Sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
etcd (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync etcd 3.4.30-1 (universe) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* No-change rebuild with Go 1.21.
* No-change rebuild with Go 1.21.
* SECURITY UPDATE: debug leaks credentials
- debian/
- CVE-2021-28235
CVE-2021-28235 is fixed in upstream version 3.4.25.
Changelog entries since current noble version 3.4.23-4ubuntu2:
etcd (3.4.30-1) unstable; urgency=medium
* Team upload
* New upstream version 3.4.30
+ CVE-2021-28235 (fixed in 3.4.25): Clearing password after authenticating
the user.
+ CVE-2023-32082 (fixed in 3.4.26): LeaseTimeToLive API may return keys to
clients which have no read permission on the keys
-- Shengjing Zhu <email address hidden> Wed, 28 Feb 2024 17:43:49 +0800
etcd (3.4.23-6) unstable; urgency=medium
* Team upload
* Add a patch to skip flaky test that failed on 3/10 buildds
-- Mathias Gibbens <email address hidden> Sat, 17 Feb 2024 00:31:39 +0000
etcd (3.4.23-5) unstable; urgency=medium
* Team upload
* d/control:
- Replace transitional golang-
- Allow golang-
* Add a patch to skip tests that fail in some environments
-- Mathias Gibbens <email address hidden> Fri, 16 Feb 2024 22:07:53 +0000
CVE References
Changed in etcd (Ubuntu): | |
importance: | Undecided → Wishlist |
This bug was fixed in the package etcd - 3.4.30-1
Sponsored for Shengjing Zhu (zhsj)
---------------
etcd (3.4.30-1) unstable; urgency=medium
* Team upload
* New upstream version 3.4.30
+ CVE-2021-28235 (fixed in 3.4.25): Clearing password after authenticating
the user.
+ CVE-2023-32082 (fixed in 3.4.26): LeaseTimeToLive API may return keys to
clients which have no read permission on the keys
-- Shengjing Zhu <email address hidden> Wed, 28 Feb 2024 17:43:49 +0800
etcd (3.4.23-6) unstable; urgency=medium
* Team upload
* Add a patch to skip flaky test that failed on 3/10 buildds
-- Mathias Gibbens <email address hidden> Sat, 17 Feb 2024 00:31:39 +0000
etcd (3.4.23-5) unstable; urgency=medium
* Team upload goprotobuf- dev package github- golang- protobuf- 1-5-dev as optional Depends
* d/control:
- Replace transitional golang-
- Allow golang-
* Add a patch to skip tests that fail in some environments
-- Mathias Gibbens <email address hidden> Fri, 16 Feb 2024 22:07:53 +0000