-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 27 Nov 2023 09:21:56 +0100 Source: rabbitmq-server Architecture: source Version: 3.8.9-3+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Closes: 1056723 Changes: rabbitmq-server (3.8.9-3+deb11u1) bullseye-security; urgency=medium . * CVE-2023-46118: Denial of Service by publishing large messages over the HTTP API. Applied upstream patches that introduce a limit of 10MB: - Reduce_default_HTTP_API_request_body_size_limit_to_10_MiB.patch - Introduce_HTTP_request_body_limit_for_definition_uploads.patch (Closes: #1056723). Checksums-Sha1: 8079f2ea54548419a6883cbcc52c5eb88fe41410 2696 rabbitmq-server_3.8.9-3+deb11u1.dsc dc945062816536124f0c2d6ac32d15c61d0b2f2a 3074468 rabbitmq-server_3.8.9.orig.tar.xz cea2ca8c33db72c6fe2ddc3fd3d4b1b4ab79d841 24012 rabbitmq-server_3.8.9-3+deb11u1.debian.tar.xz 97146e1140a47b954eb35d05016ce05c05e37f85 8789 rabbitmq-server_3.8.9-3+deb11u1_amd64.buildinfo Checksums-Sha256: 01868179878a56c64c08ef930c5b52e587be486390481c7d40f05ab6b246aae8 2696 rabbitmq-server_3.8.9-3+deb11u1.dsc 1b4b764e2f1af29b464b3354f85d360fd505a1b10cb7155fc90816921315452c 3074468 rabbitmq-server_3.8.9.orig.tar.xz 0aa4eb763150e458df6e2cb51ab22bc3dd51e0193f9cac8e020476bafb13a5f4 24012 rabbitmq-server_3.8.9-3+deb11u1.debian.tar.xz 6b4445c57c8a2c587fb4b834105aae25f7811c3ccf7c1ef7ae759f85c4a3b6bd 8789 rabbitmq-server_3.8.9-3+deb11u1_amd64.buildinfo Files: d9c7f16e6248b7d939c968ba47c78330 2696 net optional rabbitmq-server_3.8.9-3+deb11u1.dsc 15ac61eb000efd9c76c11fd886dd8035 3074468 net optional rabbitmq-server_3.8.9.orig.tar.xz e80b2d92d560e86cb36c20622cb7ba23 24012 net optional rabbitmq-server_3.8.9-3+deb11u1.debian.tar.xz b03514a546c8129e840701802c88370b 8789 net optional rabbitmq-server_3.8.9-3+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmVoO/YACgkQ1BatFaxr Q/4JKw/+NWiD8SWGtRh9FXi28Q0DJyEsMaMkhRcQKng0GlclR8ikdbVh9mG6bHGx RDxjJj1+vB9OYntMlt6eK4KIldSLz/02uJzbsDamvAap3FaNWApm+FkePROguRB+ Ro7lQlc2p4Vosl3yJSU9emJGYlPVOFbdeYbm86r8/oTW2oMxa+cg6xNMBOtpBzET E2l64CRmJ8B7VohOpdfFr+0WiV2M8jMgIaT+8HBZuua+gsxv8aSPC0S5G/HM+Cqm KqbSc17Gve2q2sroGQ5ZSAspe2Ijjcpm1nBmRa/QSCla4EEKRJWwlhpbfolnIio9 Ti251n4kf3quNsaQ19Pm4n1biYTj93mLkMU0+o0fVkgKgwhEkWsKVnc04jLV9pSt +SUuBoLtTVre8zmYUfyVO31SkX2jey72dXxLPD8tRAWHEnh1wrfhuMmDNUYW89k9 0SydYEi4jh3Y/4LbcKRSb9nUMgYU0Dhz1J6zr89aYq6pa19p4XBmYrFs18wKOHVu cDifSc/Ad19XGmWZxq2QUjkWfUVSS/q+XvrkuC4jAuCAYb48vGpl2e9G8B5KtqUw doh0k8tMyGn9INV1BhmD0rknI1/mmR/Nmr5hoUswFsaqMR6s6wYWiH6orHyc+x3q in1vTXAcftu8YRkSkinQlJtL0KuVJFFCTNYdqnjbqI0yMIZwMu0= =Dk6l -----END PGP SIGNATURE-----