Package: golang-github-prometheus-exporter-toolkit / 0.5.1-2+deb11u2

Metadata

Package Version Patches format
golang-github-prometheus-exporter-toolkit 0.5.1-2+deb11u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
02 Avoid_race_in_test.patch | (download)

web/users_test.go | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix test failures due to race conditions
03 CVE 2022 46146.patch | (download)

web/testdata/web_config_users_noTLS.good.yml | 5 5 + 0 - 0 !
web/users.go | 10 8 + 2 - 0 !
web/users_test.go | 44 44 + 0 - 0 !
3 files changed, 57 insertions(+), 2 deletions(-)

 Backport of upstream commits 2528877 and 0af5c3f:

    Merge pull request from GHSA-7rg2-cxvp-9p7p
    
    * Fix authentication bypass if stored password hash is known
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>
    
    * Add test for CVE-2022-46146
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

    * Fix tests
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>