Your message dated Sun, 22 May 2022 13:48:59 +0000
with message-id <[email protected]>
and subject line Bug#991498: fixed in golang-github-pires-go-proxyproto 0.4.2-2
has caused the Debian Bug report #991498,
regarding golang-github-pires-go-proxyproto: CVE-2021-23409
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
991498: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991498
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-github-pires-go-proxyproto
X-Debbugs-CC: [email protected]
Severity: important
Tags: security
Hi,
The following vulnerability was published for golang-github-pires-go-proxyproto.
CVE-2021-23409[0]:
| The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable
| to Denial of Service (DoS) via creating connections without the proxy
| protocol header.
https://github.com/pires/go-proxyproto/issues/65
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMPIRESGOPROXYPROTO-1316439
https://github.com/pires/go-proxyproto/pull/74
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-23409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23409
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: golang-github-pires-go-proxyproto
Source-Version: 0.4.2-2
Done: Roger Shimizu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
golang-github-pires-go-proxyproto, which is due to be installed in the Debian
FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roger Shimizu <[email protected]> (supplier of updated
golang-github-pires-go-proxyproto package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 22 May 2022 22:35:26 +0900
Source: golang-github-pires-go-proxyproto
Architecture: source
Version: 0.4.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Roger Shimizu <[email protected]>
Closes: 991498
Changes:
golang-github-pires-go-proxyproto (0.4.2-2) unstable; urgency=medium
.
* debian/patches:
- Cherry-pick patches from upstream to fix CVE-2021-23409
(Closes: #991498).
Checksums-Sha1:
c1651fa5584fb85b3d20b82072ea836b7ad73884 2318
golang-github-pires-go-proxyproto_0.4.2-2.dsc
f9574df06b3d8262fa2ffdfad1d2e87ce33f52e7 8084
golang-github-pires-go-proxyproto_0.4.2-2.debian.tar.xz
cdd74c8f0e87ed3ce910ea2dd8247e67f5dd75f6 5773
golang-github-pires-go-proxyproto_0.4.2-2_source.buildinfo
Checksums-Sha256:
aaeddc560eacffb7e93520cb8ccfc66a8fb5bc6a7510eef06463ab0d9cc47a16 2318
golang-github-pires-go-proxyproto_0.4.2-2.dsc
5259c3836ee30f4155179d7467f982e0f540a4a459b35eb8a9bbaee9cf0307b6 8084
golang-github-pires-go-proxyproto_0.4.2-2.debian.tar.xz
9613af6ade2c0cf0c5f5dd516cc6d25e039f3dc4b3cdb447db299417fa3c65f7 5773
golang-github-pires-go-proxyproto_0.4.2-2_source.buildinfo
Files:
930ef95716d0c5aa98d8b791e8e88f60 2318 devel optional
golang-github-pires-go-proxyproto_0.4.2-2.dsc
67ab4a7606100dc2a47a05519d253a69 8084 devel optional
golang-github-pires-go-proxyproto_0.4.2-2.debian.tar.xz
728e645d27a032692d97d551e5470c60 5773 devel optional
golang-github-pires-go-proxyproto_0.4.2-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEECjKtvoA5m+cWOFnspHhrDacDNKgFAmKKPKAQHHJvc2hAZGVi
aWFuLm9yZwAKCRCkeGsNpwM0qIkeEACsXg6X5NR3wmMzlI1BZgIAys0E8W7T4DoH
OyaFkIMI4hgmBzzqQ2hF3dZlv+U2Pmbkpehrshir+mXARjE3mXczmJPYKOXPMNGN
hn4Qbu8qAdgQ5ST3J4qcjPHX8CGK3lTGra2gyPqEe776HcKXvN13Vlj22qUL2VZA
0TSVvq/YPAKNGcvs2ZM013L86tYB2/VWDqAg6A2C00yntUqq+UHhOfhK89rHENq+
hr7zJqFabmLTcs+vnEWFNOQ0iMNW2No9JMkLcKbPEZQvDUDMmjBlQdWSo/aZkzjF
/6B4gaD0g9O2EMUIci6SiJn0w06VnraO4x7Iw3ML4ujF7rzl2P6SVmei18fzWMTx
tgUdjS3VxiaSCDosrhnhouvJmopdLMZSd97zkKpbblA2D3R4fSrXB/BT3ngIlgnG
OMX4dE09CopmjtssEeCf/UTKNJpXld5f2BDA2NO8XmXYKoNuR9aVzeyHY09aCezU
pFwYKW/4W7WKoQYy+EOHJxVR/VDP6Be7rgrNtKsvg7oduZLtJ3h+W7IY2Hs4FSWQ
bhY14I9J14vDWm4P44qNOBc/WUPiQrJxMU527mjqs9OPCLkFPjzsVdx5lspL9exd
YfWwIYBQtkS9ar7zrofDwccztyAwOWds+ILbelZhg5AtaoHTui4Fht32/LXdmFdy
LmF0TOdMsw==
=7yHP
-----END PGP SIGNATURE-----
--- End Message ---
