Your message dated Wed, 23 Apr 2025 03:20:02 +0000
with message-id <e1u7qey-00azp1...@fasolo.debian.org>
and subject line Bug#1035498: fixed in golang-github-gin-gonic-gin 1.8.1-3
has caused the Debian Bug report #1035498,
regarding golang-github-gin-gonic-gin: CVE-2023-26125
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1035498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035498
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: golang-github-gin-gonic-gin
Version: 1.8.1-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for golang-github-gin-gonic-gin.
CVE-2023-26125[0]:
| Versions of the package github.com/gin-gonic/gin before 1.9.0 are
| vulnerable to Improper Input Validation by allowing an attacker to use
| a specially crafted request via the X-Forwarded-Prefix header,
| potentially leading to cache poisoning. **Note:** Although this issue
| does not pose a significant threat on its own it can serve as an input
| vector for other more impactful vulnerabilities. However, successful
| exploitation may depend on the server configuration and whether the
| header is used in the application logic.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-26125
https://www.cve.org/CVERecord?id=CVE-2023-26125
[1] https://github.com/gin-gonic/gin/pull/3500
[2] https://github.com/gin-gonic/gin/pull/3503
[3]
https://github.com/gin-gonic/gin/commit/81ac7d55a09e34013225db0aeac6e70c1ae68928
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: golang-github-gin-gonic-gin
Source-Version: 1.8.1-3
Done: Martin Dosch <mar...@mdosch.de>
We believe that the bug you reported is fixed in the latest version of
golang-github-gin-gonic-gin, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1035...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Martin Dosch <mar...@mdosch.de> (supplier of updated
golang-github-gin-gonic-gin package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Apr 2025 02:58:11 +0000
Source: golang-github-gin-gonic-gin
Architecture: source
Version: 1.8.1-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org>
Changed-By: Martin Dosch <mar...@mdosch.de>
Closes: 1035498 1037530
Changes:
golang-github-gin-gonic-gin (1.8.1-3) unstable; urgency=medium
.
* Team Upload.
* d/patches: Add fix for CVE-2023-29401. (Closes: #1037530)
* d/patches: Add fix for CVE-2023-26125. (Closes: #1035498)
Checksums-Sha1:
bca1bcc75f2d919b2de34aaae7e2aec5eee2af53 2563
golang-github-gin-gonic-gin_1.8.1-3.dsc
7db7ae7d67ff46dda22f39ba4e7588baca45b6cf 161688
golang-github-gin-gonic-gin_1.8.1.orig.tar.gz
0f5acbf0a71ffd880c651adfeb95aeeaa1d56fee 7096
golang-github-gin-gonic-gin_1.8.1-3.debian.tar.xz
f560241f50e8f809e09e74967693f3b34a8320cb 6885
golang-github-gin-gonic-gin_1.8.1-3_amd64.buildinfo
Checksums-Sha256:
fdedc19677b215b41a3b0cd85b676432a7a8fd304709cb17ba2247741210f573 2563
golang-github-gin-gonic-gin_1.8.1-3.dsc
9f6a9a6c2b96c323902d8ee1728152bafdf1894130554a93af5d3f1807c0403b 161688
golang-github-gin-gonic-gin_1.8.1.orig.tar.gz
b37f89a2329333f25d7c17828deb176ef2fa0c4bd6f79b9176c99c0727aa7b3c 7096
golang-github-gin-gonic-gin_1.8.1-3.debian.tar.xz
e8aa683ca2201e879c478edaf71d51ae96684a85b1f4d7cbf644a25a4836c923 6885
golang-github-gin-gonic-gin_1.8.1-3_amd64.buildinfo
Files:
e682a29ba5a90b5aeb8acd01d097e361 2563 devel optional
golang-github-gin-gonic-gin_1.8.1-3.dsc
a31b44a83d663474027423825ac98369 161688 devel optional
golang-github-gin-gonic-gin_1.8.1.orig.tar.gz
2dcca3f2261c08900e61879373efc283 7096 devel optional
golang-github-gin-gonic-gin_1.8.1-3.debian.tar.xz
d8918ef5e1ce0304d719eca1ecaf0bc4 6885 devel optional
golang-github-gin-gonic-gin_1.8.1-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmgIV/0SHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5puQP+wZNA3ZkbldXqIZMmJSvCOMOmeIOg3av
QjAiBRcBintpqRU9SRmMMWi1JVEazToiuzZD+MdZOQDVHTCNX6uUSpMiQDzjFmUI
rfJva2fEXjzbxo6HsAnQaDjWs5vyDaju1dQd2u6t0qw/ECGODcwDWElVYKyvgJQ7
oiitWG0+DMsyZEHs7u2MwNmglYTLv8SCXspIvDwwouqJfaSIluIr7hbCZi7sF/i9
t/OV/q0prGHFB+qYlyjLF6iL5nS3QDwFkeczfb2Z1wubpjHVwtPlB7cjYAzkNbqW
ltGAICc/X4lXaoQA9u3J92tQH4lGYgxj/iJR3+PieAHixAeK/91WXmGBeZChMOdE
VdFc4zoHmsMBN0jMNey5w9nhgoVFwX0ZCugSQ6qXjUt3bf1Xk5j8x8pYgCF0Z+gQ
H4Dy6BeNMqFTviReU1YVbbgAtPps+3g2q53LL45uAd020hR5F3aBjPxTWojXBTp6
5o+9lBP+FQ0nOBo9B4pZF9zydTc8tET62WHjMi6hjDkXDjleLbBSEv4l4G2Z0E79
sdOSqWOwXW4dxfbtLIrKBWLZu19vBG2AkthZFk/pmnknfwSJb6hOiPVulPD4/4Cw
QdoDj/lzvttpmdHuN/MdswwgxWNBpPREPmeZwZ2RRLXFxzW0bFoxgfXfDAhvkTsM
1dGPfi7jEROs
=ItBR
-----END PGP SIGNATURE-----
pgpebffhpFQCI.pgp
Description: PGP signature
--- End Message ---
