Your message dated Sun, 14 Jul 2024 21:49:30 +0000
with message-id <e1st762-004d3k...@fasolo.debian.org>
and subject line Bug#1073249: fixed in booth 1.1-2
has caused the Debian Bug report #1073249,
regarding booth: CVE-2024-3049
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1073249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073249
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: booth
Version: 1.1-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://github.com/ClusterLabs/booth/pull/142
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for booth.
CVE-2024-3049[0]:
| A flaw was found in Booth, a cluster ticket manager. If a specially-
| crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an
| invalid HMAC to be accepted by the Booth server.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-3049
https://www.cve.org/CVERecord?id=CVE-2024-3049
[1] https://github.com/ClusterLabs/booth/pull/142
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: booth
Source-Version: 1.1-2
Done: Valentin Vidic <vvi...@debian.org>
We believe that the bug you reported is fixed in the latest version of
booth, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1073...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Valentin Vidic <vvi...@debian.org> (supplier of updated booth package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Jul 2024 23:29:30 +0200
Source: booth
Architecture: source
Version: 1.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers
<debian-ha-maintain...@alioth-lists.debian.net>
Changed-By: Valentin Vidic <vvi...@debian.org>
Closes: 1073249 1073718
Changes:
booth (1.1-2) unstable; urgency=medium
.
* d/patches: add fix for CVE-2024-3049 (Closes: #1073249)
* d/install: move systemd files to /usr/lib (Closes: #1073718)
* d/control: update Standards-Version to 4.7.0
* d/control: update Build-Depends for pkgconf
* d/lintian-overrides: cleanup unused tags
Checksums-Sha1:
d78fdccb7b05202a6b1608a5861e037af96f5764 2321 booth_1.1-2.dsc
72e6d9202f813779c04d3c43b5751de129e2726e 8892 booth_1.1-2.debian.tar.xz
910f46edda909cda69bb225e5d84c1c3c5d6753d 7552 booth_1.1-2_source.buildinfo
Checksums-Sha256:
cb8f0d3a86891da66c0537bb6f80bd7093006bd6b6ac95f0c0092f532d5814c7 2321
booth_1.1-2.dsc
7c70fa35d0098cb696b7ce76a25569b4bde8d69a1d424ab54fc4253d11d1d3be 8892
booth_1.1-2.debian.tar.xz
e8ef25425b64016a212acd7d8d2815de4635507a1a7b3d8f87e0dea4313f4d94 7552
booth_1.1-2_source.buildinfo
Files:
241078ac851f9f07714be649125ca086 2321 admin optional booth_1.1-2.dsc
4885ac0b48c87d9462ef2b4f5a4e5515 8892 admin optional booth_1.1-2.debian.tar.xz
62f77e1864668401f0c86707d1cc69f1 7552 admin optional
booth_1.1-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmaURwYSHHZ2aWRpY0Bk
ZWJpYW4ub3JnAAoJEDKH2JqXzah7/HYP/jrq83HF+d1gQeBh76h1cFiEUTA/df0e
3h6yz6jcH3XvdbVKA7T1+5k0D/dYA1DSPFXrgiBQvs3/zKeAV22NwWprg1k+6cLZ
ikN3Fz0w5IKaWJvqZ+Y+zJagcVlEOF9kK4wvSYiMEvOJsmCmLreYHp8tgMdBzSfU
aU+aIxPGLaRX80NUcIpkbeE/3yMXal8Bb3ewNxaRpCmjN6r5nj+PGijHicgEKdH8
cfihDtw3kxh87PHvFYIesvldVznJjyq3nhfKBQNpWlGOm4+QqI5dkJbFCnD/kX9Q
z6zlGG0VFj9b3wkp3gIPpno5WJqeZGyMYQNIfxsev74bo9plE3pTktKwzbRjhvrp
hnN7Qhix6itGNIX+/MGbgeOjZkiqAZSqwUE14XXNbOWsV8uf6D58Wuuj6zvkkGv6
yZLf87BFHXQXXjLTVmeAQKQD5WF7Gt0HXyA6nSi1DpuU8uovwRtBJbio+N/5R7v4
KUPvU6Sf9wY7xjYz+wAv2tT1voyfmsN8yUaEIAZycBZ218dOkRqFYUsmVMv0it7P
4vHMdftpMnDMsoadI9CKl+zYwHnq4lyXGKORsK1bYufZ+5DqXKJ4ullHOhb9ezgV
wwgK7a8U8/+3nLqPKBKgU0G2T5Te4cKgcQ163e2vOpSh8cOVdCJP2faO6Qwcc7+6
ecz0ulXImqCz
=10I+
-----END PGP SIGNATURE-----
pgpG5fLPCge5t.pgp
Description: PGP signature
--- End Message ---
