Your message dated Sat, 26 Dec 2020 17:22:43 +0000 with message-id <e1ktdh9-000fe2...@fasolo.debian.org> and subject line Bug#978087: fixed in influxdb 1.6.7~rc0-1 has caused the Debian Bug report #978087, regarding influxdb: CVE-2019-20933 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 978087: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978087 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: influxdb Version: 1.6.4-2 Severity: grave Tags: security upstream Forwarded: https://github.com/influxdata/influxdb/issues/12927 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.6.4-1 Control: found -1 1.0.2+dfsg1-1 Control: fixed -1 1.1.1+dfsg1-4+deb9u1 Hi, The following vulnerability was published for influxdb. CVE-2019-20933[0]: | InfluxDB before 1.7.6 has an authentication bypass vulnerability in | the authenticate function in services/httpd/handler.go because a JWT | token may have an empty SharedSecret (aka shared secret). If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-20933 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20933 [1] https://github.com/influxdata/influxdb/issues/12927 [2] https://github.com/influxdata/influxdb/commit/761b557315ff9c1642cf3b0e5797cd3d983a24c0 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: influxdb Source-Version: 1.6.7~rc0-1 Done: Shengjing Zhu <z...@debian.org> We believe that the bug you reported is fixed in the latest version of influxdb, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 978...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Shengjing Zhu <z...@debian.org> (supplier of updated influxdb package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 27 Dec 2020 01:06:41 +0800 Source: influxdb Architecture: source Version: 1.6.7~rc0-1 Distribution: unstable Urgency: high Maintainer: Debian Go Packaging Team <team+pkg...@tracker.debian.org> Changed-By: Shengjing Zhu <z...@debian.org> Closes: 978087 Changes: influxdb (1.6.7~rc0-1) unstable; urgency=high . * Team upload. * New upstream version 1.6.7~rc0 Fix CVE-2019-20933 Password bypass vulnerability (Closes: #978087) https://github.com/influxdata/influxdb/pull/13133 * Update Homepage * Bump debhelper-compat to 13 * Fix Vcs-Git and Vcs-Browser address * Update uscan watch file version * Remove broken lintian overrides * Fix skip-systemd-native-flag-missing-pre-depends Checksums-Sha1: 8d85a20b5efcc870fdbe51d1fbdb0acc3c3ea73a 2795 influxdb_1.6.7~rc0-1.dsc 6b6edcaf3155c133c065e2c3346c404458ea5441 1515340 influxdb_1.6.7~rc0.orig.tar.gz 5951123429e6d53bedc32f415d1eb8f7345d2dc6 16060 influxdb_1.6.7~rc0-1.debian.tar.xz 84301ac05fe454cbfd6b0db0757e17585db2a278 11204 influxdb_1.6.7~rc0-1_amd64.buildinfo Checksums-Sha256: 5c01d62a1174a4d93dfc966c603bdb5f2192e02bcba1fc8db97f2415cb494d1d 2795 influxdb_1.6.7~rc0-1.dsc bae5ffedd41942d9d06a4a3394c45748c6fdb39c3acfbcbb1326f706bb5fa548 1515340 influxdb_1.6.7~rc0.orig.tar.gz 2090498215bad067d7cd750a7af2c6455fe149d2e4e09b90712be755d2bc74f1 16060 influxdb_1.6.7~rc0-1.debian.tar.xz 4d239019a56058e8d6e1a87f12af86c75255792a2c98fc989c9189b444e759b2 11204 influxdb_1.6.7~rc0-1_amd64.buildinfo Files: e2c6ca44a2705449c5a07849520f7f6f 2795 database optional influxdb_1.6.7~rc0-1.dsc 995b39f91cf18230a326bf2de55b1792 1515340 database optional influxdb_1.6.7~rc0.orig.tar.gz 5a569ecc500002d3615bf4d969576c3a 16060 database optional influxdb_1.6.7~rc0-1.debian.tar.xz ab4d40cc3fe1eea81f60144f40a4da1e 11204 database optional influxdb_1.6.7~rc0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iIYEARYIAC4WIQTiXc95jUQrjt9HgU3EhUo4GOCwFgUCX+duVRAcemhzakBkZWJp YW4ub3JnAAoJEMSFSjgY4LAWoPMA/2g7QPv923hQ0Fgj2nbGshNApIm1r3TNMnEn 7xZ+mocmAP9SJVBgHF6v1JBM2SX2wXLO7avzSd4NGXXDzqA6YJeHAA== =p7+W -----END PGP SIGNATURE-----
--- End Message ---
