From 8e38e4bd0bec060fa110302b9d161b2e63c0b44d Mon Sep 17 00:00:00 2001
From: Martin Holst Swende <martin@swende.se>
Date: Fri, 11 Dec 2020 09:16:35 +0100
Subject: [PATCH] vulnerabilites: updates (#21998)

---
 docs/_vulnerabilities/vulnerabilities.json    | 31 +++++++++++++++++++
 .../vulnerabilities.json.minisig              |  6 ++--
 2 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/docs/_vulnerabilities/vulnerabilities.json b/docs/_vulnerabilities/vulnerabilities.json
index 36509f95a9..2cd80a348c 100644
--- a/docs/_vulnerabilities/vulnerabilities.json
+++ b/docs/_vulnerabilities/vulnerabilities.json
@@ -66,5 +66,36 @@
     "severity": "Critical",
     "CVE": "CVE-2020-26242",
     "check": "Geth\\/v1\\.9.(16|17).*$"
+  },
+  {
+    "name": "LES Server DoS via GetProofsV2",
+    "uid": "GETH-2020-05",
+    "summary": "A DoS vulnerability can make a LES server crash.",
+    "description": "A DoS vulnerability can make a LES server crash via malicious GetProofsV2 request from a connected LES client.\n\nThe vulnerability was patched in #21896.\n\nThis vulnerability only concern users explicitly running geth as a light server",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-r33q-22hv-j29q",
+      "https://github.com/ethereum/go-ethereum/pull/21896"
+    ],
+    "introduced": "v1.8.0",
+    "fixed": "v1.9.25",
+    "published": "2020-12-10",
+    "severity": "Medium",
+    "CVE": "CVE-2020-26264",
+    "check": "(Geth\\/v1\\.8\\.*)|(Geth\\/v1\\.9\\.\\d-.*)|(Geth\\/v1\\.9\\.1\\d-.*)|(Geth\\/v1\\.9\\.(20|21|22|23|24)-.*)$"
+  },
+  {
+    "name": "Consensus flaw during block processing",
+    "uid": "GETH-2020-06",
+    "summary": "A consensus-vulnerability in Geth could cause a chain split, where vulnerable versions refuse to accept the canonical chain.",
+    "description": "Full details to be released at a later date.",
+    "links": [
+      "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-xw37-57qp-9mm4"
+    ],
+    "introduced": "v1.9.4",
+    "fixed": "v1.9.20",
+    "published": "2020-12-10",
+    "severity": "High",
+    "CVE": "CVE-2020-26265",
+    "check": "(Geth\\/v1\\.9\\.(4|5|6|7|8|9)-.*)|(Geth\\/v1\\.9\\.1\\d-.*)$"
   }
 ]
diff --git a/docs/_vulnerabilities/vulnerabilities.json.minisig b/docs/_vulnerabilities/vulnerabilities.json.minisig
index 511e772b2c..8236cc6b4a 100644
--- a/docs/_vulnerabilities/vulnerabilities.json.minisig
+++ b/docs/_vulnerabilities/vulnerabilities.json.minisig
@@ -1,4 +1,4 @@
 untrusted comment: signature from minisign secret key
-RWQk7Lo5TQgd+2fCWW+1uE5hM7811xOurL4JXKJgO10k0IhPQjuJMEULaZlLnr+yPR9X+CKjz2X8DfwSXxHh0j09cT98NVcMvgk=
-trusted comment: timestamp:1607093897	file:vulnerabilities.json
-Za0+WCqDoGrvvJm8/cbVOm5cvVMuxDZakzPxSsaKaMrRQ41jmxL/Ja5G4lhgMSX9SUFCiG9cusGI2NMlu/vkDw==
+RWQk7Lo5TQgd+zxfhTVu9RKveaSCRXSMeOq6nKsv/f1cJmHJEB75gOTTsh6P7SzKwwNCES4LgD9ozE4FEUBRUguSZP3ITc2rvAg=
+trusted comment: timestamp:1607605939	file:vulnerabilities.json
+lC8y+82roRxdNTsA3VZkG6vPxkpYq+yIiTXPdkigaDvZaT4Kro1FqfVGIZ60Uh/6MYz4pSgQYAmD6ujLOQjoAA==