From the changelogs: Add content-type headers to raw KV responses to prevent XSS attacks CVE-2020-25864 [GH-10023] audit-logging: Parse endpoint URL to prevent requests from bypassing the audit log CVE-2021-28156 Note that CVE-2021-28156 doesn't affect the 1.7 branch, our only stable version. Fixes in 1.7.14, 1.8.10, 1.9.5. Please bump.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fb53fc78d7d478104bec662f45e2f33c3a441886 commit fb53fc78d7d478104bec662f45e2f33c3a441886 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-04-18 05:18:57 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-04-18 05:21:01 +0000 app-admin/consul: Bump to version 1.9.5 Bug: https://bugs.gentoo.org/783483 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 17 + app-admin/consul/consul-1.9.5.ebuild | 782 +++++++++++++++++++++++++++++++++++ 2 files changed, 799 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e1b505adb2dc1a5114cca19fe5f65f796560b555 commit e1b505adb2dc1a5114cca19fe5f65f796560b555 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-04-18 05:10:19 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-04-18 05:21:01 +0000 app-admin/consul: Bump to version 1.8.10 Bug: https://bugs.gentoo.org/783483 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.8.10.ebuild | 801 ++++++++++++++++++++++++++++++++++ 2 files changed, 802 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b70ac5bc462fac9d59ce627f92c131ac6610fd16 commit b70ac5bc462fac9d59ce627f92c131ac6610fd16 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-04-18 05:00:00 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-04-18 05:21:00 +0000 app-admin/consul: Bump to version 1.7.14 Bug: https://bugs.gentoo.org/783483 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 1 + app-admin/consul/consul-1.7.14.ebuild | 586 ++++++++++++++++++++++++++++++++++ 2 files changed, 587 insertions(+)
Thank you! Please proceed with stabling when ready.
Unable to check for sanity: > no match for package: app-admin/consul-1.7.14
Package list is empty or all packages have requested keywords.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
GLSA released, all done!