CVE-2020-25201 (https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020): HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. CVE-2020-28053 (https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020): HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. Maintainers, please bump to 1.8.6.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fcf94bbf2e99774861de3e27ae4ac92f9b8de7f commit 5fcf94bbf2e99774861de3e27ae4ac92f9b8de7f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-12-19 08:14:20 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-12-19 08:24:21 +0000 app-admin/consul: Bump to version 1.8.7 Bug: https://bugs.gentoo.org/760696 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 59 +++ app-admin/consul/consul-1.8.7.ebuild | 796 +++++++++++++++++++++++++++++++++++ 2 files changed, 855 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09469b1f873917d11661b27607091579fe0609ba commit 09469b1f873917d11661b27607091579fe0609ba Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-12-19 07:59:19 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-12-19 08:24:21 +0000 app-admin/consul: Bump to version 1.7.11 Bug: https://bugs.gentoo.org/760696 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.7.11.ebuild | 581 ++++++++++++++++++++++++++++++++++ 2 files changed, 582 insertions(+)
Thank you! Please stabilize when ready.
Any reason that this stabilization is blocked?
amd64 done all arches done
Please clenaup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bf7b30eb245c703414f3013c1fad8e3035faef8 commit 7bf7b30eb245c703414f3013c1fad8e3035faef8 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-04-02 19:41:44 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-04-02 19:42:09 +0000 app-admin/consul: Remove old and vulnerable versions Bug: https://bugs.gentoo.org/760696 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 24 -- app-admin/consul/consul-1.7.4.ebuild | 514 ---------------------- app-admin/consul/consul-1.8.7.ebuild | 796 ----------------------------------- app-admin/consul/consul-1.9.1.ebuild | 775 ---------------------------------- 4 files changed, 2109 deletions(-)
Thanks!
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
GLSA released, all done!
