Register | Log in

yubikey-val

One-Time Password (OTP) validation server for YubiKey tokens

Choose email to subscribe with

general

source: yubikey-val (main)
version: 2.38-2
maintainer: Debian Authentication Maintainers (archive) (DMD)
uploaders: Simon Josefsson [DMD] – Klas Lindfors [DMD] – Dain Nilsson [DMD] – Daniel Pocock [DMD]
arch: all
std-ver: 3.9.8
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.27-1
o-o-sec: 2.27-1+deb8u1
oldstable: 2.38-2
stable: 2.38-2

versioned links

2.27-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.27-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.38-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

yubikey-val

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2020-10184: The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.
CVE-2020-10185: The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.

Please fix them.

Created: 2020-03-06 Last update: 2020-08-07 06:08

2 ignored security issues in buster low

There are 2 open security issues in buster.

2 issues skipped by the security teams:

CVE-2020-10184: The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL queries, which allows remote attackers to cause a denial of service, aka SQL injection. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service; the issue does NOT affect YubiCloud.
CVE-2020-10185: The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP. NOTE: this issue is potentially relevant to persons outside Yubico who operate a self-hosted OTP validation service with a non-default configuration such as an open sync pool; the issue does NOT affect YubiCloud.

Please fix them.

Created: 2020-03-06 Last update: 2020-08-07 06:08

news

[2020-03-12] Accepted yubikey-val 2.27-1+deb8u1 (source all) into oldoldstable (Utkarsh Gupta)
[2019-08-25] yubikey-val REMOVED from testing (Debian testing watch)
[2019-08-24] Removed 2.38-2 from unstable (Debian FTP Masters)
[2016-08-28] yubikey-val 2.38-2 MIGRATED to testing (Debian testing watch)
[2016-08-17] Accepted yubikey-val 2.38-2 (source) into unstable (Simon Josefsson)
[2016-08-09] Accepted yubikey-val 2.38-1 (source) into unstable (Simon Josefsson)
[2016-05-21] yubikey-val REMOVED from testing (Debian testing watch)
[2015-10-19] yubikey-val 2.33-1 MIGRATED to testing (Britney)
[2015-10-08] Accepted yubikey-val 2.33-1 (source) into unstable (Simon Josefsson)
[2015-10-02] yubikey-val 2.32-1 MIGRATED to testing (Britney)
[2015-09-22] Accepted yubikey-val 2.32-1 (source all) into unstable (Simon Josefsson)
[2015-09-21] yubikey-val 2.29-1 MIGRATED to testing (Britney)
[2015-09-10] Accepted yubikey-val 2.29-1 (source all) into unstable (Simon Josefsson)
[2015-04-27] yubikey-val 2.28-1 MIGRATED to testing (Britney)
[2015-02-26] Accepted yubikey-val 2.28-1 (source all) into unstable (Simon Josefsson)
[2014-12-27] Accepted yubikey-val 2.27-2 (source all) into unstable (Simon Josefsson)
[2014-10-07] yubikey-val 2.27-1 MIGRATED to testing (Britney)
[2014-10-01] Accepted yubikey-val 2.27-1 (source all) into unstable (Simon Josefsson)
[2014-09-25] yubikey-val 2.25-2 MIGRATED to testing (Britney)
[2014-09-19] Accepted yubikey-val 2.25-2 (source all) into unstable (Klas Lindfors) (signed by: Simon Josefsson)
[2014-09-10] yubikey-val 2.25-1 MIGRATED to testing (Britney)
[2014-09-04] Accepted yubikey-val 2.25-1 (source all) into unstable (Simon Josefsson)
[2013-09-29] yubikey-val 2.24-1 MIGRATED to testing (Debian testing watch)
[2013-09-18] Accepted yubikey-val 2.24-1 (source all) (Simon Josefsson)
[2013-09-16] yubikey-val 2.23-2 MIGRATED to testing (Debian testing watch)
[2013-09-06] Accepted yubikey-val 2.23-2 (source all) (Simon Josefsson)
[2013-06-09] yubikey-val 2.23-1 MIGRATED to testing (Debian testing watch)
[2013-05-29] Accepted yubikey-val 2.23-1 (source all) (Dain Nilsson) (signed by: Daniel Pocock)

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang
popcon
browse source code
edit tags
other distros
security tracker
screenshots

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing