Accepted rabbitmq-server 4.0.5-9 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted rabbitmq-server 4.0.5-9 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 18 Aug 2025 17:06:10 +0000
Message-id: <[🔎] E1uo3JC-00GJ7Y-27@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 Aug 2025 18:37:26 +0200
Source: rabbitmq-server
Architecture: source
Version: 4.0.5-9
Distribution: unstable
Urgency: high
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Closes: 1108075
Changes:
 rabbitmq-server (4.0.5-9) unstable; urgency=high
 .
   * CVE-2025-50200: In versions 3.13.7 and prior, RabbitMQ is logging
     authorization headers in plaintext encoded in base64. When querying
     RabbitMQ api with HTTP/s with basic authentication it creates logs with all
     headers in request, including authorization headers which show base64
     encoded username:password. This is easy to decode and afterwards could be
     used to obtain control to the system depending on credentials.
     Added upstream patch: Fix_Cowboy_crashes_caused_by_double_reply.patch.
     (Closes: #1108075)
Checksums-Sha1:
 df74c432754f95c911ef112103e2cd2360f26c06 2958 rabbitmq-server_4.0.5-9.dsc
 88d1938ecbe377787ed5c51e54f00a414e4b17d4 36536 rabbitmq-server_4.0.5-9.debian.tar.xz
 90a91d5edb97f641f9782b4b19c1fecbcaff700b 8143 rabbitmq-server_4.0.5-9_amd64.buildinfo
Checksums-Sha256:
 978f42b73c20a2f5ca57557731bc7afd23c271a23b84293fa801eb9337ee458a 2958 rabbitmq-server_4.0.5-9.dsc
 6bd06c4d68ada51df4cb52c4e6ac38a8d1b9393da2fcde357130b423abb37e96 36536 rabbitmq-server_4.0.5-9.debian.tar.xz
 8f2f9826eb657276925db847de0c16c949c25ead08d16d19bcf0aeedbe7bb2e3 8143 rabbitmq-server_4.0.5-9_amd64.buildinfo
Files:
 783b2d6b7c4d08a03b9e444d6f963652 2958 net optional rabbitmq-server_4.0.5-9.dsc
 882df5e37e63a6fd18f4799fdd204a38 36536 net optional rabbitmq-server_4.0.5-9.debian.tar.xz
 27fbb046027449755fdfcd29ab55b876 8143 net optional rabbitmq-server_4.0.5-9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmijWWoACgkQ1BatFaxr
Q/6MOA//ZVIodCjaxp+g6IvrimLI6LU7wq4zweBYSxunlVqjdyXHy2NlXh1NRzks
7e/lRD4EFAwig6/dkinuuOscJIxOOIam7GgzVDdaXo2j68tbhefnYtpG4/Nbw6Qr
pIbtsWFvgfjN2YfeReKC1nmThXfuqosDZKw0zl+nIVpOOMPkjUrgGst3MH51xeHA
W1Fw9ElCG79IqjTMjxP+ZfdaRVpmdS7mjiUzdEgI5sH2/wGz6HVx3FCzMQX5cO++
+6GHy97MNhQg6jMtbC8fksTk8fOyVUoI+59n7JKNDQopyxsiI/5wMF8zq4vekaJJ
3w8EdkjK+XN4oQ0MbdcP8Hf4WGQVpMYaqtPxMnIXsRIc5YN3gGwzzUgrpSWY0YHA
+jZIV7QwbWR3Ea7VlVvT3vQ+IcH4d0qDtK304DtSO+QWij3M6BmAMaHIqY9z6gDo
mO4GAZeJlhaHychgJhnbO8rp3/a939Qlcjrh2gHJSp29CRvDIbCAN0Oh2b2TMwNb
vpnOQIj3nJ1uhOsmdD2rfBmQAmItZkBxRWsXQdBf64/Ra002uHv1boux64dV08Rz
z8rgjemqptajTYLewG/Ek/63mDSNWQKNi3QV67fKhBIM1tBnKDfE2yODrVU3CZqG
b0yWTe7LPU/5wp/GyA2gaVooUbZESpWeQPKpqXcodLmRRbCLdmo=
=eVz6
-----END PGP SIGNATURE-----

Attachment: pgpQQNy8kYLrf.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted libtatsu 1.0.5-1 (source) into unstable
Next by Date: Accepted docbook-dsssl 1.79-12 (source) into unstable
Previous by thread: Accepted libtatsu 1.0.5-1 (source) into unstable
Next by thread: Accepted docbook-dsssl 1.79-12 (source) into unstable
Index(es):
- Date
- Thread