CVE-2022-24687: HashiCorp Consul and Consul Enterprise 1.8.0 through 1.9.14, 1.10.7, and 1.11.2 has Uncontrolled Resource Consumption. Please stabilize 1.9.15, and cleanup other affected branches.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f876d9088eaae110cfb65097107534d52ce240ce commit f876d9088eaae110cfb65097107534d52ce240ce Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-02-26 17:09:07 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-02-26 17:10:22 +0000 app-admin/consul: Remove vulnerable versions Bug: https://bugs.gentoo.org/834006 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/Manifest | 64 --- app-admin/consul/consul-1.10.6.ebuild | 794 --------------------------------- app-admin/consul/consul-1.10.7.ebuild | 794 --------------------------------- app-admin/consul/consul-1.11.1.ebuild | 808 --------------------------------- app-admin/consul/consul-1.11.2.ebuild | 809 ---------------------------------- app-admin/consul/consul-1.8.15.ebuild | 774 -------------------------------- app-admin/consul/consul-1.8.19.ebuild | 788 --------------------------------- app-admin/consul/consul-1.9.13.ebuild | 793 --------------------------------- app-admin/consul/consul-1.9.14.ebuild | 793 --------------------------------- 9 files changed, 6417 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a8a9b30609800037889788032e37a11f6b783c70 commit a8a9b30609800037889788032e37a11f6b783c70 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2022-02-26 17:05:07 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2022-02-26 17:05:41 +0000 app-admin/consul: Stabilize 1.9.15 for bug 834006 Bug: https://bugs.gentoo.org/834006 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/consul/consul-1.9.15.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f7375fcfd657cfc3887863e562d7feab296947e9 commit f7375fcfd657cfc3887863e562d7feab296947e9 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-08-10 04:07:00 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-08-10 04:17:29 +0000 [ GLSA 202208-09 ] HashiCorp Consul: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/760696 Bug: https://bugs.gentoo.org/783483 Bug: https://bugs.gentoo.org/802522 Bug: https://bugs.gentoo.org/812497 Bug: https://bugs.gentoo.org/834006 Bug: https://bugs.gentoo.org/838328 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202208-09.xml | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+)
GLSA released, all done!