Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 881437 (CVE-2022-3920)

Summary: <app-admin/consul-1.14.0: peer data ACL circumvention (?)
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: ultrabug, zmedico
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/hashicorp/consul/pull/15356
Whiteboard: B4 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-15 22:36:30 UTC 
CVE's not public but issue at URL. Please bump to 1.14.0.

Feel free to make the summary more clear, I don't really understand
the issue.
Comment 1 Larry the Git Cow gentoo-dev 2022-11-16 01:57:07 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18eb099a6d644791ae88b936aaeaeda8020e0623

commit 18eb099a6d644791ae88b936aaeaeda8020e0623
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-11-16 01:55:35 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-11-16 01:56:22 +0000

    app-admin/consul: add 1.14.0
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/Manifest             |  1 +
 app-admin/consul/consul-1.14.0.ebuild | 57 +++++++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-16 15:12:08 UTC 
Thanks! Please stabilize when ready.

And by the way, no need to wait upon a request in a security bug to stabilize and cleanup, feel free to do so as you see fit for security bugs.
Comment 3 Larry the Git Cow gentoo-dev 2022-12-14 01:09:50 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=874fee4b7feeb88dfd8fc29c37cf2f8d7ab08b01

commit 874fee4b7feeb88dfd8fc29c37cf2f8d7ab08b01
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-14 01:09:14 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-14 01:09:30 +0000

    app-admin/consul: drop 1.12.5, 1.12.6, 1.13.3, 1.14.0, 1.14.1
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/Manifest             |  7 -----
 app-admin/consul/consul-1.12.5.ebuild | 51 -------------------------------
 app-admin/consul/consul-1.12.6.ebuild | 51 -------------------------------
 app-admin/consul/consul-1.13.3.ebuild | 56 ----------------------------------
 app-admin/consul/consul-1.14.0.ebuild | 57 -----------------------------------
 app-admin/consul/consul-1.14.1.ebuild | 57 -----------------------------------
 6 files changed, 279 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=584410a4068112aad8e4966bb789ce9b0cab6972

commit 584410a4068112aad8e4966bb789ce9b0cab6972
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2022-12-14 01:06:16 +0000
Commit:     Zac Medico <zmedico@gentoo.org>
CommitDate: 2022-12-14 01:06:21 +0000

    app-admin/consul: stabilize 1.14.2 for amd64
    
    Bug: https://bugs.gentoo.org/881437
    Signed-off-by: Zac Medico <zmedico@gentoo.org>

 app-admin/consul/consul-1.14.2.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-12-14 02:06:14 UTC 
Thanks! Tree is clean, no GLSA, all done.