-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4823-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
January 01, 2021                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : influxdb
CVE ID         : CVE-2019-20933

It was discovered that incorrect validation of JWT tokens in InfluxDB,
a time series, metrics, and analytics database, could result in
authentication bypass.

For the stable distribution (buster), this problem has been fixed in
version 1.6.4-1+deb10u1.

We recommend that you upgrade your influxdb packages.

For the detailed security status of influxdb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/influxdb

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl/vbN4ACgkQEMKTtsN8
TjaxRw//e2Garai/wwzfO25MIwHl7+/dmd/4cJXF1fOUA97gwvkK3qd1UIq4vb4g
FBUQnhDtV3J94DVVK+EzZOnhtMNLoNES/RGrFpBCJZq0+UrtAEdEBXjo0xkipY+i
OzwWIO6TEPebWQ0BYdS5hPVRTsbpvoVG1wP2X9/vPxCR6aNQJxllbnGfoFBU8XxS
U9YSHJZJZTY71NyegdI3vUbIrRPlFvqxHNdGgKUwAxyIXpmJynIH8P//qgkCyuOG
hQ+xV2jUU4azVqk+5YvSX6nQ9mlZWAxv9VWqzoy87X5ee4kBZDHboEkyBo6nrzCH
TQeFJ8U3RDWJSXub4irS7Jrduq41tYSdDSSR89tjoTKnmSGpHLMr092L0z38a7i6
RqCN5TB9/xZoA1+01oIQ2s4SyweXwYuFZrJ+yKH/lH7hACpbxUWGbqCMgKrT0XXn
/SXk3TD6qkkXV7dUJVy1SNSTJZ3RYN2tdeRFBy1ekmkAKy6gc0izMsiTvFZ4+2WU
TkV7eYeH40r86Cvx3D2vmGLKxigGoNqzMtDVrqEQ2r4GWDgVIj4m6fMhHBLQHTY2
Qs088piCTYtATVcwOfc1QnpcDoB5glF2vBh9s5xbax0DgzN//VqBoezgzcuU2sxL
w4rC2Qfby0lVde1x3pjrt3xvXiu71xmow5FYCCk6F5KGkG/zQUk=
=nGsx
-----END PGP SIGNATURE-----