""" Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET Core 3.1, and NuGet clients (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0) where a nuget.org credential could be leaked. """
@dotnet: could you give us the first fixed versions in gentoo for each of the relevant dotnet sdk pkgs? thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=15253e35bb941ccae9ac5c9f0201599ed1bd9167 commit 15253e35bb941ccae9ac5c9f0201599ed1bd9167 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-06-17 02:18:07 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-06-17 02:18:07 +0000 dev-lang/mono: add 6.12.0.182 Bug: https://bugs.gentoo.org/908612 Signed-off-by: Sam James <sam@gentoo.org> dev-lang/mono/Manifest | 1 + dev-lang/mono/mono-6.12.0.182.ebuild | 122 +++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+)
- dev-dotnet/dotnet-sdk-bin-3.1.423-r4 affected, has NuGet 5.7.2.7 - dev-dotnet/dotnet-sdk-bin-5.0.408-r4 affected, has NuGet 5.11.1.5 Others unaffected.