-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3136-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 04, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : barbican Version : 1:7.0.0-1+deb10u1 CVE ID : CVE-2022-3100 It was found that Barbican, a service for secret management and storage, was vulnerable to access bypass via query string injection. For Debian 10 buster, this problem has been fixed in version 1:7.0.0-1+deb10u1. We recommend that you upgrade your barbican packages. For the detailed security status of barbican please refer to its security tracker page at: https://security-tracker.debian.org/tracker/barbican Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmM753wACgkQnUbEiOQ2 gwIEThAAwPx6MVCnmlgQ5z1MlOqOm8d6RI0WFb5zhD/m/s0zpK5rCWoSEY5ag9QM s5tebyF/q8G41ftRrwAbWYMUpbre+EpjV22kg7YZdx0g9Rt3sy19KS+95ud6ONwO 5gjPbbXEaX2Ji2QAknq+uRCGAVVcalUb+5+ACO6K2VFfV2sKzDSOhS7RXqhUsDLo oqBAffZZwHm7+mM3lj8+SF2DZLy8oVPjmj3GvQBcjbPvIHfaYw1tLqJW9YY9Ep0c yUh+x5HtPYjrgbhoTYh/kW26ZAzJ6qK7uKTf4nCt0pIsmh+ZuLYDin0zNFI0P26u ZknFfhloG2T42x7AHVxzGqdxISM/okUwQbsPMqI7Olcians1NeifNeiP9EcGuHnR AbXSkZ5THzQkHZfO/hajqJWubx/gwObRccgJcpLsNEPj+l9vUH52A85wGXydQ9Ew VehkboETTRYLC9jp7TMEStoTdZc70WCR2x4gZKm/95Dzq0g5EzRR/heu1wLXxFVY 7TE+jbD4N+V0HrpQ0tvrfSzRpFMvyrZ8Bvl8Bo4A6eIDozAz58lcwf5A70JjrnUo 3IkBOxGDyhJEg2BrPbrQugq5bJTjE6/ukg0Or3e9AtSxn4rz3yCZDQms4XclFonE ZCl/EKSiDIHdDHOvN3QXvmFiNSL4QaCfOZlVUpIWuLCHXfDZ2xM= =msFo -----END PGP SIGNATURE-----