Your message dated Thu, 02 Nov 2023 23:49:13 +0000
with message-id <[email protected]>
and subject line Bug#1055011: fixed in nats-server 2.10.4-1
has caused the Debian Bug report #1055011,
regarding nats-server: CVE-2023-46129
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055011: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055011
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: golang-github-nats-io-nkeys
Version: 0.4.5-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: clone -1 -2
Control: reassign -2 src:nats-server 2.10.3-1
Control: retitle -2 nats-server: CVE-2023-46129
Hi,
The following vulnerability was published for
golang-github-nats-io-nkeys, resp. nats-server.
CVE-2023-46129[0]:
| nkeys: xkeys Seal encryption used fixed key for all encryption
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-46129
https://www.cve.org/CVERecord?id=CVE-2023-46129
[1] https://advisories.nats.io/CVE/secnote-2023-02.txt
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: nats-server
Source-Version: 2.10.4-1
Done: Mathias Gibbens <[email protected]>
We believe that the bug you reported is fixed in the latest version of
nats-server, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mathias Gibbens <[email protected]> (supplier of updated nats-server package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 02 Nov 2023 23:26:05 +0000
Source: nats-server
Architecture: source
Version: 2.10.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Go Packaging Team <[email protected]>
Changed-By: Mathias Gibbens <[email protected]>
Closes: 1055011
Changes:
nats-server (2.10.4-1) unstable; urgency=medium
.
* Team upload
* New upstream release
- Includes fix for CVE-2023-46129 (Closes: #1055011)
* Update Build-Depends and Depends in d/control
Checksums-Sha1:
5c703ecdf52a3022a1102b76a43ab8c6f984e153 2553 nats-server_2.10.4-1.dsc
7027e5cacc784e4eaf5837c746bf710fcfede7f1 2013063 nats-server_2.10.4.orig.tar.gz
b2f7cac3ead789f875ecade0b67b332af8899ab0 3232
nats-server_2.10.4-1.debian.tar.xz
3fa0af1f957afa0311b81f2c188ac1d2d8e9673f 8055
nats-server_2.10.4-1_amd64.buildinfo
Checksums-Sha256:
5d643b563f8010a9a7876208642a051ac0c7c8a3cf77cf2a555e543a97870554 2553
nats-server_2.10.4-1.dsc
a6364f838ace0cf4109e8e67db4793d763b709f7a8c327761aeae44ead52e7fa 2013063
nats-server_2.10.4.orig.tar.gz
e1828f7dd8acafa37bf4f05a6a5e95d6fa61a90b5e73e1a982e7d12d9d28d44e 3232
nats-server_2.10.4-1.debian.tar.xz
dca809f911eca04b651ce6b7b77b3343bf55024b6decb5adb8bbc7e512dc2cd9 8055
nats-server_2.10.4-1_amd64.buildinfo
Files:
9101f0565530cf3c8f80ed2f1d18ea23 2553 golang optional nats-server_2.10.4-1.dsc
d4148e3f06c94e68e5d42fb28db9a3d6 2013063 golang optional
nats-server_2.10.4.orig.tar.gz
19670fb78e9004cb354648b034e58dbc 3232 golang optional
nats-server_2.10.4-1.debian.tar.xz
0b8fdb06b9c55c81157c35197efc2695 8055 golang optional
nats-server_2.10.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEE1Bp60H32xfynSJ8cKe7i1uz0QvkFAmVEMToSHGdpYm1hdEBk
ZWJpYW4ub3JnAAoJECnu4tbs9EL5G/0P/2PYAsvAN4A9gYYFQBs6yHnrifmpw2F4
o9NwT9jtIR/OofswGYrjNI6nM1YEmH5+qXoEmeBxbFCDFpGM5P1KYwpozcbwN6dt
i74Gy7BtP+UeTtiWH8NInvq6BPThb0aaQzcwoLvfMRvnLJDvKCFflf708JbiU77K
NQHQpIAo93vkL+b3VTW4KIy0SDrXi/wu2UiNtsDXEEP9s7FkwH07etF4w9hkEgEl
MDN7Jd9hJN3IxChI5rdjDoLPKg2aYeyNNaLMWKUznkR09Fe4CYfivVbRqWWKwfF0
2Bx/OsIOz6meRtysPyAVdjZJDvkhyabCH2BH0VtaGiQfJiAU5xZtXF8EToR3OVzN
erXmQcfnbDrZbVNcUtc/bjpdt26E4HYRtHLvWgT17HTeBtXodgIcIxzs9bku7Ojl
Tr/yc+D/NRqoiqQTCw1iD9mrrGIupSi9obZsW+xNWDFYpsKq11Rzv3g4jyT4Xq0G
K9vG2dUBG9jRkNp+pmBHH7JHxONs01s6jBW6KxM9/1JrUfnBIWzt6n4675U3DpnO
b1Ceuf1G919kRTPpq+yZ6v8MmqEm4Cjs0axGPcjx6YbWxqhdmXAQi6Ve9UKWzqQo
0Upc97ElaMOuzko+3rO7ZNKYSoq0as2jKRVweLoev1JlY001Gw9jRdOhPHpeQBSF
oibYu+nIjgn1
=7baq
-----END PGP SIGNATURE-----
--- End Message ---
