Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted zookeeper 3.4.13-6+deb11u1 (source) into oldstable-proposed-updates
Date: Sat, 04 Nov 2023 12:49:14 +0000
Signed by: Pierre Gruet <pgt@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 28 Oct 2023 23:16:44 +0200
Source: zookeeper
Architecture: source
Version: 3.4.13-6+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Pierre Gruet <pgt@debian.org>
Closes: 1054224
Changes:
 zookeeper (3.4.13-6+deb11u1) bullseye-security; urgency=medium
 .
   * Team upload:
     - CVE-2023-44981: Prevent a potential authorisation bypass vulnerability.
       If SASL Quorum Peer authentication was enabled (via
       quorum.auth.enableSasl), authorisation was performed by verifying that
       the instance part in the SASL authentication ID was listed in the zoo.cfg
       server list. However, this value is optional, and, if missing (such as in
       'eve@EXAMPLE.COM'), the authorisation check will be skipped. As a result,
       an arbitrary endpoint could join the cluster and begin propagating
       counterfeit changes to the leader, essentially giving it complete
       read-write access to the data tree. (Closes: #1054224)
Checksums-Sha1:
 cd54ff6306b6f2053cfb4020a9159d1aa1624059 3041 zookeeper_3.4.13-6+deb11u1.dsc
 8d1fed2574e8645060154fcffdf7918ea5858377 1970528 zookeeper_3.4.13.orig.tar.xz
 b650c655fd9b27811042e89fd48816a5fe08272d 63300 zookeeper_3.4.13-6+deb11u1.debian.tar.xz
 fdebce856845a509f7097da27586d02a58cecffe 19074 zookeeper_3.4.13-6+deb11u1_amd64.buildinfo
Checksums-Sha256:
 4c871960c79a09b9bbee6ef720deefb83a6be56414e23c5f77e18edadee04529 3041 zookeeper_3.4.13-6+deb11u1.dsc
 4f303a575a3e981d5ef8fe43a4fec157f320841a502eff96ae7cda902c278d2f 1970528 zookeeper_3.4.13.orig.tar.xz
 ea9f1710fce0a0f9913d0fb814d096d8805dab70fece5b087893be2a5c11e94e 63300 zookeeper_3.4.13-6+deb11u1.debian.tar.xz
 83b9c92db65d92eab232871e6189c971264765d304120d1c6efd9a8a3be341ae 19074 zookeeper_3.4.13-6+deb11u1_amd64.buildinfo
Files:
 4aea6814b61fd728b90990f2d86467b1 3041 java optional zookeeper_3.4.13-6+deb11u1.dsc
 a9fc5be7cbdeef5fb41bb87d58ce41bd 1970528 java optional zookeeper_3.4.13.orig.tar.xz
 0304ab044c5a96385ea1544f4d2ffabc 63300 java optional zookeeper_3.4.13-6+deb11u1.debian.tar.xz
 6b7810d9a65d8bd8d8ff367fe53bdff7 19074 java optional zookeeper_3.4.13-6+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEM8soQxPpC9J9y0UjYAMWptwndHYFAmU/tiYACgkQYAMWptwn
dHbFpxAAqjdkZM/UnHXcJ1heimeWZmGVBx1eJGAB2tec7aLsL3YWmP99sQuD18LN
FgaEIOj+54LaFxLyPAup0paCGoDH4kAXEYWWtyjaSX/+oCvOq8UCB0XxBaExs3q1
B0g5KMi2pL4WiK/WKee62PSRGSEVFiYDkuAqIElVK+19EwUotDxHDVZUU2bjNpsi
lkj6vGWU+5Whosk2JaIr6ixejMKBHDA6bYA++xnpO0SQuAekaWyqMXyAnkPJvOiw
octHwUgltAgBL0x6mwSsoa6J+09AxEY8MoDDUzegloDJ067a2dAOVK6N0JSQ0WHL
EhM2RjlaqczVs01EACToyHp/G5OdKuwErbkCHI/xSxMqJgVcnmj9S93fKsHoKcoO
aqJeDgTfRtFAx5c477vVzGBtIe87wFq6RWbs7pNM1vY+V7rbYMPkpvcOHfmkEDra
gjJ7Uc7McpUv3s6WdVdrh0uINiVH1RcZNhyZajyjw2lP4qCXU9ohXBtQXEpRklkq
RyZ/mozw1KpfXCROlrctf3pAeogIOt+dAtX7FqTVE8y//yJiDOe1lIzk+Lw4B6lm
sBKGuraMR4roCVXpfAVwj3E1tnHmtjjnDBRLgMG0pRo4YbmNGCMckQIbik20dyR5
WXNIMsTNnEFaVgyAFPY3J5yYMiihMho50f5VLp5kSOaDLBgUqus=
=CYax
-----END PGP SIGNATURE-----
News for package zookeeper
