Details in tracker. This package bundles the vulnerable Go package, is the exporter actually vulnerable?
blackbox_exporter-0.21.1 includes exporter-toolkit-0.7.1 and consequently is vulnerable to this issue. Please update to a newer version. The first fixed version appears to be blackbox_exporter-0.23.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=55b6972bdc5a750b114f66086ee5c79d37c32ec1 commit 55b6972bdc5a750b114f66086ee5c79d37c32ec1 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-10-28 21:29:05 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-10-28 21:39:58 +0000 app-metrics/blackbox_exporter: add 0.24.0 Bug: https://bugs.gentoo.org/883651 Signed-off-by: John Helmert III <ajak@gentoo.org> app-metrics/blackbox_exporter/Manifest | 2 + .../blackbox_exporter-0.24.0.ebuild | 55 ++++++++++++++++++++++ 2 files changed, 57 insertions(+)
Remember that we version the atom in the summary only when there's a fixed version in tree.
