CVE-2022-41316: HashiCorp Vault and Vault Enterprise’s TLS certificate auth method did not initially load the optionally configured CRL issued by the role's CA into memory on startup, resulting in the revocation list not being checked if the CRL has not yet been retrieved. Fixed in 1.12.0, 1.11.4, 1.10.7, and 1.9.10. Please stabilize 1.10.7 or a newer fixed version.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c082af2a5813ae35ff992336c03777ddf81e18e9 commit c082af2a5813ae35ff992336c03777ddf81e18e9 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-10-13 16:56:51 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-10-13 16:57:05 +0000 app-admin/vault: drop 1.10.6, 1.11.3 Bug: https://bugs.gentoo.org/876909 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 4 -- app-admin/vault/vault-1.10.6.ebuild | 85 ------------------------------------ app-admin/vault/vault-1.11.3.ebuild | 86 ------------------------------------- 3 files changed, 175 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5926052fadf65161fa781e1c2bb3535d710e0442 commit 5926052fadf65161fa781e1c2bb3535d710e0442 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-10-13 16:55:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-10-13 16:56:02 +0000 app-admin/vault: stabilize 1.10.7 for amd64 Bug: https://bugs.gentoo.org/876909 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/vault-1.10.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks!
