This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
<glsaid="201812-08">
<title>Scala: Privilege escalation</title>
<synopsis>A vulnerability in Scala could result in privilege escalation.</synopsis>
<producttype="ebuild">scala</product>
<announced>2018-12-15</announced>
<revisedcount="1">2018-12-15</revised>
<bug>637940</bug>
<access>local</access>
<affected>
<packagename="dev-lang/scala"auto="yes"arch="*">
<unaffectedrange="ge">2.12.4</unaffected>
<vulnerablerange="lt">2.12.4</vulnerable>
</package>
</affected>
<background>
<p>Scala combines object-oriented and functional programming in one
concise, high-level language.
</p>
</background>
<description>
<p>It was discovered that Scala’s compilation daemon does not properly
manage permissions for private files.
</p>
</description>
<impacttype="normal">
<p>A local attacker could escalate privileges.</p>
</impact>
<workaround>
<p>There is no known workaround at this time.</p>
</workaround>
<resolution>
<p>All Scala users should upgrade to the latest version:</p>