Package: golang-github-prometheus-exporter-toolkit

Package: golang-github-prometheus-exporter-toolkit / 0.5.1-2+deb11u2

Metadata

Package	Version	Patches format
golang-github-prometheus-exporter-toolkit	0.5.1-2+deb11u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
02 Avoid_race_in_test.patch \| (download)	web/users_test.go \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	fix test failures due to race conditions
03 CVE 2022 46146.patch \| (download)	web/testdata/web_config_users_noTLS.good.yml \| 5 5 + 0 - 0 ! web/users.go \| 10 8 + 2 - 0 ! web/users_test.go \| 44 44 + 0 - 0 ! 3 files changed, 57 insertions(+), 2 deletions(-)	Backport of upstream commits 2528877 and 0af5c3f: Merge pull request from GHSA-7rg2-cxvp-9p7p * Fix authentication bypass if stored password hash is known Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu> * Add test for CVE-2022-46146 Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu> * Fix tests Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

Patch

File delta

Description

02 Avoid_race_in_test.patch | (download)

web/users_test.go | 3 3 + 0 - 0 !
1 file changed, 3 insertions(+)

 fix test failures due to race conditions

03 CVE 2022 46146.patch | (download)

web/testdata/web_config_users_noTLS.good.yml | 5 5 + 0 - 0 !
web/users.go | 10 8 + 2 - 0 !
web/users_test.go | 44 44 + 0 - 0 !
3 files changed, 57 insertions(+), 2 deletions(-)

 Backport of upstream commits 2528877 and 0af5c3f:

    Merge pull request from GHSA-7rg2-cxvp-9p7p
    
    * Fix authentication bypass if stored password hash is known
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>
    
    * Add test for CVE-2022-46146
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>

    * Fix tests
    
    Signed-off-by: Julien Pivotto <roidelapluie@o11y.eu>