Your message dated Wed, 05 Oct 2022 10:04:01 +0000 with message-id <e1og1fx-00d6mb...@fasolo.debian.org> and subject line Bug#1021139: fixed in barbican 1:15.0.0~rc3-1 has caused the Debian Bug report #1021139, regarding barbican: CVE-2022-3100 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1021139: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021139 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: barbican X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for barbican. CVE-2022-3100[0]: access policy bypass via query string injection Only reference so far is Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-3100 https://www.cve.org/CVERecord?id=CVE-2022-3100 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: barbican Source-Version: 1:15.0.0~rc3-1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of barbican, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1021...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated barbican package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 05 Oct 2022 11:34:10 +0200 Source: barbican Architecture: source Version: 1:15.0.0~rc3-1 Distribution: unstable Urgency: high Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 1021139 Changes: barbican (1:15.0.0~rc3-1) unstable; urgency=high . * New upstream release: - fix CVE-2022-3100: incorrectly parsed requests which could allow an authenticated user to bypass Barbican access policy (Closes: #1021139). Checksums-Sha1: 305fbd01040f41ea3dae0db10bc0a213777a7b94 3716 barbican_15.0.0~rc3-1.dsc ead0807662c8127c3a485bc4462d722da8f1c9a1 490716 barbican_15.0.0~rc3.orig.tar.xz c309ca01da139f718dfde00c96e843d647ba7c3f 10200 barbican_15.0.0~rc3-1.debian.tar.xz fdbecc0c78ab242369211dc1ad2fc38bf4ab90a9 21969 barbican_15.0.0~rc3-1_amd64.buildinfo Checksums-Sha256: 543a11b4dcd643e0437970d01b3cb5b1332c8b1899b8ae109f2dfab029e8fa78 3716 barbican_15.0.0~rc3-1.dsc 9dd0c235aa0eb4dd5152ad961aa82e401566ee32aa0e6c59888648787e13838f 490716 barbican_15.0.0~rc3.orig.tar.xz d585f154b7718434539b40f50ea025ccdb9d62dd2501c4e1999f1aa35b15c7d3 10200 barbican_15.0.0~rc3-1.debian.tar.xz 335b1f0f52ed63df06a53bf403f32a77d17aae3c78286871bec5b8bfd60f1aa8 21969 barbican_15.0.0~rc3-1_amd64.buildinfo Files: 8f7b5ba1c9343ceec7dd1dc8bca381e4 3716 net optional barbican_15.0.0~rc3-1.dsc 8e4e03332a4e50edde2a4e480eeef489 490716 net optional barbican_15.0.0~rc3.orig.tar.xz 906a4befcbc52690f6e542f8f46b9f23 10200 net optional barbican_15.0.0~rc3-1.debian.tar.xz d8dcba4f8f1557002fcea98a07c776a7 21969 net optional barbican_15.0.0~rc3-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmM9UW0ACgkQ1BatFaxr Q/6xnw//aX8j2upyUsy/210s7SydSZwcezuYFO4Kpz/oSD0CXUc/erfusH6XG0fT LshDSkfy3MEkaOkpVXoKUKJGdEhX0fIghu7LJPrrAKwXa6MMREmvhcx7tQdglUk9 k7W+LVN3DJrKSKg4AgJHhU/N4FpFy+mXQgPPzV0l4abWT3T69tYK6RRiGxD+zcIG gBukGctVU7PVu/Jx8jfeG7cZoxmFTngCGZFgxATYURbd7cADdVCILy1EA3C0YK+m 8ffOHYD0gs3urJbteLBqb9B6F09RTFKWI49aTLcqcuBrIiHzdKgjEh3N42N7XmVj XhdUaEiHVoUXiSGElNbPRo+6JqrNmY9aa/6I9k80yoUAEXIMzjUQackmfBGYGpWc ZKH7D1bfZe7Dq2U4mGDuND0+Au7AElR93XkgjTPlf7cszOnpEps9KP850T0FGHD1 0RiuWrB4Y6ReGdYExGpys3Pp8OrW8sE3bNOMWGtjdKUUFJEvO/JwkyOYsebi6+WR K3CLVxp8DCAnfbGrK9o7IcPMh/a3EtE22rZkcXlKTLID7BA1PCFNgEndpQdcK4wk tTFUfJFTqpn+ZjYMExSwIUcfh9itFcfeLo6Rvh80oeN0xQ82rNmA++xhfaWjuHPs xv9TUNeGU/5tNuHLsTerqUeeaoZXVMfKz4zGF1LWJEnUgVk86qY= =pJrY -----END PGP SIGNATURE-----
--- End Message ---
