CVE-2019-10751 (https://nvd.nist.gov/vuln/detail/CVE-2019-10751): All versions of the HTTPie package prior to version 1.0.3 are vulnerable to Open Redirect that allows an attacker to write an arbitrary file with supplied filename and content to the current directory, by redirecting a request from HTTP to a crafted URL pointing to a server in his or hers control.
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
> Maintainer(s), please cleanup. Cleanup will be done once the attached pull request is merged by either proxy-maint or the security team.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a609fc4607b39c0b6634724e30abf7a59e57cff commit 4a609fc4607b39c0b6634724e30abf7a59e57cff Author: Ralph Seichter <github@seichter.de> AuthorDate: 2019-12-02 23:20:43 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2019-12-03 14:17:18 +0000 net-misc/httpie: Remove vulnerable ebuild Closes: https://bugs.gentoo.org/701832 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Ralph Seichter <gentoo@seichter.de> Bug: https://github.com/gentoo/gentoo/pull/13844 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/httpie/Manifest | 1 - net-misc/httpie/httpie-1.0.2-r1.ebuild | 43 ---------------------------------- 2 files changed, 44 deletions(-)
Woops.
GLSA Vote: No Repository is clean, all done!