-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 16 Jun 2024 10:40:07 +0000 Source: zookeeper Binary: libzookeeper-java libzookeeper-java-doc zookeeper zookeeperd Architecture: all Version: 3.8.0-11+deb12u2 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Bastien Roucariès Description: libzookeeper-java - Core Java libraries for zookeeper libzookeeper-java-doc - API Documentation for zookeeper zookeeper - High-performance coordination service for distributed application zookeeperd - Init control scripts for zookeeper Closes: 1066947 Changes: zookeeper (3.8.0-11+deb12u2) bookworm; urgency=medium . * Team upload * Bug fix: CVE-2024-23944 (Closes: #1066947): An information disclosure in persistent watchers handling was found in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. * Add salsa CI Checksums-Sha1: 8949e774fa9350dee72a0cb493bed519cd9e7929 881628 libzookeeper-java-doc_3.8.0-11+deb12u2_all.deb c1af3a3f03d023acaf722a216cdf8431e97f9e21 1855724 libzookeeper-java_3.8.0-11+deb12u2_all.deb ddcf5eabb3b5b9c52e3b8b99a37c7d07748202bc 21326 zookeeper_3.8.0-11+deb12u2_all-buildd.buildinfo 4ab476ae1fe8d4ef2c29cfd9dd0cfc935f92980e 64196 zookeeper_3.8.0-11+deb12u2_all.deb c12aa29af88826d867e6fe166319f0f13984c0e6 9644 zookeeperd_3.8.0-11+deb12u2_all.deb Checksums-Sha256: 2136386a87f774d2c27d633455c168bb5f2250058126bdc5669dbcb70761955f 881628 libzookeeper-java-doc_3.8.0-11+deb12u2_all.deb b2976f2bb4352d01713d3e40a8e047a3219c05f5fa53054e050246a6bc179053 1855724 libzookeeper-java_3.8.0-11+deb12u2_all.deb 4b6bc03a480fd6af74dce9c621affa41aa416601cb59950adf6c51ff28c8367a 21326 zookeeper_3.8.0-11+deb12u2_all-buildd.buildinfo 85b47b3c6bc99fb6c1eefac59e3f59f3d44df436c9b500b6bc9ba0871d52162f 64196 zookeeper_3.8.0-11+deb12u2_all.deb b2945901c3f51b56e22845c77a0861d93d20c8a5b0242c2ed8091a02ddd3be1e 9644 zookeeperd_3.8.0-11+deb12u2_all.deb Files: 60d639a50551fbb1a279af6fbdb8e12f 881628 doc optional libzookeeper-java-doc_3.8.0-11+deb12u2_all.deb ebd5ea575e4f164b924e1f5eb08b89f6 1855724 java optional libzookeeper-java_3.8.0-11+deb12u2_all.deb 32d0f2d49f7263ff4b6baf53f6e6a861 21326 java optional zookeeper_3.8.0-11+deb12u2_all-buildd.buildinfo 37d9c55ad1bad0d8e8571247116782a3 64196 java optional zookeeper_3.8.0-11+deb12u2_all.deb b547e4ea7b4ec990dcc2edb5751e34b2 9644 java optional zookeeperd_3.8.0-11+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmdxj2sACgkQgDm7h4zf CpLAqg//YuH6Gs8Ap9z2XwEFEfQvPetf7KLjHnz4ojlcYyivWOwOzjHTx0Brbmb9 njtafg7QK5J6cUImaJCqBeaG2Xkh+2psc1nucRQLXYPtrdynHKyJAGTj1/FK2kYr xSAAG2nplnGk1+UeMQyjP0VLFEQMhqTCmgKKCVIN4tQN1V6XMsy6EchvEZ4vsJoA A/jFdtNDFjRYEBIhQDPM7qL0OgMVgy7gX78/Q2+TK5eQq56NBhOURrWiylGcTM/U 6oTBVBTSa2Cp/3L6ubhONCL9HZiptlS+i4dS1tEAdpGe9RYVnIiGEU82esRmRGjK QNAPCRAH09BSzWrN76J3H00Bot4evR6qV5sXIfXPFVO/k6Z1tOa5ce5yGF26fO5L wlOXL57yyjRpw4ZIXzF02pS7r6lFq1/tC7vNT7lmI7g8Sp6LRnclpkTPopf2ax9a SwZSqMBz6HYCyBCBU6/3BViAcVAeUFxgx4C7rVDbWUSLbmZAGj6tgjfyZNfRHGj6 3fCtC7rULB5YeU2mU3u+5bjPopd3OvYXjrZLZkkgFmslBIWyQ9XNIydNK5k2hTYo qjkn9qouxwr9qSDhHbs0w3nUWm27kGjxmfctxncdZoGIm1MwNfn37K2fWM9S46d0 sBFr7cMu0rqvuug6HdRlFJxQbvcYhEtAnXJUug/hgQ/sKXO0lAk= =rKXG -----END PGP SIGNATURE-----