CVE-2020-11054 (https://nvd.nist.gov/vuln/detail/CVE-2020-11054): ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
@maintainer(s), please bump. Description: "After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false which is not recommended), this could still provide a false sense of security."
Hello, I am in process of bumping to 1.11.1 which fix the CVE according to the security page. I think I need to drop or mask the older version right ?
(In reply to Guillaume Seren from comment #2) > Hello, > I am in process of bumping to 1.11.1 which fix the CVE according to the > security page. > I think I need to drop or mask the older version right ? Yep, a bump to 1.11.1 is needed. After that (include the Bug: tag in your commit so we see it, but not Closes:), we'll ask you to cleanup (drop older versions), but given this is not a stable package, you are welcome to immediately cleanup in the same PR. Don't bother with a mask unless there is some specific reason that a package depends on it.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=588ffb8d4796db8219d338489fcae4a66c72b8c1 commit 588ffb8d4796db8219d338489fcae4a66c72b8c1 Author: Guillaume Seren <guillaumeseren@gmail.com> AuthorDate: 2020-05-08 22:47:39 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-05-12 13:57:07 +0000 www-client/qutebrowser: Drop old versions Package-Manager: Portage-2.3.99, Repoman-2.3.22 Closes: https://bugs.gentoo.org/721544 Bug: https://bugs.gentoo.org/721564 Signed-off-by: Guillaume Seren <guillaumeseren@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/15690 Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/qutebrowser/Manifest | 2 - www-client/qutebrowser/qutebrowser-1.10.1.ebuild | 78 ------------------------ www-client/qutebrowser/qutebrowser-1.8.3.ebuild | 77 ----------------------- 3 files changed, 157 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a74c87075416ecbb5c0c19f3b31e07ec05a60ca2 commit a74c87075416ecbb5c0c19f3b31e07ec05a60ca2 Author: Guillaume Seren <guillaumeseren@gmail.com> AuthorDate: 2020-05-07 20:18:31 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-05-12 13:57:06 +0000 www-client/qutebrowser: Bump 9999 dependencies Closes: https://bugs.gentoo.org/721544 Closes: https://bugs.gentoo.org/718120 Bug: https://bugs.gentoo.org/721564 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Guillaume Seren <guillaumeseren@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/qutebrowser/qutebrowser-9999.ebuild | 26 ++++++++++---------------- 1 file changed, 10 insertions(+), 16 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=14002f67cfb94e73bfd80993331e55ef2b6c14b3 commit 14002f67cfb94e73bfd80993331e55ef2b6c14b3 Author: Guillaume Seren <guillaumeseren@gmail.com> AuthorDate: 2020-05-07 20:13:40 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-05-12 13:57:06 +0000 www-client/qutebrowser: Add version bump 1.11.1 Closes: https://bugs.gentoo.org/721544 Closes: https://bugs.gentoo.org/718120 Bug: https://bugs.gentoo.org/721564 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Guillaume Seren <guillaumeseren@gmail.com> Signed-off-by: Joonas Niilola <juippis@gentoo.org> www-client/qutebrowser/Manifest | 1 + www-client/qutebrowser/qutebrowser-1.11.1.ebuild | 75 ++++++++++++++++++++++++ 2 files changed, 76 insertions(+)
All done. Thank you!