Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 690594 (CVE-2018-11782, CVE-2019-0203) - <dev-vcs/subversion-1.12.2: multiple vulnerabilities (CVE-{2018-11782,2019-0203})
Summary: <dev-vcs/subversion-1.12.2: multiple vulnerabilities (CVE-{2018-11782,2019-02...
Status: RESOLVED FIXED
Alias: CVE-2018-11782, CVE-2019-0203
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://seclists.org/oss-sec/2019/q3/105
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-07-24 15:44 UTC by Thomas Deutschmann (RETIRED)
Modified: 2019-08-12 22:42 UTC (History)
1 user (show)

See Also:
Package list:
dev-vcs/subversion-1.12.2
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2019-07-24 15:44:38 UTC
Incoming details.
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2019-07-24 21:03:42 UTC
Tracking for infra to patch as well once the maintainer is satisfied.
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2019-07-24 21:05:20 UTC
(In reply to Aaron Bauman from comment #1)
> Tracking for infra to patch as well once the maintainer is satisfied.

disregard.
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2019-07-31 23:27:43 UTC
@ maintainer(s): Can we stabilize =dev-vcs/subversion-1.12.2 and cleanup previous version or are you planning to add =dev-vcs/subversion-1.10.5?
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2019-08-01 17:40:35 UTC
arm64 stable
Comment 5 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:38:19 UTC
alpha stable
Comment 6 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:38:39 UTC
arm stable
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:39:14 UTC
amd64 stable
Comment 8 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:39:56 UTC
ia64 stable
Comment 9 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:40:21 UTC
x86 stable
Comment 10 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:40:43 UTC
ppc stable
Comment 11 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:41:02 UTC
ppc64 stable
Comment 12 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-08-02 08:41:25 UTC
sparc stable
Comment 13 Rolf Eike Beer archtester 2019-08-11 09:17:48 UTC
hppa stable
Comment 14 Aaron Bauman (RETIRED) gentoo-dev 2019-08-11 23:02:34 UTC
@maintainer, please drop vulnerable.
Comment 15 Larry the Git Cow gentoo-dev 2019-08-12 07:17:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7a7a627164167509632bcd5b2e782b8a09c358d2

commit 7a7a627164167509632bcd5b2e782b8a09c358d2
Author:     Lars Wendler <polynomial-c@gentoo.org>
AuthorDate: 2019-08-12 07:16:44 +0000
Commit:     Lars Wendler <polynomial-c@gentoo.org>
CommitDate: 2019-08-12 07:17:00 +0000

    dev-vcs/subversion: Security cleanup
    
    Bug: https://bugs.gentoo.org/690594
    Package-Manager: Portage-2.3.71, Repoman-2.3.17
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

 dev-vcs/subversion/Manifest                        |   3 -
 .../files/subversion-1.11.1-allow-apr-1.7.0+.patch |  18 -
 ...subversion-1.9.7-fix-wc-queries-test-test.patch |  26 -
 dev-vcs/subversion/subversion-1.10.4.ebuild        | 532 ---------------------
 dev-vcs/subversion/subversion-1.11.1.ebuild        | 532 ---------------------
 dev-vcs/subversion/subversion-1.12.0.ebuild        | 532 ---------------------
 6 files changed, 1643 deletions(-)