881437 – (CVE-2022-3920) <app-admin/consul-1.14.0: peer data ACL circumvention (?)

Bug 881437 (CVE-2022-3920) - <app-admin/consul-1.14.0: peer data ACL circumvention (?)

Summary: <app-admin/consul-1.14.0: peer data ACL circumvention (?)

Status:	RESOLVED FIXED

Alias:	CVE-2022-3920

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://github.com/hashicorp/consul/p...
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2022-11-15 22:36 UTC by John Helmert III
Modified:	2022-12-14 02:06 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2022-11-15 22:36:30 UTC

CVE's not public but issue at URL. Please bump to 1.14.0.

Feel free to make the summary more clear, I don't really understand
the issue.

Comment 1 Larry the Git Cow gentoo-dev

2022-11-16 01:57:07 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18eb099a6d644791ae88b936aaeaeda8020e0623

commit 18eb099a6d644791ae88b936aaeaeda8020e0623
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-11-16 01:55:35 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-11-16 01:56:22 +0000

    app-admin/consul: add 1.14.0
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/Manifest             |  1 +
 app-admin/consul/consul-1.14.0.ebuild | 57 +++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)

Comment 2 John Helmert III archtester

2022-11-16 15:12:08 UTC

Thanks! Please stabilize when ready.

And by the way, no need to wait upon a request in a security bug to stabilize and cleanup, feel free to do so as you see fit for security bugs.

Comment 3 Larry the Git Cow gentoo-dev

2022-12-14 01:09:50 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=874fee4b7feeb88dfd8fc29c37cf2f8d7ab08b01

commit 874fee4b7feeb88dfd8fc29c37cf2f8d7ab08b01
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-14 01:09:14 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-14 01:09:30 +0000

    app-admin/consul: drop 1.12.5, 1.12.6, 1.13.3, 1.14.0, 1.14.1
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/Manifest             |  7 -----
 app-admin/consul/consul-1.12.5.ebuild | 51 -------------------------------
 app-admin/consul/consul-1.12.6.ebuild | 51 -------------------------------
 app-admin/consul/consul-1.13.3.ebuild | 56 ----------------------------------
 app-admin/consul/consul-1.14.0.ebuild | 57 -----------------------------------
 app-admin/consul/consul-1.14.1.ebuild | 57 -----------------------------------
 6 files changed, 279 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=584410a4068112aad8e4966bb789ce9b0cab6972

commit 584410a4068112aad8e4966bb789ce9b0cab6972
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-14 01:06:16 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-14 01:06:21 +0000

    app-admin/consul: stabilize 1.14.2 for amd64
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/consul-1.14.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comment 4 John Helmert III archtester

2022-12-14 02:06:14 UTC

Thanks! Tree is clean, no GLSA, all done.