Discussion:
Bug#1033753: golang-github-crewjam-saml: CVE-2023-28119
Add Reply
Shengjing Zhu
2023-04-03 04:20:01 UTC
Reply
Permalink
Control: clone -1 -2
Control: retitle -2 Don't release with bookworm
Control: submitter -2 !
Control: severity -2 serious
Source: golang-github-crewjam-saml
Version: 0.4.12-2
Severity: grave
Tags: security upstream
Justification: user security hole
Hi,
The following vulnerability was published for golang-github-crewjam-saml.
Strictly speaking might be disputed if it is RC level, but would be
good to have it fixed in bookworm before the release.
Let's remove it from bookworm. No reverse dependency.

--
Shengjing Zhu
Debian Bug Tracking System
2023-04-03 04:20:01 UTC
Reply
Permalink
Post by Shengjing Zhu
clone -1 -2
Bug #1033753 [src:golang-github-crewjam-saml] golang-github-crewjam-saml: CVE-2023-28119
Bug 1033753 cloned as bug 1033864
Post by Shengjing Zhu
retitle -2 Don't release with bookworm
Bug #1033864 [src:golang-github-crewjam-saml] golang-github-crewjam-saml: CVE-2023-28119
Changed Bug title to 'Don't release with bookworm' from 'golang-github-crewjam-saml: CVE-2023-28119'.
Post by Shengjing Zhu
submitter -2 !
Bug #1033864 [src:golang-github-crewjam-saml] Don't release with bookworm
Post by Shengjing Zhu
severity -2 serious
Bug #1033864 [src:golang-github-crewjam-saml] Don't release with bookworm
Severity set to 'serious' from 'grave'
--
1033753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033753
1033864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033864
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Debian Bug Tracking System
2023-04-25 12:20:01 UTC
Reply
Permalink
tag -1 pending
Bug #1033864 [src:golang-github-crewjam-saml] Don't release with bookworm
Added tag(s) pending.
--
1033864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033864
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Damian Szuberski
2023-04-25 12:20:02 UTC
Reply
Permalink
Control: tag -1 pending

Hello,

Bug #1033864 in golang-github-crewjam-saml reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/go-team/packages/golang-github-crewjam-saml/-/commit/8984900ca7e0fe74f2c73fe32b66ebbe9ae7ed8e

------------------------------------------------------------------------
0.4.13-1 release

* New upstream version 0.4.13 (Closes: #1033753, #1033864)
* Lintian fixes
------------------------------------------------------------------------

(this message was generated automatically)
--
Greetings

https://bugs.debian.org/1033864
Debian Bug Tracking System
2024-10-15 18:10:02 UTC
Reply
Permalink
Your message dated Tue, 15 Oct 2024 17:59:50 +0000
with message-id <E1t0lpm-009geK-***@fasolo.debian.org>
and subject line Bug#1081326: Removed package(s) from unstable
has caused the Debian Bug report #1033864,
regarding Don't release with bookworm
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
1033864: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033864
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Debian Bug Tracking System
2024-10-15 18:10:02 UTC
Reply
Permalink
Your message dated Tue, 15 Oct 2024 17:59:50 +0000
with message-id <E1t0lpm-009geK-***@fasolo.debian.org>
and subject line Bug#1081326: Removed package(s) from unstable
has caused the Debian Bug report #1033753,
regarding golang-github-crewjam-saml: CVE-2023-28119
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
1033753: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033753
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Debian Bug Tracking System
2024-10-15 18:10:02 UTC
Reply
Permalink
Your message dated Tue, 15 Oct 2024 17:59:50 +0000
with message-id <E1t0lpm-009geK-***@fasolo.debian.org>
and subject line Bug#1081326: Removed package(s) from unstable
has caused the Debian Bug report #1054223,
regarding golang-github-crewjam-saml: CVE-2023-45683
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)
--
1054223: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054223
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...