AVG-1860 log

Package vault
Status Fixed
Severity Medium
Type certificate verification bypass
Affected 1.7.0-1
Fixed 1.7.1-2
Current 1.18.2-1 [extra]
Ticket None
Created Thu Apr 22 18:11:44 2021
Issue Severity Remote Type Description
CVE-2021-29653 Medium Yes Certificate verification bypass
HashiCorp Vault and Vault Enterprise 1.5.1 and newer, under certain circumstances, may exclude revoked but unexpired certificates from the CRL. Fixed in...
CVE-2021-27400 Medium Yes Certificate verification bypass
HashiCorp Vault and Vault Enterprise Cassandra integrations (storage backend and database secrets engine plugin) did not validate TLS certificates when...
Notes
The Arch Linux package vault 1.7.1-1 was actually still upstream version 1.7.0 because only $pkgver, but not the commit hash was bumped by accident. This is fixed in version 1.7.1-2 of the Arch Linux package.