Your message dated Sat, 28 Sep 2024 16:47:08 +0000 with message-id <e1suab6-002dhe...@fasolo.debian.org> and subject line Bug#1073249: fixed in booth 1.0-283-g9d4029a-2+deb12u1 has caused the Debian Bug report #1073249, regarding booth: CVE-2024-3049 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1073249: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1073249 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: booth Version: 1.1-1 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/ClusterLabs/booth/pull/142 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for booth. CVE-2024-3049[0]: | A flaw was found in Booth, a cluster ticket manager. If a specially- | crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an | invalid HMAC to be accepted by the Booth server. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-3049 https://www.cve.org/CVERecord?id=CVE-2024-3049 [1] https://github.com/ClusterLabs/booth/pull/142 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: booth Source-Version: 1.0-283-g9d4029a-2+deb12u1 Done: Adrian Bunk <b...@debian.org> We believe that the bug you reported is fixed in the latest version of booth, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1073...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adrian Bunk <b...@debian.org> (supplier of updated booth package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Sep 2024 17:03:44 +0300 Source: booth Architecture: source Version: 1.0-283-g9d4029a-2+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian HA Maintainers <debian-ha-maintain...@alioth-lists.debian.net> Changed-By: Adrian Bunk <b...@debian.org> Closes: 1073249 Changes: booth (1.0-283-g9d4029a-2+deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload. * CVE-2024-3049: wrong hmac might be accepted (Closes: #1073249) Checksums-Sha1: fd5e13358e1330b49f7fe5026f42e1b94a89c364 2422 booth_1.0-283-g9d4029a-2+deb12u1.dsc b55f0683dc967873d6fbba40d4b391ef4fa2184a 148731 booth_1.0-283-g9d4029a.orig.tar.gz b50b392ef5ee8f90423dd7093faacbc993738636 9444 booth_1.0-283-g9d4029a-2+deb12u1.debian.tar.xz Checksums-Sha256: 86541cc2c5518a1a65dc800027a756290f165679795e72b4d9a286c83a74beed 2422 booth_1.0-283-g9d4029a-2+deb12u1.dsc ba131c98e34adb08a33773fd40e0ac17ab4ad7c844b2c95cdd81e94fd88d355c 148731 booth_1.0-283-g9d4029a.orig.tar.gz 3db8586d5455fe05dbb2ff661c5844a30e2558b80a8f6d7fc5032ff76d846b49 9444 booth_1.0-283-g9d4029a-2+deb12u1.debian.tar.xz Files: 4b9b0cc6ba73ed1681f12d87563fdd96 2422 admin optional booth_1.0-283-g9d4029a-2+deb12u1.dsc 97674bcc445a0f429fd7f679534a7a1b 148731 admin optional booth_1.0-283-g9d4029a.orig.tar.gz 4a097f9e9f89efe544fee2c335dc2f97 9444 admin optional booth_1.0-283-g9d4029a-2+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmb0efMACgkQiNJCh6LY mLGR7w//fLdhYpqCrT1drawlSJ5oPLyMcqWEIQbSMiej8lzQ4pKUXGzwXCli6LZE RzRMt57il8xmkYJbqiqpWq8uTe/5UAMZgZxmB6J4Fb2q/1KZsClGrh2j2klQWa4i ePj7X2XoQiW2/8x2vbiZmUrZyxPc8yVdpERNMF7D5zngI4bQ0+mTXuQyzT7VhDGK l+TbGf7rBXVcJl7+0YBzv8bLNzK5Nv7ovdbS4AQUiCuYduD3DHjdcrrXl7Zr2Mf+ RxpqyiVJPb0Qyvco/hljzlXV3RyrEyE0InI7/LOichB9O4QWOQ6M/4wZBi0ZhTZl 8v9odrc5i5NV5JvP0OfE7Lsgo0cRUMgZuIMz8q01M8tkVWEA2mxiC/d4TYj9oUq5 YmUDJ3EIVZ7NOPEHHLoOrae4haTHSHGenijE7FI4i2cOWd3YUpokkgfcnFyzjfh8 XCVr/20JcA+ZnuvtttO1UFL4FcXjGjf4DUOklOZryHRo74uPa0uoPQq9oH/W1ILq dn8xVUcYmZnI6diyx/UGOYJi2cSK0qODkSwl1EP+2BaUh4+lXyGUHn2muBlvUcdg rEiQ/Jci14WdRZ1bXRIh2UX57rfa2M9qYiMkcWM9DI9bQb1hvpVamUcrw2f+Wm9F S8dQBuLuiDEdidMN1DuCA3ZrONkrXhU4aR3jvPUdu2ykmpZ8CVw= =tFul -----END PGP SIGNATURE-----pgpX9zdhNh5Ep.pgp
Description: PGP signature
--- End Message ---