Vulnerability CVE-2021-28091: Information
Description
Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
lasso | sisyphus | 2.7.0-alt1 | 2.8.2-alt3 | ALT-PU-2021-2195-1 | 278474 | Fixed |
lasso | p10 | 2.7.0-alt1 | 2.7.0-alt1 | ALT-PU-2021-2195-1 | 278474 | Fixed |
lasso | c10f1 | 2.7.0-alt1 | 2.7.0-alt1 | ALT-PU-2021-2195-1 | 278474 | Fixed |
lasso | c9f2 | 2.6.0-alt2.c9f2.2 | 2.6.0-alt2.c9f2.2 | ALT-PU-2022-1831-1 | 299511 | Fixed |
lasso | p11 | 2.7.0-alt1 | 2.8.2-alt3 | ALT-PU-2021-2195-1 | 278474 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://git.entrouvert.org/lasso.git/commit/?id=076a37d7f0eb74001127481da2d355683693cde9 |
|
http://listes.entrouvert.com/arc/lasso/ |
|
https://git.entrouvert.org/lasso.git/tree/NEWS?id=v2.7.0 |
|
DSA-4926 |
|
[debian-lts-announce] 20210610 [SECURITY] [DLA 2684-1] lasso security update |
|
FEDORA-2021-bb3ea1e191 | |
FEDORA-2021-508acb1153 |