948834 – app-crypt/veracrypt-1.26.20 version bump

Bug 948834 - app-crypt/veracrypt-1.26.20 version bump

Summary: app-crypt/veracrypt-1.26.20 version bump

Status:	UNCONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2025-01-25 20:37 UTC by Frank Krömmelbein
Modified:	2025-04-26 16:36 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frank Krömmelbein 2025-01-25 20:37:15 UTC

Fixes also 2 security issues:
CVE-2024-54187: Added absolute paths when executing system binaries to prevent path hijacking (collaboration with SivertPL @__tfr)
CVE-2025-23021: Prevent mounting volumes on system directories and PATH (reported by SivertPL @__tfr)

https://www.veracrypt.fr/en/Release%20Notes.html


Reproducible: Always

Comment 1 Frank Krömmelbein 2025-02-08 23:33:43 UTC

1.26.20 was released on February 3rd, 2025 with a few more fixes.

Comment 2 Frank Krömmelbein 2025-04-13 18:15:48 UTC

Ping.