[SECURITY] [DLA 3136-1] barbican security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3136-1] barbican security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Tue, 4 Oct 2022 09:57:51 +0200 (CEST)
Message-id: <[🔎] 20221004075751.8CE982A15B6@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3136-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 04, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : barbican
Version        : 1:7.0.0-1+deb10u1
CVE ID         : CVE-2022-3100

It was found that Barbican, a service for secret management and storage,
was vulnerable to access bypass via query string injection.

For Debian 10 buster, this problem has been fixed in version
1:7.0.0-1+deb10u1.

We recommend that you upgrade your barbican packages.

For the detailed security status of barbican please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/barbican

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmM753wACgkQnUbEiOQ2
gwIEThAAwPx6MVCnmlgQ5z1MlOqOm8d6RI0WFb5zhD/m/s0zpK5rCWoSEY5ag9QM
s5tebyF/q8G41ftRrwAbWYMUpbre+EpjV22kg7YZdx0g9Rt3sy19KS+95ud6ONwO
5gjPbbXEaX2Ji2QAknq+uRCGAVVcalUb+5+ACO6K2VFfV2sKzDSOhS7RXqhUsDLo
oqBAffZZwHm7+mM3lj8+SF2DZLy8oVPjmj3GvQBcjbPvIHfaYw1tLqJW9YY9Ep0c
yUh+x5HtPYjrgbhoTYh/kW26ZAzJ6qK7uKTf4nCt0pIsmh+ZuLYDin0zNFI0P26u
ZknFfhloG2T42x7AHVxzGqdxISM/okUwQbsPMqI7Olcians1NeifNeiP9EcGuHnR
AbXSkZ5THzQkHZfO/hajqJWubx/gwObRccgJcpLsNEPj+l9vUH52A85wGXydQ9Ew
VehkboETTRYLC9jp7TMEStoTdZc70WCR2x4gZKm/95Dzq0g5EzRR/heu1wLXxFVY
7TE+jbD4N+V0HrpQ0tvrfSzRpFMvyrZ8Bvl8Bo4A6eIDozAz58lcwf5A70JjrnUo
3IkBOxGDyhJEg2BrPbrQugq5bJTjE6/ukg0Or3e9AtSxn4rz3yCZDQms4XclFonE
ZCl/EKSiDIHdDHOvN3QXvmFiNSL4QaCfOZlVUpIWuLCHXfDZ2xM=
=msFo
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3135-1] libdatetime-timezone-perl new timezone database
Next by Date: [SECURITY] [DLA 3137-1] nodejs security update
Previous by thread: [SECURITY] [DLA 3135-1] libdatetime-timezone-perl new timezone database
Next by thread: [SECURITY] [DLA 3137-1] nodejs security update
Index(es):
- Date
- Thread