Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 702514 (CVE-2019-18345, CVE-2019-18346, CVE-2019-18347) - <www-apps/davical-1.1.9.1 - three vulnerabilities
Summary: <www-apps/davical-1.1.9.1 - three vulnerabilities
Status: CONFIRMED
Alias: CVE-2019-18345, CVE-2019-18346, CVE-2019-18347
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: PullRequest
Depends on:
Blocks:
 
Reported: 2019-12-11 07:08 UTC by Jeroen Roovers
Modified: 2019-12-12 17:53 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2019-12-11 07:08:20 UTC
CVE-2019-18345 — Reflected Cross-Site Scripting
CVE-2019-18346 — Cross-Site Request Forgery
CVE-2019-18347 — (this advisory) Persistent Cross-Site Scripting
Comment 1 Larry the Git Cow gentoo-dev 2019-12-12 17:53:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1bdaf4d2d4310bb4ff3455d9f3c0c062437252a0

commit 1bdaf4d2d4310bb4ff3455d9f3c0c062437252a0
Author:     Till Schäfer <till2.schaefer@uni-dortmund.de>
AuthorDate: 2019-12-12 15:44:34 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2019-12-12 17:53:34 +0000

    www-apps/davical: remove vulnerable versions
    
    Bug: https://bugs.gentoo.org/702514
    Package-Manager: Portage-2.3.79, Repoman-2.3.16
    Signed-off-by: Till Schäfer <till2.schaefer@uni-dortmund.de>
    Closes: https://github.com/gentoo/gentoo/pull/13956
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-apps/davical/Manifest                          |  2 -
 www-apps/davical/davical-1.1.7-r2.ebuild           | 72 ----------------------
 www-apps/davical/davical-1.1.8.ebuild              | 70 ---------------------
 ...davical-1.1.7-fix_php4_style_constructors.patch | 39 ------------
 4 files changed, 183 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=aea06c8894b23d176eb59456cc31f28376d507af

commit aea06c8894b23d176eb59456cc31f28376d507af
Author:     Till Schäfer <till2.schaefer@uni-dortmund.de>
AuthorDate: 2019-12-12 15:38:44 +0000
Commit:     Joonas Niilola <juippis@gentoo.org>
CommitDate: 2019-12-12 17:53:33 +0000

    www-apps/davical: bump to 1.1.9.2
    
    Bug: https://bugs.gentoo.org/702514
    Package-Manager: Portage-2.3.79, Repoman-2.3.16
    Signed-off-by: Till Schäfer <till2.schaefer@uni-dortmund.de>
    Signed-off-by: Joonas Niilola <juippis@gentoo.org>

 www-apps/davical/Manifest               |  1 +
 www-apps/davical/davical-1.1.9.2.ebuild | 70 +++++++++++++++++++++++++++++++++
 2 files changed, 71 insertions(+)