Your message dated Tue, 11 Oct 2022 18:32:07 +0000 with message-id <e1oik2x-00hnrw...@fasolo.debian.org> and subject line Bug#1021139: fixed in barbican 1:11.0.0-3+deb11u1 has caused the Debian Bug report #1021139, regarding barbican: CVE-2022-3100 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1021139: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1021139 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: barbican X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerability was published for barbican. CVE-2022-3100[0]: access policy bypass via query string injection Only reference so far is Red Hat Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2125404 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-3100 https://www.cve.org/CVERecord?id=CVE-2022-3100 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: barbican Source-Version: 1:11.0.0-3+deb11u1 Done: Thomas Goirand <z...@debian.org> We believe that the bug you reported is fixed in the latest version of barbican, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1021...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thomas Goirand <z...@debian.org> (supplier of updated barbican package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 20 Jun 2022 12:04:47 +0200 Source: barbican Architecture: source Version: 1:11.0.0-3+deb11u1 Distribution: bullseye-security Urgency: medium Maintainer: Debian OpenStack <team+openst...@tracker.debian.org> Changed-By: Thomas Goirand <z...@debian.org> Closes: 1021139 Changes: barbican (1:11.0.0-3+deb11u1) bullseye-security; urgency=medium . * Add increase_DEFAULT_MAX_SECRET_BYTES.patch. * CVE-2022-3100: access policy bypass via query string injection. Added upstream patch: query_string_were_mistakenly_being_used_in_the_....patch (Closes: #1021139). Checksums-Sha1: 4da4dd6ee29718ae00d66c23c44d4869fd97adee 3670 barbican_11.0.0-3+deb11u1.dsc f71408566db91dcbf468f6917bc53cfcb7f5422d 479268 barbican_11.0.0.orig.tar.xz 71d86a0af8657204b65a9436adc7f322e7e8b3a0 11460 barbican_11.0.0-3+deb11u1.debian.tar.xz f3e7d23f8f863bf37e46e8706e4bc56ee52fd8a1 21819 barbican_11.0.0-3+deb11u1_amd64.buildinfo Checksums-Sha256: ae571649120d2468e055d02ff7a18fd7e9780fad190adea5ef35dc452d668ba0 3670 barbican_11.0.0-3+deb11u1.dsc aad3c143b1d2badfac0eeae6b78af275a9bb031c05c005de6e55bd212d9c33f7 479268 barbican_11.0.0.orig.tar.xz c7f278ca873cda8805711b049295cfacb48179d67dd879a999757d011ec7ecc9 11460 barbican_11.0.0-3+deb11u1.debian.tar.xz 6c4c339051194c53676183d90d32439a75324a3e51dd076ee917c7254eecce40 21819 barbican_11.0.0-3+deb11u1_amd64.buildinfo Files: d9526e0649405d015015ce6887327365 3670 net optional barbican_11.0.0-3+deb11u1.dsc efac4c90ea7f9efc1f97e1d441f25656 479268 net optional barbican_11.0.0.orig.tar.xz f6bcc7caf814a0d108a744e46e652653 11460 net optional barbican_11.0.0-3+deb11u1.debian.tar.xz 72f056a6c58e1bed66e331a231c29e92 21819 net optional barbican_11.0.0-3+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmM8ZVkACgkQ1BatFaxr Q/5f5RAAijpX9Oo7INThRZSyi6ZdCHCIdITxECoo0YXG6qDQhKsJs9zcgnV8cZPG p5ixozRUyGNlFj3wP7P0GcqaQRRukoFD7OFMJ3xLvVhrTIBhfKHMISkQSjHh/dV+ SZpSSHp2A8jntqdYxMJxK43+k8Qnsb1g4DiPub5vtDCFF4gsl+E5MHrC4epE62qi dQGdRQg0oOmeTSVT/Bhsu8u6zgLTPymdvPE9a1wcyQFIbej/iuLyGzIZW6DrxKdU cefDgimv9hHuZnut0NBf7AkRAFcJrzKevygOjrwkwVnXFaEO5LqkRShRqiteuPyI I3MkjbvFh+6xOQAYGHxYNIv2sruH5dMeXJAWtW1Rt/DEB3T4gHqn0kur4rqgT9d4 PMhIAtWU/Hh4kbYBfm/1oBEO3KWrI8fndop2D1fYdmwOJc6tNNrk/tU27sGheDgG HmPxGtNWwFiBuxEmJmf5uEOLYi+l45MND3/B6JmpExA863P1RwKbZAfZA8EVkxMw R4ektzz5pqAoDNiRopaq/jRPHp0VYN41M5aFXrvwkMPjGWTMnBkyDKqsZshnawkY 1bMWeQQ7ZkX+RjmbKWqXprDJp5V3r0hazNqD0zGz8WYZ5ESkF8qJ6L4QblECjnWQ YMNJKidy3yuy5HDbQv40cj4kZH3cGXY0QqD9iD7NpKZG1Rr2xHI= =KhZr -----END PGP SIGNATURE-----
--- End Message ---
