sys-auth/pam_u2f prior to version 1.3.1 is affected by this vuln 2025-01-14 Yubico releases advisory YSA-2025-01 https://www.yubico.com/support/security-advisories/ysa-2025-01/ also known as CVE: CVE-2025-23013 Published Date: 2025-01-14 Tracking IDs: YSA-2025-01 CVSS Severity: 7.3 Reproducible: Always
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ab3c19d764f6dcc5f736dfc7df06a3d908ed6c5b commit ab3c19d764f6dcc5f736dfc7df06a3d908ed6c5b Author: Matt Jolly <kangie@gentoo.org> AuthorDate: 2025-01-19 22:49:56 +0000 Commit: Matt Jolly <kangie@gentoo.org> CommitDate: 2025-01-19 22:50:37 +0000 sys-auth/pam_u2f: add 1.3.2 Bug: https://bugs.gentoo.org/948201 Signed-off-by: Matt Jolly <kangie@gentoo.org> sys-auth/pam_u2f/Manifest | 1 + sys-auth/pam_u2f/pam_u2f-1.3.2.ebuild | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=bb937b5a5b189acfa5ffeb196db894e00784c57f commit bb937b5a5b189acfa5ffeb196db894e00784c57f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-01-23 06:15:02 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-01-23 06:15:14 +0000 [ GLSA 202501-04 ] Yubico pam-u2f: Partial Authentication Bypass Bug: https://bugs.gentoo.org/948201 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202501-04.xml | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+)
