-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Dec 2020 19:03:02 +0100 Source: influxdb Binary: golang-github-influxdb-influxdb-dev influxdb-dev influxdb influxdb-client Architecture: source all amd64 Version: 1.1.1+dfsg1-4+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintainers@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: golang-github-influxdb-influxdb-dev - Scalable datastore for metrics, events, and real-time analytics. influxdb - Scalable datastore for metrics, events, and real-time analytics influxdb-client - command line interface for InfluxDB influxdb-dev - Transitional package for golang-github-influxdb-influxdb-dev Changes: influxdb (1.1.1+dfsg1-4+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-20933 By using a JWT token with an empty shared secret, one is able to bypass authentication in services/httpd/handler.go. Checksums-Sha1: 3268e077452383e4c3e9365bc773e4e3f24aae5c 3494 influxdb_1.1.1+dfsg1-4+deb9u1.dsc 64c75f55f1e87e2ecd6e081a780999a0963ac0fb 1324546 influxdb_1.1.1+dfsg1.orig.tar.gz 2d2af70702a982f2a692ce315959e59f024e2b8b 122780 influxdb_1.1.1+dfsg1-4+deb9u1.debian.tar.xz 8b9fc5ecbcbbfee6d50d4f8ec1b4535c31dfa621 832436 golang-github-influxdb-influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb be2534a8e2f9fe78a35687fe883a28784ac609e1 1193016 influxdb-client_1.1.1+dfsg1-4+deb9u1_amd64.deb 639aea26219341702b0850ab0c4ea48853d546e2 50742 influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb 8e72e18f94a2bbc91a81eb3235efbaa7443c75a1 11300 influxdb_1.1.1+dfsg1-4+deb9u1_amd64.buildinfo cdcab892da261acc37bd4cdbe29280a08063bbd9 2851638 influxdb_1.1.1+dfsg1-4+deb9u1_amd64.deb Checksums-Sha256: 7761e85ae1c3f33265b4a07b87364c56a84e233446bda616923838c475fc0feb 3494 influxdb_1.1.1+dfsg1-4+deb9u1.dsc a4aaef94acb4b86ae93d41121616654723321d23fe38c3dfce339b6c9f9b8b55 1324546 influxdb_1.1.1+dfsg1.orig.tar.gz b3ea736e008433beacfa64451b4103cfaf2b56d8f26fca357898cab9143aded4 122780 influxdb_1.1.1+dfsg1-4+deb9u1.debian.tar.xz 30b4913a2c4745724c79a6bd0ec963d8b17c7423154dbfb6941e2ed42c918b0b 832436 golang-github-influxdb-influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb 1580b7c682d815fe327c6f7c89b7ef7d497142c244d5173537317820e98ab066 1193016 influxdb-client_1.1.1+dfsg1-4+deb9u1_amd64.deb 1f6eb7d12a2c14bac4a82f905c748d0e37775a70131aa8fbc494148a2ffc8397 50742 influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb ca7d2418f4908d2fd45c6951f0725bb837d7af94b65925313a64d66672a573b1 11300 influxdb_1.1.1+dfsg1-4+deb9u1_amd64.buildinfo d9dc551c0bc528fd7135fdf9fc6b29856d796419109501cd8d75d39f38e75b91 2851638 influxdb_1.1.1+dfsg1-4+deb9u1_amd64.deb Files: 14bc90414e0205f3da144081f98ca731 3494 database extra influxdb_1.1.1+dfsg1-4+deb9u1.dsc 66a9766d7113d412ee6852edc702ccf7 1324546 database extra influxdb_1.1.1+dfsg1.orig.tar.gz afd933a18259ce35c82603c3498ce52d 122780 database extra influxdb_1.1.1+dfsg1-4+deb9u1.debian.tar.xz 28635f600d154959d9f5ee7700cea9e7 832436 database extra golang-github-influxdb-influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb d1a4bd136b16fd661c10fa2e7e031132 1193016 database extra influxdb-client_1.1.1+dfsg1-4+deb9u1_amd64.deb 483f272eb9766ae069e0ceb7b256ca7d 50742 oldlibs extra influxdb-dev_1.1.1+dfsg1-4+deb9u1_all.deb 946d329343c2feceafd57694f0da042b 11300 database extra influxdb_1.1.1+dfsg1-4+deb9u1_amd64.buildinfo f60233975824714a2877eb7635cd33e0 2851638 database extra influxdb_1.1.1+dfsg1-4+deb9u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/elPNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7DoEACpGpIoXQaNwMkxaHB4UOq/3lEbtVOw wOvVFmnaAM3i0pz9yxc4RpIL2dKdQs8bmDy1O5xrcgGbamRmO0jMzLjPlO6T1nEY hb31YWel31V2FhpK2QnUNgI6I7YGX0mOL6mbKSiaenpKUFbnXPBLUnCDh4cMXo/w ePkQH+PbkRIRazqpBbEe0unYYxLGu7qh3ebhMpYMR/cllrQcWmrK7OS8KXZ9ZBZ3 qODb8XRIgCGigAf0CIJM5SVe1rGro4nQFOP2K+eDpSVdwboLWN4u9iM+Y2atF7bV DszeqyFz0GVqri5A77+vvpJxEKAAAvkXTUIDz+Ya/yuHrzOMuvIQ3OkfwZcpnkyw lC/0ZTBhMh3NOjBywZgpR0ikqHBS6sslNXQKxiXl4DJiHTmYc5opa0QZDeJoe42i 79vQWOFnYPXLUuo3Akvl1eO8dKFnWFA+OvVnKxuU/T+oETajtUc0FHZv5XxbWPSJ yf/X3afkDAo7vl7csXQc4vRlqo8cHN0A9HgH+5tnF1X6A5UiGNR5sIFwWdXyxzfk nNYznXj8r5OE7SuG6SNedpSjVZwWf7NWjWcCRXNDxMjvTlZxrLLAM1U1pS3qdVPv DfuPIwCL9sgG+PoPkjWQqoigiemAo6mQ8AtjK22OTS0RsR96UgzYgnCZtecrt6Ml PgTrgiWcHAnOfg== =Cdwj -----END PGP SIGNATURE-----