Your message dated Sat, 05 Dec 2020 22:48:33 +0000 with message-id <e1klglx-00039d...@fasolo.debian.org> and subject line Bug#975584: fixed in consul 1.8.6+dfsg1-1 has caused the Debian Bug report #975584, regarding consul: CVE-2020-28053 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 975584: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=975584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: consul Version: 1.7.4+dfsg1-1 Severity: grave Tags: security upstream Forwarded: https://github.com/hashicorp/consul/issues/9240 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for consul. CVE-2020-28053[0]: | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed | operators with operator:read ACL permissions to read the Connect CA | private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-28053 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28053 [1] https://github.com/hashicorp/consul/issues/9240 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: consul Source-Version: 1.8.6+dfsg1-1 Done: Arnaud Rebillout <elboulang...@gmail.com> We believe that the bug you reported is fixed in the latest version of consul, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 975...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Arnaud Rebillout <elboulang...@gmail.com> (supplier of updated consul package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 03 Dec 2020 14:22:00 +0700 Source: consul Architecture: source Version: 1.8.6+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintain...@lists.alioth.debian.org> Changed-By: Arnaud Rebillout <elboulang...@gmail.com> Closes: 964873 975584 Changes: consul (1.8.6+dfsg1-1) unstable; urgency=medium . [ Dmitry Smirnov ] * New upstream release. * Build-Depends: + golang-github-coreos-go-oidc-dev + golang-github-patrickmn-go-cache-dev + golang-golang-x-time-dev (>= 0.0+git20200630~) = golang-github-hashicorp-go-memdb-dev (>= 1.2.1~) = golang-github-hashicorp-memberlist-dev (>= 0.2.2~) = golang-github-hashicorp-serf-dev (>= 0.9.4~) = golang-github-mitchellh-cli-dev (>= 1.1.1~) = golang-github-mitchellh-go-testing-interface-dev (>= 1.14.1~) + procps * fixed hclog-related FTBFS (Closes: #964873). . [ Arnaud Rebillout ] * New upstream release [1.8.6] (Closes: #975584). * Update patches * Add upstream git details, feed it to the build command Checksums-Sha1: d111ab672bd82cc61d370fe5a38f6ba35067fc15 5800 consul_1.8.6+dfsg1-1.dsc e09c539f31853e6f4969f16814663a08bfc4d65b 18434720 consul_1.8.6+dfsg1.orig.tar.xz b287f0de1f5ec06cf991995a08a53a62af3c22c1 21664 consul_1.8.6+dfsg1-1.debian.tar.xz Checksums-Sha256: 8678f8426bef510fd764671008fbd0bd31b4089d9419d58e062b93c9d102e3fe 5800 consul_1.8.6+dfsg1-1.dsc 91441eded2c935b7c0e978d0a85a6b3c212aabdd2c23fb49fb61367b50468b71 18434720 consul_1.8.6+dfsg1.orig.tar.xz 7a6ddb3de3fa764013894ef6d05029395a4673331ee13d81f7698fe1367126b3 21664 consul_1.8.6+dfsg1-1.debian.tar.xz Files: 4bd5e5936cb2bbdc34a37ae669451f32 5800 devel optional consul_1.8.6+dfsg1-1.dsc f0129cfbc0325931ac1096f5614e3382 18434720 devel optional consul_1.8.6+dfsg1.orig.tar.xz 68d139a0f46ce36a6937b9931c280541 21664 devel optional consul_1.8.6+dfsg1-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEMN59F2OrlFLH4IJQSadpd5QoJssFAl/MClcUHHNpcmV0YXJ0 QGRlYmlhbi5vcmcACgkQSadpd5QoJsseyxAAzx9BeFeDiJ1EXglVSM4A4EnOtY8n T1yJiHCYjwYSD+EhY6FM7hYKiKdRkI6CIV0M1TWW0Y5p8mlOkekPC80blfRT+5Yq PipawIMJBOtbLEGPlzCdgLGWVEfqq7kL2waq7cg+g1ZpLbvwNmDP1waCh2T8QeiM bpFgB/iFp84T1d4vbYv4JMQIFGEPsLWH7rii7s+nnwdg0/l1VFbcOJhYpBCM+TYv fr6z9Bl7ObH2c/2ZrfJKXu4yTgRHBd095It4/s0DuyvSAfTfKHh9QLT/yyZwstRW 1w9D2jjxKAu3vhRI6l3uvf71XNHrRhjjA1okVrxnp2Lm01GUtzSc079kgrIxuk/V QWVqRhVUQm/DoXRZMkw83SZUzkYWzNA3/AbJCwN26W6wY5Fnd5tOSXfi/vTqdWm+ 8qRl5qfeo1xvyqe5exwtwTm3ka8yWstQUim3e6wULVhAyJsnGgzllRBWIMYdqjzR Q4djw+QRtJFvB6j4M/ll2p3t98vPYPQtEhvw0PNAsCHSXORbwxBQ9XMZfpcxbRBE DtNGCfWl2opLGiKYBn055RtrtbFldzQnDQNiAH06GYOxm9bdqgSgg/1gEV9xC0gr BQiW/8TUfkUpgt/oVVQj2pZwVobPmK4R6uPp5BkACFY6BwbYc3nPbfU47K2zTi3I zqRGZ+4wTxS2GfQ= =A18B -----END PGP SIGNATURE-----
--- End Message ---
