Community Packages

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#66642 - [keycloak] [Security] arbitrary code execution (CVE-2020-1714)

Attached to Project: Community Packages
Opened by Morten Linderud (Foxboron) - Wednesday, 13 May 2020, 21:23 GMT
Last edited by Sven-Hendrik Haase (Svenstaro) - Sunday, 17 May 2020, 23:49 GMT
Task Type Bug Report
Category Security
Status Closed
Assigned To Sven-Hendrik Haase (Svenstaro)
Levente Polyak (anthraxx)
Architecture All
Severity High
Priority Urgent
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Summary
=======

The package keycloak is vulnerable to arbitrary code execution via CVE-2020-1714.

Guidance
========

Upgrade the package to newest release or pull the patch.

References
==========

https://security.archlinux.org/AVG-1158
https://github.com/keycloak/keycloak/pull/7053
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
This task depends upon

Closed by  Sven-Hendrik Haase (Svenstaro)
Sunday, 17 May 2020, 23:49 GMT
Reason for closing:  Fixed
Comment by Sven-Hendrik Haase (Svenstaro) - Wednesday, 13 May 2020, 23:26 GMT
PR patch applied and pushed in 10.0.0-2. Also updated our own installation of keycloak.

Loading...