[Bug 2055357] Re: Sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Sergio Durigan Junior
2055357 at bugs.launchpad.net
Thu Feb 29 20:41:22 UTC 2024
This bug was fixed in the package etcd - 3.4.30-1
Sponsored for Shengjing Zhu (zhsj)
---------------
etcd (3.4.30-1) unstable; urgency=medium
* Team upload
* New upstream version 3.4.30
+ CVE-2021-28235 (fixed in 3.4.25): Clearing password after authenticating
the user.
+ CVE-2023-32082 (fixed in 3.4.26): LeaseTimeToLive API may return keys to
clients which have no read permission on the keys
-- Shengjing Zhu <zhsj at debian.org> Wed, 28 Feb 2024 17:43:49 +0800
etcd (3.4.23-6) unstable; urgency=medium
* Team upload
* Add a patch to skip flaky test that failed on 3/10 buildds
-- Mathias Gibbens <gibmat at debian.org> Sat, 17 Feb 2024 00:31:39 +0000
etcd (3.4.23-5) unstable; urgency=medium
* Team upload
* d/control:
- Replace transitional golang-goprotobuf-dev package
- Allow golang-github-golang-protobuf-1-5-dev as optional Depends
* Add a patch to skip tests that fail in some environments
-- Mathias Gibbens <gibmat at debian.org> Fri, 16 Feb 2024 22:07:53 +0000
** Changed in: etcd (Ubuntu)
Status: New => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-28235
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-32082
--
You received this bug notification because you are a member of Ubuntu
Sponsors, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/2055357
Title:
Sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Status in etcd package in Ubuntu:
Fix Released
Bug description:
Please sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* No-change rebuild with Go 1.21.
* No-change rebuild with Go 1.21.
* SECURITY UPDATE: debug leaks credentials
- debian/patches/CVE-2021-28235.patch: blanks out password
- CVE-2021-28235
CVE-2021-28235 is fixed in upstream version 3.4.25.
Changelog entries since current noble version 3.4.23-4ubuntu2:
etcd (3.4.30-1) unstable; urgency=medium
* Team upload
* New upstream version 3.4.30
+ CVE-2021-28235 (fixed in 3.4.25): Clearing password after authenticating
the user.
+ CVE-2023-32082 (fixed in 3.4.26): LeaseTimeToLive API may return keys to
clients which have no read permission on the keys
-- Shengjing Zhu <zhsj at debian.org> Wed, 28 Feb 2024 17:43:49 +0800
etcd (3.4.23-6) unstable; urgency=medium
* Team upload
* Add a patch to skip flaky test that failed on 3/10 buildds
-- Mathias Gibbens <gibmat at debian.org> Sat, 17 Feb 2024 00:31:39
+0000
etcd (3.4.23-5) unstable; urgency=medium
* Team upload
* d/control:
- Replace transitional golang-goprotobuf-dev package
- Allow golang-github-golang-protobuf-1-5-dev as optional Depends
* Add a patch to skip tests that fail in some environments
-- Mathias Gibbens <gibmat at debian.org> Fri, 16 Feb 2024 22:07:53
+0000
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/etcd/+bug/2055357/+subscriptions
More information about the Ubuntu-sponsors
mailing list