summaryrefslogtreecommitdiff
path: root/release-status.toml
diff options
context:
space:
mode:
Diffstat (limited to 'release-status.toml')
-rw-r--r--release-status.toml16
1 files changed, 10 insertions, 6 deletions
diff --git a/release-status.toml b/release-status.toml
index 8b1ff11..225f01d 100644
--- a/release-status.toml
+++ b/release-status.toml
@@ -1,14 +1,18 @@
[release.sagitta]
- latest = "1.4.0"
+ latest = "1.4.2"
security_advisory = [
+ {cve="CVE-2025-30095", title="Private key reuse in Dropbear SSH server", description="A Dropbear private key was included in the image at build time and not regenerated, making console server SSH connections vulnerable to MitM attacks..", status="fixed"},
+ {cve="CVE-2023-32728", title="Code injection in zabbix_agent2 smartctl plugin", description="Certain configurations of Zabbix agent were vulnerable to remote code execution. This issue was previously fixed by a hotfix and is now included in the image.", status="Fixed"},
+ {cve="CVE-2024-3596", title="Blast-RADIUS", description="The Blast-RADIUS vulnerability is present in 1.4.2 and will be fixed in subsequent releases. Make sure your routers are not communicating with RADIUS servers over untrusted networks.", status="Present"}
]
- notes = "GA release"
+ notes = "Maintenance and security release"
[release.equuleus]
- latest = "1.3.7"
+ latest = "1.3.8"
+
+ security_advisory = []
+
+ notes = "Unsupported — VyOS 1.3 has reached end of life in April 2025."
- security_advisory = [
- {cve="CVE-2024-2961", title="GNU libc iconv buffer overflow", description="Potential DoS in any application that encodes strings", status="fixed"},
- ]
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-02 12:34:30 +0000