Debian Package Tracker
Register | Log in
Subscribe

dogtag-pki

Dogtag Public Key Infrastructure (PKI) Suite

Choose email to subscribe with

general
  • source: dogtag-pki (main)
  • version: 11.0.3-4
  • maintainer: Debian FreeIPA Team (archive) (DMD)
  • uploaders: Timo Aaltonen [DMD]
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • stable: 10.10.2-3
  • unstable: 11.0.3-4
versioned links
  • 10.10.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 11.0.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • dogtag-pki
  • dogtag-pki-console-theme
  • dogtag-pki-server-theme
  • libsymkey-java
  • libsymkey-jni
  • pki-base
  • pki-base-java
  • pki-ca
  • pki-console
  • pki-javadoc
  • pki-kra
  • pki-ocsp
  • pki-server
  • pki-tks
  • pki-tools
  • pki-tps
  • pki-tps-client
  • python3-pki-base
action needed
Debci reports failed tests high
  • unstable: fail (log)
    The tests ran in an unknown time
    Last run: 2022-08-16T05:35:15.137Z
    Previous status: None

  • testing: fail (log)
    The tests ran in an unknown time
    Last run: 2022-07-27T14:12:15.844Z
    Previous status: None

  • stable: fail (log)
    The tests ran in an unknown time
    Last run: 2022-08-16T05:29:35.268Z
    Previous status: None

Created: 2022-05-17 Last update: 2022-08-16 06:09
A new upstream version is available: 11.2.0~beta3 high
A new upstream version 11.2.0~beta3 is available, you should consider packaging it.
Created: 2022-03-17 Last update: 2022-08-16 03:32
5 security issues in sid high

There are 5 open security issues in sid.

5 important issues:
  • CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
  • CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
  • CVE-2022-2414: Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
  • CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
  • CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
Created: 2022-07-04 Last update: 2022-08-11 22:35
7 security issues in bullseye high

There are 7 open security issues in bullseye.

1 important issue:
  • CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
6 issues left for the package maintainer to handle:
  • CVE-2020-1696: (needs triaging) A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
  • CVE-2021-3551: (needs triaging) A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
  • CVE-2022-2414: (needs triaging) Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
  • CVE-2019-10178: (needs triaging) It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
  • CVE-2019-10180: (needs triaging) A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
  • CVE-2020-25715: (needs triaging) A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-11 22:35
lintian reports 6 errors and 76 warnings high
Lintian reports 6 errors and 76 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-10-13 Last update: 2022-07-30 12:12
5 security issues in bookworm high

There are 5 open security issues in bookworm.

5 important issues:
  • CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
  • CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
  • CVE-2022-2414:
  • CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
  • CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
Created: 2022-07-04 Last update: 2022-07-16 05:35
The package has not entered testing even though the delay is over normal
The package has not entered testing even though the 5-day delay is over. Check why.
Created: 2022-07-27 Last update: 2022-08-16 06:04
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2022-05-11 23:24
testing migrations
  • This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
  • excuses:
    • Migration status for dogtag-pki (- to 11.0.3-4): BLOCKED: Rejected/violates migration policy/introduces a regression
    • Issues preventing migration:
    • ∙ ∙ Updating dogtag-pki would introduce bugs in testing: #1013935, #1014957
    • Additional info:
    • ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dogtag-pki.html
    • ∙ ∙ autopkgtest for dogtag-pki/11.0.3-4: amd64: Pass, arm64: Pass, armhf: Ignored failure, i386: Pass, ppc64el: Pass
    • ∙ ∙ autopkgtest for dogtag-pki/blocked-on-ci-infra: armel: Ignored failure, s390x: Ignored failure
    • ∙ ∙ 151 days old (needed 5 days)
    • Not considered
news
[rss feed]
  • [2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
  • [2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
  • [2022-03-23] dogtag-pki 11.0.3-4 MIGRATED to testing (Debian testing watch)
  • [2022-03-17] Accepted dogtag-pki 11.0.3-4 (source) into unstable (Timo Aaltonen)
  • [2022-03-17] Accepted dogtag-pki 11.0.3-3 (source) into unstable (Timo Aaltonen)
  • [2022-03-16] Accepted dogtag-pki 11.0.3-2 (source) into unstable (Timo Aaltonen)
  • [2022-03-15] Accepted dogtag-pki 11.0.3-1 (source) into unstable (Timo Aaltonen)
  • [2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
  • [2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
  • [2021-10-25] dogtag-pki 11.0.0-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-19] Accepted dogtag-pki 11.0.0-1 (source) into unstable (Timo Aaltonen)
  • [2021-10-13] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
  • [2021-10-12] dogtag-pki REMOVED from testing (Debian testing watch)
  • [2021-09-11] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-07] Accepted dogtag-pki 10.10.6-1 (source) into unstable (Timo Aaltonen)
  • [2021-04-24] dogtag-pki 10.10.2-3 MIGRATED to testing (Debian testing watch)
  • [2021-04-14] Accepted dogtag-pki 10.10.2-3 (source) into unstable (Timo Aaltonen)
  • [2021-03-18] dogtag-pki 10.10.2-2 MIGRATED to testing (Debian testing watch)
  • [2021-03-12] Accepted dogtag-pki 10.10.2-2 (source) into unstable (Timo Aaltonen)
  • [2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
  • [2020-12-16] Accepted dogtag-pki 10.10.2-1 (source) into unstable (Timo Aaltonen)
  • [2020-12-09] dogtag-pki 10.10.1-1 MIGRATED to testing (Debian testing watch)
  • [2020-12-06] Accepted dogtag-pki 10.10.1-1 (source) into unstable (Timo Aaltonen)
  • [2020-11-07] dogtag-pki 10.10.0-1 MIGRATED to testing (Debian testing watch)
  • [2020-11-02] Accepted dogtag-pki 10.10.0-1 (source) into unstable (Timo Aaltonen)
  • [2020-09-23] dogtag-pki 10.9.4-1 MIGRATED to testing (Debian testing watch)
  • [2020-09-17] Accepted dogtag-pki 10.9.4-1 (source) into unstable (Timo Aaltonen)
  • [2020-08-24] Accepted dogtag-pki 10.9.2-1 (source) into unstable (Timo Aaltonen)
  • [2020-08-14] Accepted dogtag-pki 10.9.1-2 (source) into unstable (Timo Aaltonen)
  • 1
  • 2
bugs [bug history graph]
  • all: 6
  • RC: 2
  • I&N: 4
  • M&W: 0
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (6, 76)
  • buildd: logs, checks, clang, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
  • debci
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 11.0.3-4
  • 2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing