FS#69317 : [dotnet-core] [Security] denial of service (CVE-2021-1723)

Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#69317 - [dotnet-core] [Security] denial of service (CVE-2021-1723)

Attached to Project: Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 13 January 2021, 21:49 GMT

Task Type	Bug Report
Category	Security
Status	Assigned
Assigned To	Maxime Gauduin (Alucryd) Levente Polyak (anthraxx)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Summary
=======

The packages dotnet-runtime and dotnet-sdk are vulnerable to denial of service via CVE-2021-1723.

Guidance
========

Upgrading to the latest version 3.1.11 of dotnet-core fixes the issue.

References
==========

https://security.archlinux.org/AVG-1449
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723
https://github.com/dotnet/announcements/issues/170
https://github.com/dotnet/aspnetcore/commit/20ad9fa5dcde635c13c6c83806c4701d5b7ec21e

This task depends upon

Comments (0)
Related Tasks (0/0)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Community Packages

FS#69317 - [dotnet-core] [Security] denial of service (CVE-2021-1723)

Details

Loading...