Debian Package Tracker

general

source: dogtag-pki (main)
version: 10.8.3-2
maintainer: Debian FreeIPA Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

unstable: 10.8.3-2
exp: 10.9.0~a2-2

versioned links

10.8.3-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
10.9.0~a2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dogtag-pki
dogtag-pki-console-theme
dogtag-pki-server-theme
libsymkey-java
libsymkey-jni
pki-base (2 bugs: 2, 0, 0, 0)
pki-base-java
pki-ca
pki-console
pki-javadoc
pki-kra
pki-ocsp
pki-server
pki-tks
pki-tools
pki-tps
pki-tps-client
python3-pki-base

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:03:52
Last run: 2020-07-02 14:01:57 UTC
Previous status: pass

testing: fail (log)
The tests ran in 0:02:30
Last run: 2019-03-14 08:26:55 UTC
Previous status: fail

Created: 2020-04-19 Last update: 2020-08-12 06:06

A new upstream version is available: 10.9.1 high

A new upstream version 10.9.1 is available, you should consider packaging it.

Created: 2020-08-08 Last update: 2020-08-12 05:02

8 security issues in sid high

There are 8 open security issues in sid.

8 important issues:

CVE-2019-10146: A Reflected Cross Site Scripting flaw was found in all pki-core 10.x.x versions module from the pki-core server due to the CA Agent Service not properly sanitizing the certificate request page. An attacker could inject a specially crafted value that will be executed on the victim's browser.
CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10179: A vulnerability was found in all pki-core 10.x.x versions, where the Key Recovery Authority (KRA) Agent Service did not properly sanitize recovery request search page, enabling a Reflected Cross Site Scripting (XSS) vulnerability. An attacker could trick an authenticated victim into executing specially crafted Javascript code.
CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
CVE-2019-10221: A Reflected Cross Site Scripting vulnerability was found in all pki-core 10.x.x versions, where the pki-ca module from the pki-core server. This flaw is caused by missing sanitization of the GET URL parameters. An attacker could abuse this flaw to trick an authenticated user into clicking a specially crafted link which can execute arbitrary code when viewed in a browser.
CVE-2020-15720: In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. Since the verify parameter was hard-coded in all request functions, it was not possible to override the setting. As a result, tools making use of this class, such as the pki-server command, may have been vulnerable to Person-in-the-Middle attacks in certain non-localhost use cases. This is fixed in 10.9.0-b1.
CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2020-1721:

Please fix them.

Created: 2020-02-06 Last update: 2020-08-07 06:08

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2020-04-10 Last update: 2020-08-06 17:35

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 2-day delay is over. Check why.

Created: 2020-04-01 Last update: 2020-08-12 04:36

lintian reports 26 warnings normal

Lintian reports 26 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2020-07-29 Last update: 2020-07-29 12:30

testing migrations

excuses:
- Migrates after: freeipa-healthcheck, openjdk-8
- Migration status for dogtag-pki (- to 10.8.3-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- Updating dogtag-pki introduces new bugs: #920725, #921926
- Build-Depends(-Arch): dogtag-pki openjdk-8
- Depends: dogtag-pki freeipa-healthcheck
- Depends: dogtag-pki openjdk-8
- Additional info:
- Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dogtag-pki.html
- Required age reduced by 3 days because of autopkgtest
- 135 days old (needed 2 days)
- Not considered

news

[rss feed]

[2020-06-17] Accepted dogtag-pki 10.9.0~a2-2 (source) into experimental (Timo Aaltonen)
[2020-06-16] Accepted dogtag-pki 10.9.0~a2-1 (source) into experimental (Timo Aaltonen)
[2020-05-27] Accepted dogtag-pki 10.9.0~a1-1 (source) into experimental (Timo Aaltonen)
[2020-03-30] Accepted dogtag-pki 10.8.3-2 (source) into unstable (Timo Aaltonen)
[2020-03-17] Accepted dogtag-pki 10.8.3-1 (source) into unstable (Timo Aaltonen)
[2020-02-08] Accepted dogtag-pki 10.7.4-2 (source) into unstable (Timo Aaltonen)
[2020-02-06] Accepted dogtag-pki 10.7.4-1 (source) into unstable (Timo Aaltonen)
[2019-09-17] Accepted dogtag-pki 10.7.3-4 (source) into unstable (Timo Aaltonen)
[2019-09-13] Accepted dogtag-pki 10.7.3-3 (source) into unstable (Timo Aaltonen)
[2019-09-11] Accepted dogtag-pki 10.7.3-2 (source) into unstable (Timo Aaltonen)
[2019-08-09] Accepted dogtag-pki 10.7.3-1 (source) into experimental (Timo Aaltonen)
[2019-07-29] Accepted dogtag-pki 10.6.10-2 (source) into unstable (Timo Aaltonen)
[2019-07-19] Accepted dogtag-pki 10.6.10-1 (source) into unstable (Timo Aaltonen)
[2019-03-15] dogtag-pki REMOVED from testing (Debian testing watch)
[2019-01-09] dogtag-pki 10.6.8-2 MIGRATED to testing (Debian testing watch)
[2018-12-07] Accepted dogtag-pki 10.6.8-2 (source) into unstable (Timo Aaltonen)
[2018-12-05] Accepted dogtag-pki 10.6.8-1 (source) into unstable (Timo Aaltonen)
[2018-10-09] Accepted dogtag-pki 10.6.7-1 (source) into unstable (Timo Aaltonen)
[2018-08-27] Accepted dogtag-pki 10.6.6-2 (source) into unstable (Timo Aaltonen)
[2018-08-23] Accepted dogtag-pki 10.6.6-1 (source) into unstable (Timo Aaltonen)
[2018-05-20] Accepted dogtag-pki 10.6.1-1 (source) into experimental (Timo Aaltonen)
[2018-04-18] Accepted dogtag-pki 10.6.0-2 (source) into experimental (Timo Aaltonen)
[2018-04-17] Accepted dogtag-pki 10.6.0-1 (source) into experimental (Timo Aaltonen)
[2018-04-10] Accepted dogtag-pki 10.6.0~beta2-3 (source) into experimental (Timo Aaltonen)
[2018-04-06] Accepted dogtag-pki 10.6.0~beta2-2 (source) into experimental (Timo Aaltonen)
[2018-03-30] Accepted dogtag-pki 10.6.0~beta2-1 (source) into experimental (Timo Aaltonen)
[2018-02-09] Accepted dogtag-pki 10.5.5-1 (source) into unstable (Timo Aaltonen)
[2018-01-05] Accepted dogtag-pki 10.5.3-4 (source) into unstable (Timo Aaltonen)
[2017-12-22] Accepted dogtag-pki 10.5.3-3 (source) into unstable (Timo Aaltonen)
[2017-12-21] Accepted dogtag-pki 10.5.3-2 (source) into unstable (Timo Aaltonen)

bugs [bug history graph]

all: 2
RC: 2
I&N: 0
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (0, 26)
buildd: logs, exp, checks, clang, cross
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 10.8.3-1ubuntu1
4 bugs
patches for 10.8.3-1ubuntu1