-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Mar 2024 21:19:51 +0000
Source: zookeeper
Architecture: source
Version: 3.9.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1025042 1066947
Changes:
zookeeper (3.9.2-1) unstable; urgency=medium
.
* Team upload
* New upstream version 3.9.2
* Bug fix: CVE-2024-23944 (Closes: #1066947):
An information disclosure in persistent watchers handling was found in
Apache ZooKeeper due to missing ACL check. It allows an attacker to
monitor child znodes by attaching a persistent watcher (addWatch
command) to a parent which the attacker has already access
to. ZooKeeper server doesn't do ACL check when the persistent watcher
is triggered and as a consequence, the full path of znodes that a
watch event gets triggered upon is exposed to the owner of the
watcher. It's important to note that only the path is exposed by this
vulnerability, not the data of znode, but since znode path can contain
sensitive information like user name or login ID, this issue is
potentially critical.
* Let sysvinit init script depend on networking (Closes: #1025042)
* Add salsa CI
* Refresh patches
Checksums-Sha1:
3c11da7860b08d7d6b1aa02edd5724cc8ee5023d 3788 zookeeper_3.9.2-1.dsc
3a4467abfa2401af9a5edd259b52e5bdb86190e1 4684368 zookeeper_3.9.2.orig.tar.gz
86d0c7e6ea1c2a06ac434613427934d9e07000ad 833 zookeeper_3.9.2.orig.tar.gz.asc
f0f2832dab05a8332fe6271b1ae0830882edc599 90740 zookeeper_3.9.2-1.debian.tar.xz
7e8adca2febc5790177093d17c57a1ab7ce63bf9 24964 zookeeper_3.9.2-1_amd64.buildinfo
Checksums-Sha256:
78cba7d05dec290e24b74f7349491232fedb585ae264185610bd6e4d703cb582 3788 zookeeper_3.9.2-1.dsc
bbdea19a91d11bc55071fdd7c83109afb6ee791a7b0733fde0baaa44029cbd77 4684368 zookeeper_3.9.2.orig.tar.gz
91572bf432f38cf5c4eb4570a79cbc9809963f961f1d6278360e86d3ae4c32e0 833 zookeeper_3.9.2.orig.tar.gz.asc
2d53d059e8a36d510c57d9c54c6b093b0f7e6b015e4fce4878f701b7883279b0 90740 zookeeper_3.9.2-1.debian.tar.xz
db1e8b2985dc3e94a46bfbab463891d7054f224f6dab3493e8138d91607fc716 24964 zookeeper_3.9.2-1_amd64.buildinfo
Files:
4787cb5820f605db03dea0be53a237f7 3788 java optional zookeeper_3.9.2-1.dsc
e75afdf8f4f4da2ea5c861ba9e9448a8 4684368 java optional zookeeper_3.9.2.orig.tar.gz
376fb556cb78dd3b9891384275776efb 833 java optional zookeeper_3.9.2.orig.tar.gz.asc
5efcee1c0532665292233a2df907b21f 90740 java optional zookeeper_3.9.2-1.debian.tar.xz
fc91796959d0c387650d9ded00a539cb 24964 java optional zookeeper_3.9.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYAo8MRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9j7Q/+KxQlu8DhAMx50G9gPPt4giIGayBDzLe/
F/AD+IVUoUQrRQA+TSKe08B40k6uUBeoySkk0sWxRHedVVB+ySs9mRTeePDw0+kR
LlddjdoJgR3hGExE5arxrPfl58lOUJaaZvC8TTUn38Mx7wms6tgykQRKh+cVATmB
PaLynLQg2zj0/tK7bVOM2GU7si6rpGv2mVEv4Qz+GcoMKCtHvt1FxhCMfnKsbl6f
4FtpcsHStb/wmT2IpAb4EktFiEoyZ+dL2eKuuB7JUHNtpEgGr4OhqQWZdK58+/OE
rfSM/EClZ0yubkuSlKYN7r7B49p1BjF8jdSvIaFp/LF7seRpYKEF9dUZajhcctla
qCm99ndNROkeLb0X6XjHQE0df5EYN6CyQFz1yScXAgiYQSUYwgsd6ihKJjOrRR0e
3U4HkmT+OOb0I18GW5Gj3sQlCEvhqe5nPeGSlS1XAXq81EMQmeIamiEda7KXkyH3
2r2/cGMpTQ6CULynj8juJjrBZzu8Toaupry1YX8j3TB/AxMzuz5XhVgCKtV3gTvc
Yi/1V4tsMbjTMYqS3ojYZ9sxx5vAA457HDuAjvUBNrOxUCs/3Jb+7bTsyr/EJI/1
xgJBhkm9i3H4wYFnnyB9fRHFkd8ftakgmE2KViKe60aQFDQ/h+9SX80eOnvF/geZ
SKMhB3qud3w=
=eFEm
-----END PGP SIGNATURE-----
Attachment:
pgp05X1aIvLYt.pgp
Description: PGP signature