AVG-1860 log
| Package | vault |
| Status | Fixed |
| Severity | Medium |
| Type | certificate verification bypass |
| Affected | 1.7.0-1 |
| Fixed | 1.7.1-2 |
| Current | 1.18.1-1 [extra] |
| Ticket | None |
| Created | Thu Apr 22 18:11:44 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-29653 | Medium | Yes | Certificate verification bypass | HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in... |
| CVE-2021-27400 | Medium | Yes | Certificate verification bypass | HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when... |
| Notes |
|---|
The Arch Linux package vault 1.7.1-1 was actually still upstream version 1.7.0 because only $pkgver, but not the commit hash was bumped by accident. This is fixed in version 1.7.1-2 of the Arch Linux package. |