Your message dated Sat, 23 Feb 2019 21:34:12 +0000
with message-id <[email protected]>
and subject line Bug#923008: fixed in etcd 3.2.26+dfsg-1
has caused the Debian Bug report #923008,
regarding CVE-2018-16886
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
923008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923008
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: etcd
Severity: grave
Tags: security
Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16886 and
https://security-tracker.debian.org/tracker/CVE-2018-16886
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: etcd
Source-Version: 3.2.26+dfsg-1
We believe that the bug you reported is fixed in the latest version of
etcd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Shengjing Zhu <[email protected]> (supplier of updated etcd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Feb 2019 02:26:48 +0800
Source: etcd
Architecture: source
Version: 3.2.26+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Shengjing Zhu <[email protected]>
Closes: 923008
Changes:
etcd (3.2.26+dfsg-1) unstable; urgency=medium
.
* Team upload.
.
[ Arnaud Rebillout ]
* {Build-,}Depends on golang-github-xiang90-probing-dev (>= 0.0.1~)
* Build-Depends on golang-any (>= 2:1.10~)
.
[ Shengjing Zhu ]
* New upstream release v3.2.26
+ Address CVE-2018-16886 (Closes: #923008)
Disable CommonName authentication for gRPC-gateway
gRPC-gateway proxy requests to etcd server use the etcd
client server TLS certificate. If that certificate contains
CommonName we do not want to use that for authentication as
it could lead to permission escalation.
* Remove pgpsigurlmangle in debian/watch.
Upstream didn't sign the source tarball since v3.2.26
* Update pkg-go team address to [email protected]
* Update debhelper and compat to 11
* Update etcd server default env from upstream docs
* Remove etcd-dump-db, etcd-dump-logs in etcd-client package
upstream didn't provide these tools in v3.2.26 tarball
* Add golang-go.uber-zap-dev to {Build-,}Depends
* Remove socket files created during test phase
Checksums-Sha1:
bb25ff5bd7d7282b6f08ebf05b97f1cc74f6def3 3322 etcd_3.2.26+dfsg-1.dsc
34361315751680213f0f81eaedc3fecc5ce0f952 1003372 etcd_3.2.26+dfsg.orig.tar.xz
0a6a907c1db12db006ea201218cee9f2c7de9951 22136 etcd_3.2.26+dfsg-1.debian.tar.xz
bbf08337c151ff9d304df91ea8b334f005582903 12104
etcd_3.2.26+dfsg-1_amd64.buildinfo
Checksums-Sha256:
8060d0d75c45114608c6fe32ac52100616199a1bd817c99c6a09ef383553219a 3322
etcd_3.2.26+dfsg-1.dsc
b372c18626b884ce810cc1086a9eec7019967776e03d6b91151064398a4bb2fa 1003372
etcd_3.2.26+dfsg.orig.tar.xz
8edb9215addc981c7061d433cc6a2c19d76e95765da8ce7488b81d5335642175 22136
etcd_3.2.26+dfsg-1.debian.tar.xz
cc689ed3d823bdc29e5f5d9e7259792b8fa5d77f0e7836fd8ab4234458917a36 12104
etcd_3.2.26+dfsg-1_amd64.buildinfo
Files:
f22ac2e27a38055263d1280d411bdb20 3322 net optional etcd_3.2.26+dfsg-1.dsc
c0b93d28d7551fabc825b1678c95e2bd 1003372 net optional
etcd_3.2.26+dfsg.orig.tar.xz
b32fb415fae778820b3db4ce17472a11 22136 net optional
etcd_3.2.26+dfsg-1.debian.tar.xz
429ee8547a397da7a6e940ae9f458581 12104 net optional
etcd_3.2.26+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFEBAEBCgAuFiEE85F2DZP0aJKsSKyHONAPABi+PjUFAlxxpgEQHHpoc2pAZGVi
aWFuLm9yZwAKCRA40A8AGL4+NWl+B/9FwSWXNYmxlNjxacO0olaAHXjhvIPwbWYX
8XGO9F5SPlCUPuVSV8S25lwwtAot4/b/fR354KdLS14ptltykO4n2Y10y09Y26rT
hepByVoFiCp5jdpzNdzaC+cLzDfPYZq+W9EqWs9NmRFLk6jD7embRram1GH2gvDj
MxO3vzkU6dXpXT++I70EkIIxe88j1UDKCfWeNxVnaf6ZHtlNCV2+zY++ocwxzSr0
19k/wFD8E8xk0cpipd/KhFGs5lYk/V6VZUBVXWdxja0c+7hltwdnc7SkpgTEbzSj
XV4kr9ksh1JqYQvNBrPE0cprYqBbURqW2zLT0bbLfsAoR6ubfB59
=G+5f
-----END PGP SIGNATURE-----
--- End Message ---
