dogtag-pki - Debian Package Tracker

general

source: dogtag-pki (main)
version: 11.2.1-2
maintainer: Debian FreeIPA Team (archive) (DMD)
uploaders: Timo Aaltonen [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 10.10.2-3
unstable: 11.2.1-2

versioned links

10.10.2-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
11.2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

dogtag-pki
dogtag-pki-console-theme
dogtag-pki-server-theme
pki-base
pki-base-java
pki-ca
pki-console
pki-javadoc
pki-kra
pki-ocsp
pki-server (1 bugs: 0, 1, 0, 0)
pki-tks
pki-tools
pki-tps
python3-pki-base

action needed

A new upstream version is available: 11.5.0~alpha1 high

A new upstream version 11.5.0~alpha1 is available, you should consider packaging it.

Created: 2022-03-17 Last update: 2023-09-24 08:03

4 security issues in sid high

There are 4 open security issues in sid.

4 important issues:

CVE-2020-1696: A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2022-2393: A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVE-2019-10178: It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10180: A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.

Created: 2022-07-04 Last update: 2023-06-10 13:34

lintian reports 7 errors and 87 warnings high

Lintian reports 7 errors and 87 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2023-02-22 Last update: 2023-02-22 15:33

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2023-05-27 Last update: 2023-09-24 11:44

1 new commit since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 88281b363e2ffc1816b4213fa051c4529b80f118
Author: Timo Aaltonen <tjaalton@debian.org>
Date:   Fri Feb 10 08:59:02 2023 +0200

    releasing package dogtag-pki version 11.2.1-2

Created: 2023-02-03 Last update: 2023-09-23 20:34

7 low-priority security issues in bullseye low

There are 7 open security issues in bullseye.

7 issues left for the package maintainer to handle:

CVE-2020-1696: (needs triaging) A flaw was found in the all pki-core 10.x.x versions, where Token Processing Service (TPS) where it did not properly sanitize Profile IDs, enabling a Stored Cross-Site Scripting (XSS) vulnerability when the profile ID is printed. An attacker with sufficient permissions could trick an authenticated victim into executing a specially crafted Javascript code.
CVE-2021-3551: (needs triaging) A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threat from this vulnerability is to confidentiality.
CVE-2022-2393: (needs triaging) A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content.
CVE-2022-2414: (needs triaging) Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
CVE-2019-10178: (needs triaging) It was found that the Token Processing Service (TPS) did not properly sanitize the Token IDs from the "Activity" page, enabling a Stored Cross Site Scripting (XSS) vulnerability. An unauthenticated attacker could trick an authenticated victim into creating a specially crafted activity, which would execute arbitrary JavaScript code when viewed in a browser. All versions of pki-core are believed to be vulnerable.
CVE-2019-10180: (needs triaging) A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability. An attacker able to modify the parameters of any token could use this flaw to trick an authenticated user into executing arbitrary JavaScript code.
CVE-2020-25715: (needs triaging) A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2023-06-10 13:34

debian/patches: 15 patches to forward upstream low

Among the 15 debian patches available in version 11.2.1-2 of the package, we noticed the following issues:

15 patches where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2023-02-26 15:54

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.2 instead of 4.5.0).

Created: 2020-11-17 Last update: 2023-02-10 14:10

testing migrations

This package will soon be part of the auto-openldap transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
excuses:
- Migrates after: tomcatjss
- Migration status for dogtag-pki (- to 11.2.1-2): BLOCKED: Rejected/violates migration policy/introduces a regression
- Issues preventing migration:
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/amd64
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/arm64
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/armel
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/armhf
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/i386
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/mips64el
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/ppc64el
- ∙ ∙ Impossible Depends: dogtag-pki -> tomcat9-user/9.0.70-1/s390x
- ∙ ∙ Build-Depends(-Arch): dogtag-pki tomcatjss
- ∙ ∙ Depends: dogtag-pki tomcatjss
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/d/dogtag-pki.html
- ∙ ∙ autopkgtest for dogtag-pki/11.2.1-2: amd64: Pass, arm64: No test results ♻ , armel: No test results ♻ , armhf: No test results ♻ , i386: No test results ♻ , ppc64el: No test results ♻ , s390x: No test results ♻
- ∙ ∙ 226 days old (needed 5 days)
- Not considered

news

[rss feed]

[2023-05-27] dogtag-pki REMOVED from testing (Debian testing watch)
[2023-02-20] dogtag-pki 11.2.1-2 MIGRATED to testing (Debian testing watch)
[2023-02-10] Accepted dogtag-pki 11.2.1-2 (source) into unstable (Timo Aaltonen)
[2023-02-09] dogtag-pki 11.0.6-2 MIGRATED to testing (Debian testing watch)
[2023-02-07] Accepted dogtag-pki 11.2.1-1 (source) into experimental (Timo Aaltonen)
[2023-02-03] Accepted dogtag-pki 11.0.6-2 (source) into unstable (Timo Aaltonen)
[2023-01-12] Accepted dogtag-pki 11.0.6-1 (source) into unstable (Timo Aaltonen)
[2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-07-28] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-03-23] dogtag-pki 11.0.3-4 MIGRATED to testing (Debian testing watch)
[2022-03-17] Accepted dogtag-pki 11.0.3-4 (source) into unstable (Timo Aaltonen)
[2022-03-17] Accepted dogtag-pki 11.0.3-3 (source) into unstable (Timo Aaltonen)
[2022-03-16] Accepted dogtag-pki 11.0.3-2 (source) into unstable (Timo Aaltonen)
[2022-03-15] Accepted dogtag-pki 11.0.3-1 (source) into unstable (Timo Aaltonen)
[2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
[2022-01-16] dogtag-pki REMOVED from testing (Debian testing watch)
[2021-10-25] dogtag-pki 11.0.0-1 MIGRATED to testing (Debian testing watch)
[2021-10-19] Accepted dogtag-pki 11.0.0-1 (source) into unstable (Timo Aaltonen)
[2021-10-13] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
[2021-10-12] dogtag-pki REMOVED from testing (Debian testing watch)
[2021-09-11] dogtag-pki 10.10.6-1 MIGRATED to testing (Debian testing watch)
[2021-09-07] Accepted dogtag-pki 10.10.6-1 (source) into unstable (Timo Aaltonen)
[2021-04-24] dogtag-pki 10.10.2-3 MIGRATED to testing (Debian testing watch)
[2021-04-14] Accepted dogtag-pki 10.10.2-3 (source) into unstable (Timo Aaltonen)
[2021-03-18] dogtag-pki 10.10.2-2 MIGRATED to testing (Debian testing watch)
[2021-03-12] Accepted dogtag-pki 10.10.2-2 (source) into unstable (Timo Aaltonen)
[2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-20] dogtag-pki 10.10.2-1 MIGRATED to testing (Debian testing watch)
[2020-12-16] Accepted dogtag-pki 10.10.2-1 (source) into unstable (Timo Aaltonen)
[2020-12-09] dogtag-pki 10.10.1-1 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 5
RC: 0
I&N: 5
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (7, 87)
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 11.2.1-2
3 bugs