[Git][security-tracker-team/security-tracker][master] Track fixes for three consul issues

Fri Jul 21 20:36:46 BST 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
968831df by Salvatore Bonaccorso at 2023-07-21T21:35:40+02:00
Track fixes for three consul issues

Note that the version hitting unstable was 1.9.17+dfsg2-1, as the
1.9.17+dfsg1-1 never reached the archive for real.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -94445,7 +94445,7 @@ CVE-2022-29154 (An issue was discovered in rsync before 3.2.5 that allows malici
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3d7015afa223494e3318495c2f5de9cb49229da9 (v3.2.5pre1)
 	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=2f7c583143bc6e80902139c23d9d7283f88fbc6a (v3.2.5pre1)
 CVE-2022-29153 (HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11. ...)
-	- consul <unfixed> (bug #1017982)
+	- consul 1.9.17+dfsg2-1 (bug #1017982)
 	[buster] - consul <ignored> (Intrusive to backport)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393
 	NOTE: https://github.com/hashicorp/consul/commit/72e1ce6317d6a4b28c73cd15f3976eb2c362be19 (v1.9.17)
@@ -107663,7 +107663,7 @@ CVE-2022-24689 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5.
 CVE-2022-24688 (An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. The T ...)
 	NOT-FOR-US: DSK DSKNet
 CVE-2022-24687 (HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, a ...)
-	- consul <unfixed> (bug #1006487)
+	- consul 1.9.17+dfsg2-1 (bug #1006487)
 	[buster] - consul <not-affected> (Vulnerable Code not present)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2022-05-consul-ingress-gateway-panic-can-shutdown-servers/
 	NOTE: https://github.com/hashicorp/consul/commit/d35c6a97cbdff252f5238d6b52f49786f896566a (v1.9.15)
@@ -156761,7 +156761,7 @@ CVE-2021-32575 (HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge
 	- nomad 0.12.10+dfsg1-3 (bug #990581)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-14-nomad-bridge-networking-mode-allows-arp-spoofing-from-other-bridged-tasks-on-same-node/24296
 CVE-2021-32574 (HashiCorp Consul and Consul Enterprise 1.3.0 through 1.10.0 Envoy prox ...)
-	- consul <unfixed> (bug #991719)
+	- consul 1.9.17+dfsg2-1 (bug #991719)
 	[bullseye] - consul <no-dsa> (Minor issue)
 	[buster] - consul <not-affected> (Only affects 1.3.0 and later)
 	NOTE: https://discuss.hashicorp.com/t/hcsec-2021-17-consul-s-envoy-tls-configuration-did-not-validate-destination-service-subject-alternative-names/26856



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/968831dfc9a35bc6ff4db461ac30a1b3a5a54249

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/968831dfc9a35bc6ff4db461ac30a1b3a5a54249
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230721/85a1b3c2/attachment-0001.htm>
