zookeeper_3.8.0-11+deb12u2_source.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sun Dec 22 11:50:00 GMT 2024 

Thank you for your contribution to Debian.

Mapping bookworm to stable.
Mapping stable to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 16 Jun 2024 10:40:07 +0000
Source: zookeeper
Architecture: source
Version: 3.8.0-11+deb12u2
Distribution: bookworm
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca at debian.org>
Closes: 1066947
Changes:
 zookeeper (3.8.0-11+deb12u2) bookworm; urgency=medium
 .
   * Team upload
   * Bug fix: CVE-2024-23944 (Closes: #1066947):
     An information disclosure in persistent watchers handling was found in
     Apache ZooKeeper due to missing ACL check.  It allows an attacker to
     monitor child znodes by attaching a persistent watcher (addWatch
     command) to a parent which the attacker has already access
     to. ZooKeeper server doesn't do ACL check when the persistent watcher
     is triggered and as a consequence, the full path of znodes that a
     watch event gets triggered upon is exposed to the owner of the
     watcher. It's important to note that only the path is exposed by this
     vulnerability, not the data of znode, but since znode path can contain
     sensitive information like user name or login ID, this issue is
     potentially critical.
   * Add salsa CI
Checksums-Sha1:
 81ca0b48adc053850801ea043f46dd3d53e7587a 3824 zookeeper_3.8.0-11+deb12u2.dsc
 4bfcbf1098a8db98a496186edbcb4fec01fbf6b0 99540 zookeeper_3.8.0-11+deb12u2.debian.tar.xz
 9ef7d706aa4549ecb2d51c320eb8df694dd5e53e 24622 zookeeper_3.8.0-11+deb12u2_amd64.buildinfo
Checksums-Sha256:
 a41c5eef50f98609f2dc69a24625b06564131b68c723ed14e5f26dd8693995a5 3824 zookeeper_3.8.0-11+deb12u2.dsc
 c2fca81a9bf80b6bf93cdb78366a60e1d9e561fd664c85db7cddc21d200c9540 99540 zookeeper_3.8.0-11+deb12u2.debian.tar.xz
 205f527c55255f4610cbb404e7732c760d563ea7593d697324aa3738ec604f0a 24622 zookeeper_3.8.0-11+deb12u2_amd64.buildinfo
Files:
 c36edab4fa084f0e2137a90009627696 3824 java optional zookeeper_3.8.0-11+deb12u2.dsc
 484c36535d1f03f1791491d5ba5fd906 99540 java optional zookeeper_3.8.0-11+deb12u2.debian.tar.xz
 510b67344532ab429e8defaffbc42968 24622 java optional zookeeper_3.8.0-11+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmdn+ucRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/TGw/5AS+A2EuL/aQojYu4gD8h/tgQIGzfqgmC
bnqzpGBLG+sBROwjMNZ3H6UMLshruV9MReLQS2KybskRmA3n3ImKT9SRXchRate/
I7VSdl/wopU205AUuXYmYF0cL1PZ92RVVFHeXNJgz1mWOxjF/w8q8Fsg7ArFprwy
AEwKo/B7cqCYGzgInDW1DZbj1zse2HrD5Vf3vafFo3+HJ1dJjqka0kaWTAAhR7eB
ryUhlwjKyR0QvQZM6mcxKsg1bitidUBTQTiniQshfS30mWsENQ6MfDX5EfsCiUxX
D7wzr25/cp2/NuwxHqq1z1aE6/0Bw60K4ovJ+1BDMY7BE1vjycIhThM/xFBC0Uet
/bcIetxIKDdvoXWhYzapwQcgLr5JjOMhqxwjgoWqF59fxojTWE1MMmvWBq5YK2gT
3qbmFdLTReDk4bHUgAhQCV1qRYouyBF+O4O1TjOatUhynUFwcTel8wGxvcldwqZu
9f+1XT28OZQoGGmbmQwZmq/uUGWM9/096MCELih1d3u8wIuXeEC/pmYkU7hoDq4/
th7leGcJSY7Qf6A6Njaf7gEY6RQ6ZJFUwdshBa8DeYcyW2Mv3cUnH87WkmSBrYZ8
wRfJkP7A2Z/SXfLXtDt+lpMlbn+3tL/OmkiM7NX87++hjjl9nwhXXwbFuTSPbpzZ
OLBt09Ux/+E=
=Fsf6
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20241222/925c0016/attachment.sig>

More information about the pkg-java-maintainers mailing list