Public bug reported:
Please sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* No-change rebuild with Go 1.21.
* No-change rebuild with Go 1.21.
* SECURITY UPDATE: debug leaks credentials
- debian/patches/CVE-2021-28235.patch: blanks out password
- CVE-2021-28235
CVE-2021-28235 is fixed in upstream version 3.4.25.
Changelog entries since current noble version 3.4.23-4ubuntu2:
etcd (3.4.30-1) unstable; urgency=medium
* Team upload
* New upstream version 3.4.30
+ CVE-2021-28235 (fixed in 3.4.25): Clearing password after authenticating
the user.
+ CVE-2023-32082 (fixed in 3.4.26): LeaseTimeToLive API may return keys to
clients which have no read permission on the keys
-- Shengjing Zhu <z...@debian.org> Wed, 28 Feb 2024 17:43:49 +0800
etcd (3.4.23-6) unstable; urgency=medium
* Team upload
* Add a patch to skip flaky test that failed on 3/10 buildds
-- Mathias Gibbens <gib...@debian.org> Sat, 17 Feb 2024 00:31:39 +0000
etcd (3.4.23-5) unstable; urgency=medium
* Team upload
* d/control:
- Replace transitional golang-goprotobuf-dev package
- Allow golang-github-golang-protobuf-1-5-dev as optional Depends
* Add a patch to skip tests that fail in some environments
-- Mathias Gibbens <gib...@debian.org> Fri, 16 Feb 2024 22:07:53 +0000
** Affects: etcd (Ubuntu)
Importance: Wishlist
Status: New
** Changed in: etcd (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2055357
Title:
Sync etcd 3.4.30-1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/2055357/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
