-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 21:19:51 +0000 Source: zookeeper Architecture: source Version: 3.9.2-1 Distribution: unstable Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Bastien Roucariès <rouca@debian.org> Closes: 1025042 1066947 Changes: zookeeper (3.9.2-1) unstable; urgency=medium . * Team upload * New upstream version 3.9.2 * Bug fix: CVE-2024-23944 (Closes: #1066947): An information disclosure in persistent watchers handling was found in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. * Let sysvinit init script depend on networking (Closes: #1025042) * Add salsa CI * Refresh patches Checksums-Sha1: 3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc 3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz 86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz 7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 zookeeper_3.9.2-1_amd64.buildinfo Checksums-Sha256: 78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 zookeeper_3.9.2-1.dsc bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 zookeeper_3.9.2.orig.tar.gz 91572bf432f38cf5c4eb4570a79cbc9809963f961f1d6278360e86d3ae4c32e0 833 zookeeper_3.9.2.orig.tar.gz.asc 2d53d059e8a36d510c57d9c54c6b093b0f7e6b015e4fce4878f701b7883279b0 90740 zookeeper_3.9.2-1.debian.tar.xz db1e8b2985dc3e94a46bfbab463891d7054f224f6dab3493e8138d91607fc716 24964 zookeeper_3.9.2-1_amd64.buildinfo Files: 4787cb5820f605db03dea0be53a237f7 3788 java optional zookeeper_3.9.2-1.dsc e75afdf8f4f4da2ea5c861ba9e9448a8 4684368 java optional zookeeper_3.9.2.orig.tar.gz 376fb556cb78dd3b9891384275776efb 833 java optional zookeeper_3.9.2.orig.tar.gz.asc 5efcee1c0532665292233a2df907b21f 90740 java optional zookeeper_3.9.2-1.debian.tar.xz fc91796959d0c387650d9ded00a539cb 24964 java optional zookeeper_3.9.2-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYAo8MRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9j7Q/+KxQlu8DhAMx50G9gPPt4giIGayBDzLe/ F/AD+IVUoUQrRQA+TSKe08B40k6uUBeoySkk0sWxRHedVVB+ySs9mRTeePDw0+kR LlddjdoJgR3hGExE5arxrPfl58lOUJaaZvC8TTUn38Mx7wms6tgykQRKh+cVATmB PaLynLQg2zj0/tK7bVOM2GU7si6rpGv2mVEv4Qz+GcoMKCtHvt1FxhCMfnKsbl6f 4FtpcsHStb/wmT2IpAb4EktFiEoyZ+dL2eKuuB7JUHNtpEgGr4OhqQWZdK58+/OE rfSM/EClZ0yubkuSlKYN7r7B49p1BjF8jdSvIaFp/LF7seRpYKEF9dUZajhcctla qCm99ndNROkeLb0X6XjHQE0df5EYN6CyQFz1yScXAgiYQSUYwgsd6ihKJjOrRR0e 3U4HkmT+OOb0I18GW5Gj3sQlCEvhqe5nPeGSlS1XAXq81EMQmeIamiEda7KXkyH3 2r2/cGMpTQ6CULynj8juJjrBZzu8Toaupry1YX8j3TB/AxMzuz5XhVgCKtV3gTvc Yi/1V4tsMbjTMYqS3ojYZ9sxx5vAA457HDuAjvUBNrOxUCs/3Jb+7bTsyr/EJI/1 xgJBhkm9i3H4wYFnnyB9fRHFkd8ftakgmE2KViKe60aQFDQ/h+9SX80eOnvF/geZ SKMhB3qud3w= =eFEm -----END PGP SIGNATURE-----
Attachment:
pgp05X1aIvLYt.pgp
Description: PGP signature