Debian Bug report logs -
#863811
CVE-2017-5637
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#863811; Package src:zookeeper.
(Wed, 31 May 2017 12:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Wed, 31 May 2017 12:48:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Source: zookeeper
Severity: grave
Tags: security
Please see https://issues.apache.org/jira/browse/ZOOKEEPER-2693
Fix is referenced here: https://github.com/apache/zookeeper/pull/183
I'm also attaching the debdiff I'll be using for jessie for reference.
Cheers,
Moritz
[zk.debdiff (text/plain, attachment)]
Marked as found in versions zookeeper/3.4.5+dfsg-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 31 May 2017 12:51:06 GMT) (full text, mbox, link).
Added tag(s) upstream and fixed-upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Wed, 31 May 2017 12:51:08 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#863811; Package src:zookeeper.
(Thu, 01 Jun 2017 15:21:07 GMT) (full text, mbox, link).
Acknowledgement sent
to tony mancill <tmancill@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Thu, 01 Jun 2017 15:21:07 GMT) (full text, mbox, link).
Message #16 received at 863811@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On Wed, May 31, 2017 at 02:45:18PM +0200, Moritz Muehlenhoff wrote:
> Source: zookeeper
> Severity: grave
> Tags: security
>
> Please see https://issues.apache.org/jira/browse/ZOOKEEPER-2693
>
> Fix is referenced here: https://github.com/apache/zookeeper/pull/183
>
> I'm also attaching the debdiff I'll be using for jessie for reference.
Hello Moritz,
Thank you (as always) for your work on security. I can prepare the
upload to unstable. Do you have a recommendation for how we should
approach the fix in stretch given the timing of the release? Should the
upload perhaps be prepared for stretch-security?
Thank you,
tony
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#863811; Package src:zookeeper.
(Thu, 01 Jun 2017 16:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Mühlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Thu, 01 Jun 2017 16:33:03 GMT) (full text, mbox, link).
Message #21 received at 863811@bugs.debian.org (full text, mbox, reply):
On Thu, Jun 01, 2017 at 08:17:21AM -0700, tony mancill wrote:
> On Wed, May 31, 2017 at 02:45:18PM +0200, Moritz Muehlenhoff wrote:
> > Source: zookeeper
> > Severity: grave
> > Tags: security
> >
> > Please see https://issues.apache.org/jira/browse/ZOOKEEPER-2693
> >
> > Fix is referenced here: https://github.com/apache/zookeeper/pull/183
> >
> > I'm also attaching the debdiff I'll be using for jessie for reference.
>
> Hello Moritz,
>
> Thank you (as always) for your work on security. I can prepare the
> upload to unstable. Do you have a recommendation for how we should
> approach the fix in stretch given the timing of the release? Should the
> upload perhaps be prepared for stretch-security?
I think it's best if you prepare a 3.4.9-3 upload with only the security
fix and ask for an unblock by filing a bug against release.debian.org
Cheers,
Moritz
Reply sent
to tony mancill <tmancill@debian.org>:
You have taken responsibility.
(Fri, 02 Jun 2017 00:06:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Fri, 02 Jun 2017 00:06:07 GMT) (full text, mbox, link).
Message #26 received at 863811-close@bugs.debian.org (full text, mbox, reply):
Source: zookeeper
Source-Version: 3.4.9-3
We believe that the bug you reported is fixed in the latest version of
zookeeper, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 863811@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated zookeeper package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 01 Jun 2017 16:26:44 -0700
Source: zookeeper
Binary: libzookeeper-java zookeeper zookeeperd libzookeeper-java-doc libzookeeper-mt2 libzookeeper-st2 libzookeeper2 libzookeeper-mt-dev libzookeeper-st-dev zookeeper-bin python-zookeeper
Architecture: source all amd64
Version: 3.4.9-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Description:
libzookeeper-java - Core Java libraries for zookeeper
libzookeeper-java-doc - API Documentation for zookeeper
libzookeeper-mt-dev - Development files for multi threaded zookeeper C bindings
libzookeeper-mt2 - Multi threaded C bindings for zookeeper
libzookeeper-st-dev - Development files for single threaded zookeeper C bindings
libzookeeper-st2 - Single threaded C bindings for zookeeper
libzookeeper2 - C bindings for zookeeper - transitional package
python-zookeeper - Python bindings for zookeeper
zookeeper - High-performance coordination service for distributed application
zookeeper-bin - Command line utilities for zookeeper
zookeeperd - Init control scripts for zookeeper
Closes: 863811
Changes:
zookeeper (3.4.9-3) unstable; urgency=medium
.
* Team upload.
* Apply patch for CVE-2017-5637 (Closes: #863811)
"wchp" and "wchc" are now disabled by default.
Checksums-Sha1:
e35931cd9f28861e664c6bd8c6e5b42c7fbdb34d 3022 zookeeper_3.4.9-3.dsc
865d0959b3deaae102b2525b26b3ddebdb5b0b19 50420 zookeeper_3.4.9-3.debian.tar.xz
faceb60e4201e240ddfcf45b11ffcd4966edebf7 359998 libzookeeper-java-doc_3.4.9-3_all.deb
0871a00b218dc1217b90785310a51bb6c0bfeec0 1314658 libzookeeper-java_3.4.9-3_all.deb
0b1a17e90f321e7e72216dc8531ef11d613a120a 90592 libzookeeper-mt-dev_3.4.9-3_amd64.deb
6b5eca9f8336d35a0b77d6354bb098ee35e5a28b 112294 libzookeeper-mt2-dbgsym_3.4.9-3_amd64.deb
5e19dbc4d5aaf6afa2ab6c1426cdee3bc903209c 74934 libzookeeper-mt2_3.4.9-3_amd64.deb
cac9bef31cd7005aa4025f30b1ea6133d1ed718a 87890 libzookeeper-st-dev_3.4.9-3_amd64.deb
18ba238be706a3e0c6ce9f73f378c2d42ffbfc48 105222 libzookeeper-st2-dbgsym_3.4.9-3_amd64.deb
4d96a577d363de36a1ad9eb0415d8eac0fb144af 72572 libzookeeper-st2_3.4.9-3_amd64.deb
76eecbc2ed448982d0f19189799de2e088816102 40642 libzookeeper2_3.4.9-3_amd64.deb
893f65ed57e6cc6ad4577b2ade65cef97f406409 32346 python-zookeeper-dbgsym_3.4.9-3_amd64.deb
6c57d5837b7851500e74357acb3db9a6fd4fe207 58066 python-zookeeper_3.4.9-3_amd64.deb
711f5b7ed83ef249fab37ee5589d09c4d9bfd23f 413432 zookeeper-bin-dbgsym_3.4.9-3_amd64.deb
f01cb2e5180d9dc7a87b0badc1594ee4e6ace6e7 94416 zookeeper-bin_3.4.9-3_amd64.deb
91305d421c49d6576ce4d020db839c7f49d7f6a0 141584 zookeeper_3.4.9-3_all.deb
2909b3e92fdf03f837f460f1267a40f61be92b43 16168 zookeeper_3.4.9-3_amd64.buildinfo
f32a337ecc6235d0ef8095ede26ec9d6225a8b34 43720 zookeeperd_3.4.9-3_all.deb
Checksums-Sha256:
95cbda8285b2fe3924cbdd78c0a0f93c2789ce6675b973ba5f9d2c5a1d4a8b8f 3022 zookeeper_3.4.9-3.dsc
70bff506975ac187b5b52d502517e49774170ff2337123b5b12f2aa71638c238 50420 zookeeper_3.4.9-3.debian.tar.xz
17b539a6e1282a91ab8a656e1e10743d875ae9a447b43a3f7999f10686d9b14b 359998 libzookeeper-java-doc_3.4.9-3_all.deb
f0e66664ba481fd90050d7351dfec7e8df58305abd3650ad5b453ae61410b7e4 1314658 libzookeeper-java_3.4.9-3_all.deb
9341249d9c85705f6bae78f00e1c31accf0ac16702f80aea52715519549975ca 90592 libzookeeper-mt-dev_3.4.9-3_amd64.deb
3cc548d1770884f51c181832564f02e9dbee7c999937a2f940e307626bae4f7c 112294 libzookeeper-mt2-dbgsym_3.4.9-3_amd64.deb
d21d83b4c18ffa1c363aa90f30795973998a7354c7dc93badaa8c7b7213b538a 74934 libzookeeper-mt2_3.4.9-3_amd64.deb
483f691827ec4ed14fbbfc0855e5b170dece81e19135dd453475a8066f9dce29 87890 libzookeeper-st-dev_3.4.9-3_amd64.deb
13bfc2d9edc5ebdcd9e8cc5bde68026ee851e1b27bb2032b03025ac72648703c 105222 libzookeeper-st2-dbgsym_3.4.9-3_amd64.deb
1c472ae9739d2b50b02762b2c36c21806a442ed33a0b16d48e05c125e1dea7ae 72572 libzookeeper-st2_3.4.9-3_amd64.deb
bff2557fe042165882271fa93e46fe412eb6b605a9a2916b534d3956d8bd79e7 40642 libzookeeper2_3.4.9-3_amd64.deb
1405220991817e3770be692f58f8aeed0e1d82af7d3d2c39aa135986b00c4880 32346 python-zookeeper-dbgsym_3.4.9-3_amd64.deb
25ab789d6b961b01edf516b390443b1a093845c08f403bc0ee0b5ea48c0bbafd 58066 python-zookeeper_3.4.9-3_amd64.deb
028b73a98da27b843ac28e426d80fc9a3c82a5482508be74da4da85b35b8fc12 413432 zookeeper-bin-dbgsym_3.4.9-3_amd64.deb
f8d0eb34a78bafb6aa5ef9023bdab11ae23a44e15785ba55f3977c0915a10bfc 94416 zookeeper-bin_3.4.9-3_amd64.deb
620551242a9464321d786ee9fdf719ccd3029c69644804bf6d76ffcaee25f5c1 141584 zookeeper_3.4.9-3_all.deb
b61a905890079956062a3efda0748e2d02c13e92d54b070861ac4be958b6118f 16168 zookeeper_3.4.9-3_amd64.buildinfo
ec89c567423a660d232cc26e7d83c3d6e9d7d4bb1d7301f85ba55a8474234ccf 43720 zookeeperd_3.4.9-3_all.deb
Files:
425f44aebf57794564b6071b8ab54c73 3022 java optional zookeeper_3.4.9-3.dsc
e5900f6a0f11fbc56bae4c9e481bae8b 50420 java optional zookeeper_3.4.9-3.debian.tar.xz
655c3dbbada3672e66bbd2c2fdd3266c 359998 doc optional libzookeeper-java-doc_3.4.9-3_all.deb
b2f3f80502f4c961e917dd82124fd9a1 1314658 java optional libzookeeper-java_3.4.9-3_all.deb
5e6efecd80484532ea2b9b7f12fd829e 90592 libdevel optional libzookeeper-mt-dev_3.4.9-3_amd64.deb
cec3facf35a486ce064b9d342e4a7f9a 112294 debug extra libzookeeper-mt2-dbgsym_3.4.9-3_amd64.deb
326944e958a166f7ebf8b1c17cfad826 74934 libs optional libzookeeper-mt2_3.4.9-3_amd64.deb
1d0ba43f59ff62f03b3ebbe5ed996119 87890 libdevel optional libzookeeper-st-dev_3.4.9-3_amd64.deb
6d7323758f414c4ec4571d7bdeed8e73 105222 debug extra libzookeeper-st2-dbgsym_3.4.9-3_amd64.deb
ff72eb6d7c145b2613e06c4ec18c1a7c 72572 libs optional libzookeeper-st2_3.4.9-3_amd64.deb
d40230aacc9ef4f349936ccb81ad21a7 40642 oldlibs extra libzookeeper2_3.4.9-3_amd64.deb
e9aa20b84dca480997ce2c399cb97f2b 32346 debug extra python-zookeeper-dbgsym_3.4.9-3_amd64.deb
84afb6a8085e731b0417621e159f0d6b 58066 python optional python-zookeeper_3.4.9-3_amd64.deb
87bc3bb26792ad3283c65f5397832811 413432 debug extra zookeeper-bin-dbgsym_3.4.9-3_amd64.deb
5c00abd035b3914398a0b3d0069f8c8c 94416 misc optional zookeeper-bin_3.4.9-3_amd64.deb
a8d585bd329b9deaf93da09660fc5976 141584 java optional zookeeper_3.4.9-3_all.deb
48bf5b04cdb02c94dc88b7efcca15465 16168 java optional zookeeper_3.4.9-3_amd64.buildinfo
b04958180aed20e22198a745e53ab597 43720 java optional zookeeperd_3.4.9-3_all.deb
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlkwqOIUHHRtYW5jaWxs
QGRlYmlhbi5vcmcACgkQIdIFiZdLPpY9ZA//afKF7yN6yN04GmmDDqPac8Lv49qG
a9thuOcfekLLCx4a7RTaXBaWm9ALQ+9IlYPoKP6JtzWh9tiJZ3yXclX9TNupgn55
iby8qpuau/C10UOuz07A2LJ6oaKsvNjAWaIkbD5AXaqVFVuRRrYnMiYaASGvMgN8
yUzLd0EXiyYVZXeZVKkg7wP5xfYV6O5eHyKs1R6GHCb3YgxId/1nfLIk8OK6JwpV
FwqbSGO5LCGwHKT+I/8Fv7VV04PWFJzu/Uo/8Ez+VpRKrg/F1gHy9f8qcEnx/FRC
rxQIZBXBQvFRkVzZIh5qBcVkzIqEJ7RQd1OjgJL0r9Xv/y4eTROg9HfcIc+4hIYD
vIyiq79chpnea4UH2COvfLTvygnWd91U7Yd7NrLL9NUr+6rGNE/B4wA6MFA0j2zK
qEJQrnnsQQ2CFTOaHvF1TXwNsq0bCmuq480pBLQnkFaz67iXyiygbTnTocWZ4jZj
zKWbzXRA/9Dt8uzh7XDXBJgs3uQNeryKFSmJuY5jDqYCpJVvxwPOPxQ33QtS0dHI
3jCb6G9zcK2SzSK547RaV3NVytPfdBSkAzK21Izk/KahJf16CeTaf6cELdlUVNsW
bWCkza4uXEUv5JwfLynL75eQ5uMwBn3C7VwDm8mTWhZPYjbYXRLtvU3UxmEzFdJt
4svISUadW7Ljv/Q=
=iyf8
-----END PGP SIGNATURE-----
Marked as fixed in versions zookeeper/3.4.5+dfsg-2+deb8u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 02 Jun 2017 04:21:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 02 Jul 2017 07:25:20 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:52:12 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon