* CVE-2020-16250 Description: "HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1" * CVE-2020-16251 Description: "HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1."
Please bump to 1.4.4, 1.5.1.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6baa401912ce4ec8fff9722123003b50c256cebf commit 6baa401912ce4ec8fff9722123003b50c256cebf Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-08-27 21:51:11 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-08-27 22:01:51 +0000 app-admin/vault: Bump to version 1.5.2 Bug: https://bugs.gentoo.org/739264 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.5.2.ebuild | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06a7fb42c45291cd124c4e818b4c2067c3f86e8b commit 06a7fb42c45291cd124c4e818b4c2067c3f86e8b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-08-27 21:39:32 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-08-27 22:01:51 +0000 app-admin/vault: Bump to version 1.4.5 Bug: https://bugs.gentoo.org/739264 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.4.5.ebuild | 77 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+)
Thanks! Please stable when ready.
amd64 stable. Maintainer(s), please cleanup. Security, please vote.
Resetting sanity check; keywords are not fully specified and arches are not CC-ed.
Unable to check for sanity: > no match for package: app-admin/vault-1.4.5
GLSA vote: no
