Summary: | <sys-auth/pam_u2f-1.1.1: Local PIN bypass (CVE-2021-31924) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gokturk |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.yubico.com/support/security-advisories/ysa-2021-03/ | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
sys-auth/pam_u2f-1.1.1
|
Runtime testing required: | --- |
Description
Sam James
2021-05-26 16:46:19 UTC
Please bump to 1.1.1. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=61975a03862b41f57868867e8aeec85643aa4c94 commit 61975a03862b41f57868867e8aeec85643aa4c94 Author: David Seifert <soap@gentoo.org> AuthorDate: 2021-06-01 18:26:45 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2021-06-01 18:26:45 +0000 sys-auth/pam_u2f: add 1.1.1 Bug: https://bugs.gentoo.org/792270 Signed-off-by: David Seifert <soap@gentoo.org> sys-auth/pam_u2f/Manifest | 1 + sys-auth/pam_u2f/pam_u2f-1.1.1.ebuild | 39 +++++++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+) Ready? I'll CC arches if no objections? amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1244305b9284cf3cf0527fdac223920a5de8fde9 commit 1244305b9284cf3cf0527fdac223920a5de8fde9 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2021-07-25 20:33:06 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2021-07-26 03:12:43 +0000 sys-auth/pam_u2f: drop 1.1.0 Bug: https://bugs.gentoo.org/792270 Signed-off-by: John Helmert III <ajak@gentoo.org> sys-auth/pam_u2f/Manifest | 1 - .../pam_u2f/files/pam_u2f-1.0.2-fix-Makefile.patch | 13 ------- .../files/pam_u2f-1.1.0-include-limits_h.patch | 41 ---------------------- sys-auth/pam_u2f/pam_u2f-1.1.0.ebuild | 37 ------------------- 4 files changed, 92 deletions(-) GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=32b3e4980186cdbe7f79d215b0fea80008a41a94 commit 32b3e4980186cdbe7f79d215b0fea80008a41a94 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:32 +0000 [ GLSA 202208-11 ] Yubico pam-u2f: Local PIN Bypass vulnerability Bug: https://bugs.gentoo.org/792270 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-11.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) GLSA released, all done! |