Description: "Zim creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service." Patch: https://github.com/mssalvatore/zim-desktop-wiki/commit/745bb80f081ee99569df57be30ed17e666510040
0.73 has not yet been released (so not in tree/ready for stabilisation).
(In reply to Sam James (sam_c) (security padawan) from comment #1) > 0.73 has not yet been released (so not in tree/ready for stabilisation). Are you guys still doing that?
(In reply to Jeroen Roovers from comment #2) > (In reply to Sam James (sam_c) (security padawan) from comment #1) > > 0.73 has not yet been released (so not in tree/ready for stabilisation). > > Are you guys still doing that? Yeah, I didn't realise at first, the reason is because it's easier to make the GLSAs if we know the exact first fixed version in tree. If the first fixed release in tree isn't the first fixed release by upstream, it can be confusing. https://wiki.gentoo.org/wiki/Project:Security/GLSA_Coordinator_Guide#Bug_summary_rules
@maintainer(s), please build to 0.73.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e6c3702878aea7ea47f50e6adfe1d6a8696a4cec commit e6c3702878aea7ea47f50e6adfe1d6a8696a4cec Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-06-08 09:07:33 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-06-08 09:07:57 +0000 x11-misc/zim: Version 0.73.0 Package-Manager: Portage-2.3.100, Repoman-2.3.22 Bug: https://bugs.gentoo.org/714102 Signed-off-by: Jeroen Roovers <jer@gentoo.org> x11-misc/zim/Manifest | 1 + x11-misc/zim/zim-0.73.0.ebuild | 79 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+)
0.73.1 fixes a regression, so I guess that is the stable target: https://github.com/zim-desktop-wiki/zim-desktop-wiki/compare/0.73.0...0.73.1 No open bugs, so if no objections, I'll CC arches.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2ce030ef9aedc304ab3f27a55b0d9b5e008847a0 commit 2ce030ef9aedc304ab3f27a55b0d9b5e008847a0 Author: Jeroen Roovers <jer@gentoo.org> AuthorDate: 2020-07-05 14:42:10 +0000 Commit: Jeroen Roovers <jer@gentoo.org> CommitDate: 2020-07-05 14:42:38 +0000 x11-misc/zim: Old Package-Manager: Portage-2.3.103, Repoman-2.3.23 Bug: https://bugs.gentoo.org/show_bug.cgi?id=714102 Signed-off-by: Jeroen Roovers <jer@gentoo.org> x11-misc/zim/Manifest | 2 - x11-misc/zim/zim-0.72.1-r2.ebuild | 79 --------------------------------------- x11-misc/zim/zim-0.73.0.ebuild | 79 --------------------------------------- 3 files changed, 160 deletions(-)
GLSA vote: no. Tree is clean, closing.
