787440 – dev-ada/gnat-suite-bin: Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619)

Bug 787440 - dev-ada/gnat-suite-bin: Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP (CVE-2020-27619)

Summary: dev-ada/gnat-suite-bin: Lib/test/multibytecodec_support.py CJK codec tests ca...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa+]
Keywords:

Depends on:
Blocks:	CVE-2020-27619
	Show dependency tree

Reported:	2021-05-01 15:35 UTC by Thomas Deutschmann (RETIRED)
Modified:	2024-02-03 06:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2021-05-01 15:35:57 UTC

Package installs /opt/gnat-suite-bin-2019/share/gdb-8.3/python-2.7.16/lib/python2.7/test/multibytecodec_support.py which is affected by CVE-2020-27619.

Comment 1 Larry the Git Cow gentoo-dev

2021-06-05 14:28:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6e8fd3ebda32aef9aaed26ecb302efe51d03b325

commit 6e8fd3ebda32aef9aaed26ecb302efe51d03b325
Author:     Alfredo Tupone <tupone@gentoo.org>
AuthorDate: 2021-06-05 14:28:11 +0000
Commit:     Alfredo Tupone <tupone@gentoo.org>
CommitDate: 2021-06-05 14:28:38 +0000

    dev-ada/gnat-suite-bin: remove 2019 version affected by CVE-2020-27619
    
    Bug: https://bugs.gentoo.org/787440
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Alfredo Tupone <tupone@gentoo.org>

 dev-ada/gnat-suite-bin/Manifest                    |  1 -
 .../gnat-suite-bin/gnat-suite-bin-2019-r1.ebuild   | 89 ----------------------
 2 files changed, 90 deletions(-)

Comment 2 NATTkA bot gentoo-dev

2021-07-29 17:22:36 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 3 NATTkA bot gentoo-dev

2021-07-29 17:30:52 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 4 NATTkA bot gentoo-dev

2021-07-29 17:38:49 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 5 NATTkA bot gentoo-dev

2021-07-29 17:46:58 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 6 NATTkA bot gentoo-dev

2021-07-29 18:02:56 UTC Comment hidden (obsolete)

Package list is empty or all packages have requested keywords.

Comment 7 NATTkA bot gentoo-dev

2021-07-29 18:11:14 UTC

Package list is empty or all packages have requested keywords.

Comment 8 Tupone Alfredo gentoo-dev

2021-09-19 15:32:37 UTC

package dropped

Comment 9 Larry the Git Cow gentoo-dev

2024-02-03 06:23:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4bd30954584e9a5a2a176bb42e4565cb0e30c40e

commit 4bd30954584e9a5a2a176bb42e4565cb0e30c40e
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-02-03 06:20:11 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2024-02-03 06:23:21 +0000

    [ GLSA 202402-04 ] GNAT Ada Suite: Remote Code Execution
    
    Bug: https://bugs.gentoo.org/787440
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202402-04.xml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)