Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 705962 (CVE-2020-5202) - net-misc/apt-cacher-ng - possible credentials leak when "AdminAuth" is enabled in /etc/apt-cacher-ng/security.conf
Summary: net-misc/apt-cacher-ng - possible credentials leak when "AdminAuth" is enable...
Status: CONFIRMED
Alias: CVE-2020-5202
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://security-tracker.debian.org/t...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-01-20 15:31 UTC by Jeroen Roovers
Modified: 2020-01-20 15:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jeroen Roovers gentoo-dev 2020-01-20 15:31:54 UTC
CVE-2020-5202 is reserved but details are available on the oss-security ml.
Comment 1 Jeroen Roovers gentoo-dev 2020-01-20 15:33:31 UTC
According to the [URL] <net-misc/apt-cacher-ng-3.3.1_p2 are vulnerable.
Comment 2 Jeroen Roovers gentoo-dev 2020-01-20 15:38:48 UTC
The changes in Debian patch level 2 concern mostly the runtime configuration files which the ebuilds do not install. Upstream is working toward[0] more general changes to mitigate the issue. I guess we'll have to wait for an official release.


[0] https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc
Comment 3 Jeroen Roovers gentoo-dev 2020-01-20 15:49:11 UTC
um, like that