Bug 51295 - Для закрытия CVE-2024-2048 необходимо обновить пакет
Summary: Для закрытия CVE-2024-2048 необходимо обновить пакет
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: vault (show other bugs)
Version: unstable
Hardware: x86_64 Linux
: P5 normal
Assignee: bne@altlinux.org
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-08-27 14:35 MSK by FelixZ
Modified: 2024-08-29 22:35 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description FelixZ 2024-08-27 14:35:02 MSK 
Для закрытия уязвимости CVE-2024-2048, прошу обновить пакет в репозитории до версии старше 1.15.5 или 1.14.10.
https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382
Comment 1 Repository Robot 2024-08-29 22:35:29 MSK 
vault-1.13.12-alt5 -> sisyphus:

 Thu Aug 29 2024 Nikolay Burykin <bne@altlinux> 1.13.12-alt5
 - Fixes: CVE-2024-2048 (Closes: #51295)