:34 UTC by D'juan McDonald (domhnall)
Modified:	2019-10-26 15:10 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2018-3846, CVE-2018-3847, CVE-2018-3848, CVE-2018-3849
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description D'juan McDonald (domhnall) 2019-10-21 18:34:32 UTC

Astropy is a community-driven package intended to contain much of the core functionality and some common tools needed for performing astronomy and astrophysics with Python.

Unclear vulnerabilities found in CFITSIO has prompted update advisories in the 3.X and 2.X releases of astropy. Please SEE $URL for details.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2019-10-26 15:10:30 UTC

Closing as invalid: Packages in Gentoo repository (1.2.1,1.3.3,2.0.1) do NOT contain cfitsio lib.