Your message dated Tue, 23 Aug 2022 17:35:16 +0000 with message-id <e1oqxo4-006nau...@fasolo.debian.org> and subject line Bug#1015218: fixed in consul 1.8.7+dfsg1-6 has caused the Debian Bug report #1015218, regarding consul: CVE-2021-37219 CVE-2021-38698 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1015218: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015218 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: consul X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security Hi, The following vulnerabilities were published for consul. CVE-2021-37219[0]: | HashiCorp Consul and Consul Enterprise 1.10.1 Raft RPC layer allows | non-server agents with a valid certificate signed by the same CA to | access server-only functionality, enabling privilege escalation. Fixed | in 1.8.15, 1.9.9 and 1.10.2. https://discuss.hashicorp.com/t/hcsec-2021-22-consul-raft-rpc-privilege-escalation/29024 CVE-2021-38698[1]: | HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint | allowed services to register proxies for other services, enabling | access to service traffic. Fixed in 1.8.15, 1.9.9 and 1.10.2. https://discuss.hashicorp.com/t/hcsec-2021-24-consul-missing-authorization-check-on-txn-apply-endpoint/29026 https://github.com/hashicorp/consul/commit/747844bad6410091f2c6e961216c0c5fc285a44d (v1.8.15) CVE-2022-29153[2]: | HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-37219 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37219 [1] https://security-tracker.debian.org/tracker/CVE-2021-38698 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38698 [2] https://security-tracker.debian.org/tracker/CVE-2022-29153 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29153 Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---Source: consul Source-Version: 1.8.7+dfsg1-6 Done: Martina Ferrari <t...@debian.org> We believe that the bug you reported is fixed in the latest version of consul, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1015...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martina Ferrari <t...@debian.org> (supplier of updated consul package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 23 Aug 2022 13:00:04 -0300 Source: consul Architecture: source Version: 1.8.7+dfsg1-6 Distribution: unstable Urgency: medium Maintainer: Debian Go Packaging Team <pkg-go-maintain...@lists.alioth.debian.org> Changed-By: Martina Ferrari <t...@debian.org> Closes: 1015218 Changes: consul (1.8.7+dfsg1-6) unstable; urgency=medium . [ vimerbf ] * Fix upstream url in uscan watch file. . [ Reinhard Tartler ] * Backport security patches - CVE-2021-37219 - CVE-2021-38698. Closes: #1015218 Checksums-Sha1: 3ecc395914407879583e23d7a0ff7368086b0655 5213 consul_1.8.7+dfsg1-6.dsc 1a7f5817d3d1ba203442435ab49b5101c0682c27 26352 consul_1.8.7+dfsg1-6.debian.tar.xz b9e9ff1033d336948e0bfeb901bab2e12bcdedd5 15360 consul_1.8.7+dfsg1-6_amd64.buildinfo Checksums-Sha256: 7986dfd42e747e882787ef22cd078ab6c18854b7e97b26f33c91ac5b18f6c067 5213 consul_1.8.7+dfsg1-6.dsc 2748cad2725dc54f6462bb6b2cc22bde6246f65cc2d4c3064723e2f901123ae0 26352 consul_1.8.7+dfsg1-6.debian.tar.xz e0a6aae1572d65eb4feb3ac24d09c6d61f6d48caf9dc60cf62b0be1dac3d4c80 15360 consul_1.8.7+dfsg1-6_amd64.buildinfo Files: f0346fd12a9b6cfd422e8b7122d82ff0 5213 admin optional consul_1.8.7+dfsg1-6.dsc 5477f0a11584a577607363028bad8046 26352 admin optional consul_1.8.7+dfsg1-6.debian.tar.xz 63eb47ecff2c81409434625e7f0ddb0d 15360 admin optional consul_1.8.7+dfsg1-6_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE2qbv8cYn6hwmsaaSqiMPxF+MJ7EFAmMFCn4ACgkQqiMPxF+M J7E1LxAAn1WweG2vt6kG9RAk5oasDZ/4yFia7FrYESsNXleAtndpnremFuzWnAJ3 s7k8slrJOjaW60b4oYrP9UkdMrSbcf0t5gUOdZ359Cum4dM3uq27wKgnDx/FqsIs 95lM9Cq2tpdnWZGwHDsfh9r4dKRZJOxEw6jhD0H17Rkx4gRtv/+VfWKDty/skI5r i4tWdQLtnEe/KaO8SULfxk9shGwvd6dXbDcxo/ko+ptH37/7qX+swiyXc+a5CovJ +UWpvJ0uc1w1+cVNRYMOGWYTQQl298YEAnDqkNnnVhvx0TmQJSLVRZ3oxl6ycHIR MomhlT31vcihFbaT4VaYl90FxZkR0Q+0iHvZk6tSbXDsqFYmIk5Ge3l8qwgb3hO3 SryRBIYlNLPM8nR+mgpTMy5sRMGI1nzGBn1mkc/C2i/vhBK660nAoqNa9Zn4RkOJ najgs3jQIQMtRKSRX6GKEGh6zgo30pyJb8keeNNJ+NmaAd5VCs0ES+ND9DCHmJkw /ANh1Lg5h3V+GQ8E7IsemsZQc+/J/uDBj5RxbmRTMj1v8yC32xzas+FFbcy3nt4/ XS/0mUAZ/WSxnbRDvdp+WmWVw4cMEyO1bqlA05awmN/rhFa/CLIuhThNOECuMUAI E3GTdLZMizdj+QHQrJQ8bA9DVwSwuWQHSLbe+29mo+tYs895IiY= =A+7W -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-go-maintainers mailing list Pkg-go-maintainers@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-go-maintainers
