CVE-2021-28091

Published: 01 June 2021

Lasso all versions prior to 2.7.0 has improper verification of a cryptographic signature.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
lasso
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.04 (Hirsute Hippo)
Released (2.6.1-2ubuntu0.1)
Ubuntu 20.04 LTS (Focal Fossa)
Released (2.6.0-7ubuntu1.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.5.1-0ubuntu1.2)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://git.entrouvert.org/lasso.git/commit/?id=ea7e5efe9741e1b1787a58af16cb15b40c23be5a