| Summary: | <app-admin/vault-{1.5.9,1.6.5,1.7.3}: incorrect token expiration (CVE-2021-32923) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | zmedico |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://discuss.hashicorp.com/t/hcsec-2021-15-vault-renewed-nearly-expired-leases-with-incorrect-non-expiring-ttls/24603 | ||
| Whiteboard: | B4 [glsa+] | ||
| Package list: |
app-admin/vault-1.5.9
|
Runtime testing required: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 768312 | ||
|
Description
John Helmert III
2021-06-21 00:42:37 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ac25ddf461c172ba4d9621be08a76106dc66bb0a commit ac25ddf461c172ba4d9621be08a76106dc66bb0a Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-06-21 02:10:16 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-06-21 02:18:36 +0000 app-admin/vault: Bump to version 1.6.5 Bug: https://bugs.gentoo.org/797244 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 4 ++-- app-admin/vault/{vault-1.6.3.ebuild => vault-1.6.5.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5922a1dcfd112a6afbc0e2959f229d887534e81b commit 5922a1dcfd112a6afbc0e2959f229d887534e81b Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-06-21 01:42:53 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-06-21 02:07:09 +0000 app-admin/vault: Bump to version 1.5.9 Bug: https://bugs.gentoo.org/797244 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 4 ++-- app-admin/vault/{vault-1.5.7.ebuild => vault-1.5.9.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-) Thank you! Please stabilize when ready The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0c5e6e9773bf8f60cd469d13e6f0f25257ad9239 commit 0c5e6e9773bf8f60cd469d13e6f0f25257ad9239 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-06-21 02:39:13 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-06-21 02:43:05 +0000 app-admin/vault: Bump to version 1.7.3 Bug: https://bugs.gentoo.org/797244 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 4 ++-- app-admin/vault/{vault-1.7.0.ebuild => vault-1.7.3.ebuild} | 0 2 files changed, 2 insertions(+), 2 deletions(-) Ping The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=423e045bb65e7795f4e6e0354d15f43958186251 commit 423e045bb65e7795f4e6e0354d15f43958186251 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-25 02:24:48 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-25 02:28:29 +0000 app-admin/vault: Remove vulnerable version 1.5.6 Bug: https://bugs.gentoo.org/797244 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 - app-admin/vault/vault-1.5.6.ebuild | 78 -------------------------------------- 2 files changed, 80 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b4d30d5292d7a081b2a70ab9ad07888fa898de8 commit 8b4d30d5292d7a081b2a70ab9ad07888fa898de8 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-07-25 02:23:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-07-25 02:28:27 +0000 app-admin/vault: stabilize 1.5.9 Bug: https://bugs.gentoo.org/797244 Package-Manager: Portage-3.0.20, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/vault-1.5.9.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks! amd64 stable. Maintainer(s), please cleanup. Security, please vote. Unable to check for sanity:
> no match for package: app-admin/vault-1.5.9
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=254c716d0dd35a6846f281fd4a3eaf970dc0bede commit 254c716d0dd35a6846f281fd4a3eaf970dc0bede Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-07-29 21:22:59 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-01 18:05:08 +0000 [ GLSA-202207-01 ] HashiCorp Vault: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/768312 Bug: https://bugs.gentoo.org/797244 Bug: https://bugs.gentoo.org/808093 Bug: https://bugs.gentoo.org/817269 Bug: https://bugs.gentoo.org/827945 Bug: https://bugs.gentoo.org/829493 Bug: https://bugs.gentoo.org/835070 Bug: https://bugs.gentoo.org/845405 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202207-01.xml | 61 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) GLSA released, all done! |