Your message dated Sat, 25 Jan 2025 17:17:09 +0000
with message-id <[email protected]>
and subject line Bug#1037322: fixed in librabbitmq 0.11.0-1+deb12u1
has caused the Debian Bug report #1037322,
regarding amqp-tools: CVE-2023-35789: Process leaks authentication data
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1037322: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037322
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: amqp-tools
Version: 0.11.0-1
Severity: grave
Tags: security
Forwarded: https://github.com/alanxz/rabbitmq-c/issues/575
When passing authentication data with either --password or --url, the
data is exposed in the process list, where it can be seen by any user.
Example:
$ pgrep -a ampq-consume
62287 amqp-consume --url amqp://user:[email protected] --queue=myqueue
This is an upstream issue. I've filed a pull request upstream that adds
an option --authfile with which authentication data can be read from a file.
Best,
Christian
--- End Message ---
--- Begin Message ---
Source: librabbitmq
Source-Version: 0.11.0-1+deb12u1
Done: Florian Ernst <[email protected]>
We believe that the bug you reported is fixed in the latest version of
librabbitmq, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Florian Ernst <[email protected]> (supplier of updated librabbitmq package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 15 Dec 2024 07:32:03 +0100
Source: librabbitmq
Architecture: source
Version: 0.11.0-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Florian Ernst <[email protected]>
Changed-By: Florian Ernst <[email protected]>
Closes: 1037322
Changes:
librabbitmq (0.11.0-1+deb12u1) bookworm; urgency=medium
.
* [4e71ff7] d/patches/CVE-2023-35789.patch: added for addressing
CVE-2023-35789 (Closes: #1037322)
* [c4d0d0b] d/control: adjust Maintainer/Uploaders to match current
situation
Checksums-Sha1:
fc8b5d8ba304936c13652a33cc0f9369cf7dee19 2130 librabbitmq_0.11.0-1+deb12u1.dsc
bad98b49b288dee7acb6bb25c2769ee3df1638b6 11380
librabbitmq_0.11.0-1+deb12u1.debian.tar.xz
37a98d607f5cbbc7298d1258b1e618edfb6d2150 8501
librabbitmq_0.11.0-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
506615d681402c13de1323f1d4b4d971323d4389efd1514a50874959535ef876 2130
librabbitmq_0.11.0-1+deb12u1.dsc
209e1595ac20aff8672a4b079856bd52b7747a85e0b4763d73d559563742af0b 11380
librabbitmq_0.11.0-1+deb12u1.debian.tar.xz
4648dedf3970c7b4d7f5d133bf7971e8d5a4362b22fc7dc3635a8dce7a96783a 8501
librabbitmq_0.11.0-1+deb12u1_amd64.buildinfo
Files:
c39de2986a2d9e924f09323c74795bd0 2130 libs optional
librabbitmq_0.11.0-1+deb12u1.dsc
4708c4e0de4b470dbda05b43ffc66c8c 11380 libs optional
librabbitmq_0.11.0-1+deb12u1.debian.tar.xz
d82147ccef1397362659299c31c4f77c 8501 libs optional
librabbitmq_0.11.0-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEBn03XtJwVyplJ26xBjdBuvXdHs4FAmdeeEQACgkQBjdBuvXd
Hs4ChBAAnxIKdHR6e40iDyXBBoumnY0xreZScElvrDJeMh/0fhXKDGxyUkY6P2S9
+o3mUIuI/klj4JIesMXN4os7iTnNF0t1U9pkpPvPG2V3zNvKiBFphWNiEpXSgdYV
mfckQHT4eOnwupF9dDVVy0AL9I4jccr0AX9oz3HYKU5raafGHzf7FKzqX8+CS4gR
y+tilkCfK1dK8tfti1+LcxbLXoxDy7YeU0ydNhkBx/mckWeFKaHbU7Mj7MpuBj1q
RjT/NUDg4UDaw2ZhmlG9m+xVOM+jCtL+44n1t5zAHBqVRoTW+/aEkI16amhJq8HR
WTzYJP1aNBn8y6XY1tIcNV+rEvOK23m0VZ5kNu2ImFZHHhkEa6wM3DCpWpuFg2Tw
w3yIj5kGwfit9wjSzwbjJwBdU8tuT3N8c2eNopqfZ10T4ZMwEz803LgCoRRaq/79
jXWcBc0o4UjQ+bvf8iZ8cjY8/l5EVhCGZnPNB/E3POzLGB9/+UqFTAVMaLAOwwAs
QFFraUlD3tfUaOm7MXrzsAfxu8kVn0Ldu6GHYV0TAuQAKyy1JP3NfgH6Um4vvzul
489DHFzJIanBUzKu/SLxFAQhO7ctj+VM6iRuAnYDJJQmK9l5LN5cPnE7OCQbhyGY
evf1mOWHtVNlhfR/Z3D+rtFZjQcZ6pkJy44ykaeQ6DgCYdDeUNc=
=RbKC
-----END PGP SIGNATURE-----
pgplgP0HRDb4F.pgp
Description: PGP signature
--- End Message ---
