CVE-2024-3049:
A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.
Depends on packages which need a new maintainer
normal
The packages that booth depends on which need a new maintainer are:
Among the 1 debian patch
available in version 1.2-3 of the package,
we noticed the following issues:
1 patch
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.