CVE-2020-35177 (https://discuss.hashicorp.com/t/hcsec-2020-25-vault-s-ldap-auth-method-allows-user-enumeration/18984): HashiCorp Vault and Vault Enterprise allowed the enumeration of users via the LDAP auth method. Fixed in 1.5.6 and 1.6.1. CVE-2020-35453 (https://discuss.hashicorp.com/t/hcsec-2020-24-vault-enterprise-s-sentinel-egp-policies-may-impact-parent-or-sibling-namespaces/18983): HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. Maintainer, please bump to 1.5.6 and 1.6.1. Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2c770714b3ad77efd7d13d925cb5540def7341c7 commit 2c770714b3ad77efd7d13d925cb5540def7341c7 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-12-27 21:46:28 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-12-27 21:47:55 +0000 app-admin/vault: Bump to version 1.6.1 Bug: https://bugs.gentoo.org/761963 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.6.1.ebuild | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bfebed24ab184d1c1da540e3a8f3ab01f149de61 commit bfebed24ab184d1c1da540e3a8f3ab01f149de61 Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2020-12-27 21:01:40 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2020-12-27 21:47:54 +0000 app-admin/vault: Bump to version 1.5.6 Bug: https://bugs.gentoo.org/761963 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 + app-admin/vault/vault-1.5.6.ebuild | 78 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+)
Thank you! Please proceed with stabilization when ready.
Ready?
Ready.
Thanks!
amd64 done all arches done
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d45a14aeebe8a0e7e53e6107c2a71c4f83b0238f commit d45a14aeebe8a0e7e53e6107c2a71c4f83b0238f Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2021-01-07 10:35:26 +0000 Commit: Zac Medico <zmedico@gentoo.org> CommitDate: 2021-01-07 10:36:15 +0000 app-admin/vault: Remove vulnerable version 1.4.7 Bug: https://bugs.gentoo.org/761963 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Zac Medico <zmedico@gentoo.org> app-admin/vault/Manifest | 2 - app-admin/vault/vault-1.4.7.ebuild | 77 -------------------------------------- 2 files changed, 79 deletions(-)
