Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 715214 (CVE-2018-21246)

Summary: www-servers/caddy: Possible TLS client auth bypass (CVE-2018-21246)
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: maintainer-needed
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/caddyserver/caddy/pull/2099
Whiteboard: B4 [noglsa cve]
Package list:
Runtime testing required: ---

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-29 02:10:43 UTC 
From the changelog [0]:
"tls: StrictHostMatching mode to prevent client auth bypass"

[0] https://github.com/caddyserver/caddy/releases/tag/v0.10.13
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-18 21:03:14 UTC 
Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06dda2863c91c8ec869b3bd62cd23c71b8bbc72b.

GLSA vote: no!

Closing.