Please read this before reporting a bug:
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
http://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines
Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#69317 - [dotnet-core] [Security] denial of service (CVE-2021-1723)
Attached to Project:
Community Packages
Opened by Jonas Witschel (diabonas) - Wednesday, 13 January 2021, 21:49 GMT
Opened by Jonas Witschel (diabonas) - Wednesday, 13 January 2021, 21:49 GMT
|
DetailsSummary
======= The packages dotnet-runtime and dotnet-sdk are vulnerable to denial of service via CVE-2021-1723. Guidance ======== Upgrading to the latest version 3.1.11 of dotnet-core fixes the issue. References ========== https://security.archlinux.org/AVG-1449 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-1723 https://github.com/dotnet/announcements/issues/170 https://github.com/dotnet/aspnetcore/commit/20ad9fa5dcde635c13c6c83806c4701d5b7ec21e |
This task depends upon