-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Aug 2025 16:06:08 +0200
Source: rabbitmq-server
Binary: rabbitmq-server
Architecture: all
Version: 4.0.5-6+deb13u2
Distribution: trixie
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Description:
 rabbitmq-server - AMQP server written in Erlang
Closes: 1108075
Changes:
 rabbitmq-server (4.0.5-6+deb13u2) trixie; urgency=medium
 .
   * CVE-2025-50200: In versions 3.13.7 and prior, RabbitMQ is logging
     authorization headers in plaintext encoded in base64. When querying
     RabbitMQ api with HTTP/s with basic authentication it creates logs with all
     headers in request, including authorization headers which show base64
     encoded username:password. This is easy to decode and afterwards could be
     used to obtain control to the system depending on credentials.
     Added upstream patch: Fix_Cowboy_crashes_caused_by_double_reply.patch.
     (Closes: #1108075)
Checksums-Sha1:
 bacf29af8107001870a0e65b8531da2b9b8e85fd 7790 rabbitmq-server_4.0.5-6+deb13u2_all-buildd.buildinfo
 5c5aa667e1a1ddd28edd4d98471cfb53c8e75f07 16445832 rabbitmq-server_4.0.5-6+deb13u2_all.deb
Checksums-Sha256:
 bad47cce4e584e1b7826a579ba9d045c4b5d5b4b0a45ceb9d3cc129301dba4c1 7790 rabbitmq-server_4.0.5-6+deb13u2_all-buildd.buildinfo
 2d77b12be64d480db03489825b96d241dbd38db59673adccf5b5feefacdf8e41 16445832 rabbitmq-server_4.0.5-6+deb13u2_all.deb
Files:
 dd5987d9bfad38140d593410733acfef 7790 net optional rabbitmq-server_4.0.5-6+deb13u2_all-buildd.buildinfo
 84b8aed2c94fff724cd77903a97bc510 16445832 net optional rabbitmq-server_4.0.5-6+deb13u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmkL0c8ACgkQJm69HxMT
N+pmYw//QG0yP6PKy8J0RFcACkWFwbNDDIRuz5kHwTogFEvLBdnFn0mV64AHzWaa
L/4owvx4Mb9+b32cppY7u46VSld0xan7vGEREUgrG5xF0iYP3ho1Gl5Q53L6KwPN
raUqs3Is8++CtNqagDUuOlVJStHwZMmElwRDZbOWWyXJkEDMs9Xlq2xAgzwQoCab
icU5DheLP+UFGLRBMLc45l4ORW99c02QKGQ4bhvms3na5ME4n2M5D9IPh3al+zG7
iLvaiCImaX9I9l9nAy2zTANiHHbYNPJvRlJIcvsrEhv8IgLHB8eu6ehUFYVe0OqA
mx/rZTUFjosC/t1Q9GVcX+J7jhuosF/CqYlB74+GIUTeLFj3F43glezlQdStOyFy
Kk0QEv0hm6YyTHKBgQjOTatBStAjfjqZoe9nzdaxrGDoP6UpiB3OE6yoyoM/pImv
PY74+PbN6yaMK6e1n4jCx29CKVasRS+FyXSGl1UjoPdYs6jODY9kYaG8CiomQCjj
Lp3Vtr/evsy3p+a6z2gItSQU0RLl/NuPlTYaFZzoXrQPZSTVilUUnx3FQR2V8R5v
VeGL9jhYHck2gZ4y36gSBElloxVA6JUcQbZMp0GE3WMDJz50bYUAXP3avhhrNVU1
jyvud+Drk9KbdjePlJPwgYwJ+PelALU0x7EVtZD9mip66KnxHE4=
=zEvI
-----END PGP SIGNATURE-----