On Sun, May 26, 2019 at 08:58:29PM +0200, Moritz Mühlenhoff wrote: > On Fri, May 24, 2019 at 09:19:00AM +0100, Chris Lamb wrote: > > tags 929283 + patch > > thanks > > > > Hi Moritz, > > > > > > > zookeeper: CVE-2019-0201: information disclosure vulnerability > > > > > > > > Happy to prepare an update for stretch; I plan to do one for jessie > > > > LTS (which, helpfully, has the same version...) > > > > > > Sounds good, we should fix that in Stretch. I've just added the reference > > > to the upstream commit in the 3.4 branch to the Security Tracker. > > > > Thanks. Here is my diff: > > Looks fine, but can you please also include the test case upstream added? > Given that it's quite complex to reconstruct the specific affected ZK setup, > we should at least ship/run the test case.
I will prepare an upload for 3.4.13 in testing/unstable soon - should be in the next day or so.
signature.asc
Description: PGP signature