Opened 6 years ago

Closed 5 years ago

#865 closed defect (worksforme)

Pebble vulns

Reported by: dg Owned by:
Priority: minor Milestone:
Component: apps/plugins Version: 0.9.4
Keywords: Cc: dg2@…
Parent Tickets:

Description

It has come to my attention that there are several vulnerabilities in the version of Pebble on plugins.i2p(2.4-v5-b31).

Two CVEs affect the current 2.4-v5-b31 revision of Pebble on the plugins site:
CVE-2012-5170: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5170
CVE-2012-4023: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4023

I'd have kept it on the down low but it's publicly known and it's been openly announced on I2P in addition to clearnet.

Subtickets

Change History (4)

comment:1 Changed 6 years ago by dg

  • Cc dg2@… added

comment:2 Changed 6 years ago by guest

  • Priority changed from major to minor

comment:3 Changed 6 years ago by zzz

  • Milestone 0.9.5 deleted

I won't have any time to update it to the latest 2.6.x version for quite a while. I'm not sure if anybody is currently using this plugin. If you are, you should review the CVEs carefully to see if they affect you. If somebody else would like to work on the plugin, please do.

Leaving as minor on the assumption that nobody is using this plugin atm.

comment:4 Changed 5 years ago by dg

  • Resolution set to worksforme
  • Status changed from new to closed

kytv added a warning to his site.

Note: See TracTickets for help on using tickets.