-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Jun 2024 10:40:07 +0000 Source: zookeeper Binary: libzookeeper-mt-dev libzookeeper-mt2 libzookeeper-mt2-dbgsym libzookeeper-st-dev libzookeeper-st2 libzookeeper-st2-dbgsym python3-zookeeper python3-zookeeper-dbgsym zookeeper-bin zookeeper-bin-dbgsym Architecture: amd64 Version: 3.8.0-11+deb12u2 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Bastien Roucariès Description: libzookeeper-mt-dev - Development files for multi threaded zookeeper C bindings libzookeeper-mt2 - Multi threaded C bindings for zookeeper libzookeeper-st-dev - Development files for single threaded zookeeper C bindings libzookeeper-st2 - Single threaded C bindings for zookeeper python3-zookeeper - Python bindings for zookeeper zookeeper-bin - Command line utilities for zookeeper Closes: 1066947 Changes: zookeeper (3.8.0-11+deb12u2) bookworm; urgency=medium . * Team upload * Bug fix: CVE-2024-23944 (Closes: #1066947): An information disclosure in persistent watchers handling was found in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. * Add salsa CI Checksums-Sha1: 3dcc6d7e747cf3e2311531ca05a344e27ca37e39 78060 libzookeeper-mt-dev_3.8.0-11+deb12u2_amd64.deb 0d55e8fb7e66c96b755194f5d70dab789ad2ca52 164132 libzookeeper-mt2-dbgsym_3.8.0-11+deb12u2_amd64.deb 789d589ff6bc22fdebaded69ab29aa8b8125de4c 51800 libzookeeper-mt2_3.8.0-11+deb12u2_amd64.deb 24ae821fca6e251f923a4d2a007ec9df39173941 72932 libzookeeper-st-dev_3.8.0-11+deb12u2_amd64.deb ca178f236aaac071c9bbe1614e6ae455afe0f5fb 149360 libzookeeper-st2-dbgsym_3.8.0-11+deb12u2_amd64.deb 9590d745eac6dd5aa0896c0e03cf6a3e35572234 47000 libzookeeper-st2_3.8.0-11+deb12u2_amd64.deb 0f85c3942f50c761ef5c67642c375c5bee58bb6d 37776 python3-zookeeper-dbgsym_3.8.0-11+deb12u2_amd64.deb 670003423c1e2fca511ade2efe044502d20dfd50 24600 python3-zookeeper_3.8.0-11+deb12u2_amd64.deb e372d9e4f7fed96ae0b6cf8c60f72d7ad58486ed 35984 zookeeper-bin-dbgsym_3.8.0-11+deb12u2_amd64.deb 6e57d0fdf91eb2f4b81da2933a13aff472a943cf 21012 zookeeper-bin_3.8.0-11+deb12u2_amd64.deb 4f0597127446981f506c4356cf7bcb87176431f1 23354 zookeeper_3.8.0-11+deb12u2_amd64-buildd.buildinfo Checksums-Sha256: d1929d34c3cfe9f2881932b6642be2b9accddf20e47f97de9c82f1a0116f087c 78060 libzookeeper-mt-dev_3.8.0-11+deb12u2_amd64.deb 884589babfe3aaac900d9c5a0a27c5456004de62597bc4bbda9115cd27e37dfd 164132 libzookeeper-mt2-dbgsym_3.8.0-11+deb12u2_amd64.deb a981cf2cedb3835ed1b1ea94aea2727db8f9b21f410a43720df8c555e39c0c10 51800 libzookeeper-mt2_3.8.0-11+deb12u2_amd64.deb 2e3571ee9191bd5b420ca086f5470fba71d0c8f8894bb29bb155387b0ae447c3 72932 libzookeeper-st-dev_3.8.0-11+deb12u2_amd64.deb be671f231ee18e14a24a8882dd2839ca6c533f6ebfe91a3d531be77c6f837a90 149360 libzookeeper-st2-dbgsym_3.8.0-11+deb12u2_amd64.deb d6bfe50353939ad27ef16fb78209b07b7b622e0702a38f8d0932ab12e1304581 47000 libzookeeper-st2_3.8.0-11+deb12u2_amd64.deb 7bf02484454c99c6b62de4cb1881a14837b58b72d348ebb32a5fef46962a28db 37776 python3-zookeeper-dbgsym_3.8.0-11+deb12u2_amd64.deb 7843557297111afb929bceed38b05bf7138ca547608de3eec1d3d88b9dd8830d 24600 python3-zookeeper_3.8.0-11+deb12u2_amd64.deb 51d6acb7221bfbc495daf2a0399381c197abe5ef101efd92ba98f9b0be661be6 35984 zookeeper-bin-dbgsym_3.8.0-11+deb12u2_amd64.deb fda11d8ed15d76fe92a50bc551f87246bf2df55aff5e9cd780f7d219f65dab13 21012 zookeeper-bin_3.8.0-11+deb12u2_amd64.deb 5a7ea3369d97763acee7111444ea5da22b03c1ba4e8a2e27fa008b4daa0ae509 23354 zookeeper_3.8.0-11+deb12u2_amd64-buildd.buildinfo Files: 6950591baa16a52dcb87ea7279ffe5eb 78060 libdevel optional libzookeeper-mt-dev_3.8.0-11+deb12u2_amd64.deb 9422b8e1cfe3495ef83ef81cc4686066 164132 debug optional libzookeeper-mt2-dbgsym_3.8.0-11+deb12u2_amd64.deb f2dc2b30647a76a1fd505442cc93c806 51800 libs optional libzookeeper-mt2_3.8.0-11+deb12u2_amd64.deb 65535c74fb8590736a509a4de19315ed 72932 libdevel optional libzookeeper-st-dev_3.8.0-11+deb12u2_amd64.deb 2f8435482a5159aeff12367473792aad 149360 debug optional libzookeeper-st2-dbgsym_3.8.0-11+deb12u2_amd64.deb 599eecdee73a4d631c939a3f61d679c9 47000 libs optional libzookeeper-st2_3.8.0-11+deb12u2_amd64.deb 39c85a26223ef3a235ee07b7df04bc86 37776 debug optional python3-zookeeper-dbgsym_3.8.0-11+deb12u2_amd64.deb a966f6a631556423ad04873630735958 24600 python optional python3-zookeeper_3.8.0-11+deb12u2_amd64.deb 2b3a71d9aff17c54297588dee7fd5c0c 35984 debug optional zookeeper-bin-dbgsym_3.8.0-11+deb12u2_amd64.deb 004660bb3c5a1bde3c28a9accdce0439 21012 misc optional zookeeper-bin_3.8.0-11+deb12u2_amd64.deb 5044169f7214697568b9b98db3fcbbd6 23354 java optional zookeeper_3.8.0-11+deb12u2_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Unr4QHS5Yi4rr9Q3KGKEAtjIVgFAmdxjKkACgkQ3KGKEAtj IViS8Q/+NZPCTPamoyvD0btpKGI3zv0YwV5rjLvgrjdCWMnQ9nC4xZQHH3DwtZAD vp+ccdvUrbSkI4GbQA9N7rZDWeFWIXpcHT43G0v94KAEz69/3QXpgHJnixs4D4sr 5OIbtMzZX/adglc7FnFBxaLNCp3LtzZlnSR97SHUbfCPvAzAu+iFoOl2f7xTChh8 rQBwphYSFGH210E7eYRNyzn9ja04mEunLGcgd+J6IRebvAFJmctjV+yggiESjjK4 WRXj3N/0V+PakeB21VLN0ya6uOwouKQDkQCdxqHoXuNkvBh6Wd7F9kRe4Z+ffwNQ T9fp3KpskCKYfn36iRj5bgQzQAkC5vGdltk5M5x6uDW8/SssTDrh6ov1zWBIpRR1 ktfHVjg2y9C0JUWq3/PAqKoyQWBA0+2bvOhkXgMJkFFOjm5ewU670yfkC7ua1eH/ +IM2J85dluVQ/xdvJriIEPJNuhZbu+QBapQa9kAIzQA6+sx3YctsQUXgqvYmseIJ rNMAt8kpnw3AIAsXRMU1gImkjEbPoulKx/wGNhqEU6qjiE0SyWrkGd1xCRHgz/0Z Md796RRJvt2pYK59WTwj6ukXUYotCFGljRd988kbVuc2aLai+KAvIGe3hm7TIu5t 8NiMJTBjSNMD1E6iMub60G/3LitLuCoCDdM+5adBzwNZNgIVgsM= =UQUP -----END PGP SIGNATURE-----