A vulnerability in tqdm could allow remote attackers to execute arbitrary code.
|Package||dev-python/tqdm on all architectures|
|Affected versions||< 4.23.3|
|Unaffected versions||>= 4.23.3|
tqdm is a smart progress meter.
A vulnerablility was discovered in tqdm._version that could allow a malicious git log within the current working directory.
A remote attacker could execute arbitrary commands by enticing a user to clone a crafted repo.
There is no known workaround at this time.
All tqdm users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-python/tqdm-4.23.3"
July 18, 2018
July 18, 2018: 1