dogtag-pki - Debian Package Tracker

general

source: dogtag-pki (main)
version: 11.0.3-4
maintainer: Debian FreeIPA Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

stable: 10.10.2-3
unstable: 11.0.3-4

versioned links

10.10.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.0.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dogtag-pki
dogtag-pki-console-theme
dogtag-pki-server-theme
libsymkey-java
libsymkey-jni
pki-base
pki-base-java
pki-ca
pki-console
pki-javadoc
pki-kra
pki-ocsp
pki-server
pki-tks
pki-tools
pki-tps
pki-tps-client
python3-pki-base

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in an unknown time
Last run: 2022-08-16T05:35:15.137Z
Previous status: None

testing: fail (log)
The tests ran in an unknown time
Last run: 2022-07-27T14:12:15.844Z
Previous status: None

stable: fail (log)
The tests ran in an unknown time
Last run: 2022-08-16T05:29:35.268Z
Previous status: None

Created: 2022-05-17 Last update: 2022-08-16 06:09

A new upstream version is available: 11.2.0~beta3 high

A new upstream version 11.2.0~beta3 is available, you should consider packaging it.

Created: 2022-03-17 Last update: 2022-08-16 03:32

5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:

CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVE-2022-2414: Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Created: 2022-07-04 Last update: 2022-08-11 22:35

7 security issues in bullseye high

There are 7 open security issues in bullseye.

1 important issue:

CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.

6 issues left for the package maintainer to handle:

CVE-2020-1696: (needs triaging) A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2021-3551: (needs triaging) A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
CVE-2022-2414: (needs triaging) Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
CVE-2019-10178: (needs triaging) It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10180: (needs triaging) A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
CVE-2020-25715: (needs triaging) A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-11 22:35

lintian reports 6 errors and 76 warnings high

Lintian reports 6 errors and 76 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2021-10-13 Last update: 2022-07-30 12:12

5 security issues in bookworm high

There are 5 open security issues in bookworm.

5 important issues:

CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVE-2022-2414:
CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Created: 2022-07-04 Last update: 2022-07-16 05:35

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2022-07-27 Last update: 2022-08-16 06:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).

Created: 2020-11-17 Last update: 2022-05-11 23:24

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migration status for dogtag-pki (- to 11.0.3-4): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Updating dogtag-pki would introduce bugs in testing: #1013935, #1014957
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dogtag-pki.html
- ∙ ∙ autopkgtest for dogtag-pki/11.0.3-4: amd64: Pass, arm64: Pass, armhf: Ignored failure, i386: Pass, ppc64el: Pass
- ∙ ∙ autopkgtest for dogtag-pki/blocked-on-ci-infra: armel: Ignored failure, s390x: Ignored failure
- ∙ ∙ 151 days old (needed 5 days)
- Not considered

news

[rss feed]

[2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-03-23] dogtag-pki 11.0.3-4 MIGRATED to testing (Debian testing watch)
[2022-03-17] Accepted dogtag-pki 11.0.3-4 (source) into unstable (Timo Aaltonen)
[2022-03-17] Accepted dogtag-pki 11.0.3-3 (source) into unstable (Timo Aaltonen)
[2022-03-16] Accepted dogtag-pki 11.0.3-2 (source) into unstable (Timo Aaltonen)
[2022-03-15] Accepted dogtag-pki 11.0.3-1 (source) into unstable (Timo Aaltonen)
[2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
[2021-10-25] dogtag-pki 11.0.0-1 MIGRATED to testing (Debian testing watch)
[2021-10-19] Accepted dogtag-pki 11.0.0-1 (source) into unstable (Timo Aaltonen)
[2021-10-13] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
[2021-10-12] dogtag-pki REMOVED from testing (Debian testing watch)
[2021-09-11] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
[2021-09-07] Accepted dogtag-pki 10.10.6-1 (source) into unstable (Timo Aaltonen)
[2021-04-24] dogtag-pki 10.10.2-3 MIGRATED to testing (Debian testing watch)
[2021-04-14] Accepted dogtag-pki 10.10.2-3 (source) into unstable (Timo Aaltonen)
[2021-03-18] dogtag-pki 10.10.2-2 MIGRATED to testing (Debian testing watch)
[2021-03-12] Accepted dogtag-pki 10.10.2-2 (source) into unstable (Timo Aaltonen)
[2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-16] Accepted dogtag-pki 10.10.2-1 (source) into unstable (Timo Aaltonen)
[2020-12-09] dogtag-pki 10.10.1-1 MIGRATED to testing (Debian testing watch)
[2020-12-06] Accepted dogtag-pki 10.10.1-1 (source) into unstable (Timo Aaltonen)
[2020-11-07] dogtag-pki 10.10.0-1 MIGRATED to testing (Debian testing watch)
[2020-11-02] Accepted dogtag-pki 10.10.0-1 (source) into unstable (Timo Aaltonen)
[2020-09-23] dogtag-pki 10.9.4-1 MIGRATED to testing (Debian testing watch)
[2020-09-17] Accepted dogtag-pki 10.9.4-1 (source) into unstable (Timo Aaltonen)
[2020-08-24] Accepted dogtag-pki 10.9.2-1 (source) into unstable (Timo Aaltonen)
[2020-08-14] Accepted dogtag-pki 10.9.1-2 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 6
RC: 2
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (6, 76)
buildd: logs, checks, clang, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 11.0.3-4
2 bugs