Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 29 Oct 2023 08:57:11 +0100
Source: zookeeper
Architecture: source
Version: 3.8.0-11+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Pierre Gruet <p...@debian.org>
Closes: 1054224
Changes:
zookeeper (3.8.0-11+deb12u1) bookworm-security; urgency=medium
.
* Team upload:
- CVE-2023-44981: Prevent a potential authorisation bypass vulnerability.
If SASL Quorum Peer authentication was enabled (via
quorum.auth.enableSasl), authorisation was performed by verifying that
the instance part in the SASL authentication ID was listed in the zoo.cfg
server list. However, this value is optional, and, if missing (such as in
'e...@example.com'), the authorisation check will be skipped. As a
result,
an arbitrary endpoint could join the cluster and begin propagating
counterfeit changes to the leader, essentially giving it complete
read-write access to the data tree. (Closes: #1054224)
Checksums-Sha1:
7fd7e9ee04fbcd149950e1b23f42547153db2593 3799 zookeeper_3.8.0-11+deb12u1.dsc
c6556b6e4237f78955e3d8cd313d0ef04ed1b7e9 3485515 zookeeper_3.8.0.orig.tar.gz
c2622953992c4495ac935662243a60c4e40d8828 488 zookeeper_3.8.0.orig.tar.gz.asc
3376643eaea0466e1962182574b9e5ac4fbb93e6 92236
zookeeper_3.8.0-11+deb12u1.debian.tar.xz
95289d007c7d7cb8c6bdfde75cf05042b5d903f8 24524
zookeeper_3.8.0-11+deb12u1_amd64.buildinfo
Checksums-Sha256:
bf8164ee16a6ddad74de4fb04ef280236b71d0c95c17e1d30ea4c33054f171d2 3799
zookeeper_3.8.0-11+deb12u1.dsc
b0c5684640bea2d8bd6610b47ff41be2aefd6c910ba48fcad5949bd2bf2fa1ac 3485515
zookeeper_3.8.0.orig.tar.gz
22bd6c0fe38b3184cb2b7d5039392f7a63a506915b27a58328f1b4f9731ebfc3 488
zookeeper_3.8.0.orig.tar.gz.asc
616bb05b56538833276bff33a3275938296a370dce9d8ab4850b89db1becd81e 92236
zookeeper_3.8.0-11+deb12u1.debian.tar.xz
494a97f717c50f758545453a2e5bbe7decc89f76ca793607a3bb9e1034e5edca 24524
zookeeper_3.8.0-11+deb12u1_amd64.buildinfo
Files:
39bf8be6919f1c569213692db6891f4c 3799 java optional
zookeeper_3.8.0-11+deb12u1.dsc
dd50b329f3e17c03d2da8ed8497babb6 3485515 java optional
zookeeper_3.8.0.orig.tar.gz
0309b972507b7ef0f1851660618d090e 488 java optional
zookeeper_3.8.0.orig.tar.gz.asc
771e480f58cecf0e4667496a356d13b7 92236 java optional
zookeeper_3.8.0-11+deb12u1.debian.tar.xz
c1dc8b2ac51d557b5d687a1c7e3d23d1 24524 java optional
zookeeper_3.8.0-11+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmU/tjUACgkQYAMWptwn
dHYrog/+O9u3ewUYJ6teyhRw2Niq/fdRlpmTGWpMmwYEMm2aWEVVFXjfx7hta7jv
aYc625o47UrRXDzNdxiiOJbzG8R2XGfk2YrDF2Zmr/OrmHL8xFuHwTd2zwM1DEuP
hsgnU3Uz57TUA/r/AIgTK8FraW7Tm/2+KQkzcYh5LFRG01bKd9nO4NBLB+7KosMa
ECluXB5IofVlXdEhIOL9NHLKhna2G7/3TdiyI18Ki9FVKtliFOmIQoX+ghy98GD+
Y+ZBazVrdK2qapeWm22eDTN/Wzh53rO5oKv7CkTLY1SvNbSn3RiuC6CDdS+ZJ+hW
NLDTWs9yiDUXAS/iu3uYuo3Is92pG8JUsJlKxLj+1dgyI8Jvei6hkG6+kTnWvaiU
xOFvhjEFGETYAUPhqVN9CokBLM3YwgH4AMV4vnKPq7qYbDZC14qfg7bv+cGYAe4w
552op9ZHxu9ikXsc2M6KPTzTzCer5zP/6zKb6aypyMu3uyvZT6RUY6TvRVfxAbw2
wGbJURNlHhRWRPiogpSDeIx56dDoyZPvDwxsOuKJTIxEKXR/VZMoBrPwVg/svG78
VFWeYN9B79Hi4NiwPitXqy9pEBKMWRALl7YnEX7EkejlqSU4oPbHHC0Whogu1B7A
T08MYinkvhmccaGAkf06qSjv8/e1pSRjBBwuun1i9FJuexBEQgY=
=KQ83
-----END PGP SIGNATURE-----
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
debian-j...@lists.debian.org for discussions and questions.
