-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 20 Sep 2018 11:29:33 +0200
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 4.1.4-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatth...@debian.org>
Changed-By: Patrick Matthäi <pmatth...@debian.org>
Description:
 glusterfs-client - clustered file-system (client package)
 glusterfs-common - GlusterFS common libraries and translator modules
 glusterfs-server - clustered file-system (server package)
Closes: 909215
Changes:
 glusterfs (4.1.4-1) unstable; urgency=high
 .
   * New upstream release.
     - This release fixes multiple security issues:
       - CVE-2018-10904: Unsanitized file names in debug/io-stats translator can
         allow remote attackers to execute arbitrary code.
       - CVE-2018-10907: Stack-based buffer overflow in server-rpc-fops.c allows
         remote attackers to execute arbitrary code.
       - CVE-2018-10911: Improper deserialization in dict.c:dict_unserialize()
         can allow attackers to read arbitrary memory.
       - CVE-2018-10913: Information Exposure in posix_get_file_contents 
function
         in posix-helpers.c.
       - CVE-2018-10914: remote denial of service of gluster volumes via
         posix_get_file_contents function in posix-helpers.c.
       - CVE-2018-10923: I/O to arbitrary devices on storage server.
       - CVE-2018-10926: Device files can be created in arbitrary locations.
       - CVE-2018-10927: File status information leak and denial of service.
       - CVE-2018-10928: Improper resolution of symlinks allows for privilege
         escalation.
       - CVE-2018-10929: Arbitrary file creation on storage server allows for
         execution of arbitrary code.
       - CVE-2018-10930: Files can be renamed outside volume.
       Closes: #909215
   * Remove extra documentation file from libdir.
Checksums-Sha1:
 1132c186cff6c1a0810cefaedc8d564f4c56e28c 2157 glusterfs_4.1.4-1.dsc
 5128070adce6597a4134273bd92dd33be41570e9 7801583 glusterfs_4.1.4.orig.tar.gz
 5c0340bc38b7b85460582cb712f01e3e20f249ae 17712 glusterfs_4.1.4-1.debian.tar.xz
 e82ed4362006f13708723a7b740500311b1ae9c5 37596 
glusterfs-client-dbgsym_4.1.4-1_amd64.deb
 3c405979fcb02293e542cb70e90e96dbc2a99936 2358740 
glusterfs-client_4.1.4-1_amd64.deb
 c5945cdb2eba573f91d37ee520925fccc21d0487 18547272 
glusterfs-common-dbgsym_4.1.4-1_amd64.deb
 42ff39c490937e6c642e7c87771000374f449ab5 5691972 
glusterfs-common_4.1.4-1_amd64.deb
 a5f4ad5ca23bf9340c0d4a3806ae5fbb7f9ba41f 750984 
glusterfs-server-dbgsym_4.1.4-1_amd64.deb
 02695590196384f196ed019cbcd2ad3716b629a0 2532168 
glusterfs-server_4.1.4-1_amd64.deb
 c99a524aec109bee7027154bb30f1d0ae9714b00 10652 
glusterfs_4.1.4-1_amd64.buildinfo
Checksums-Sha256:
 ba1a6351a063cc0b93bdd0a89d2aec6ca7ff0abf31acdbc06c2af3f76ed79cda 2157 
glusterfs_4.1.4-1.dsc
 b940b6d1a57e4c6c7f5aa4f4caaa9bf9d2ff17fab496a9e38d7b4382af006d70 7801583 
glusterfs_4.1.4.orig.tar.gz
 84abbb1ebc1441e5f09330c73ca72ee8b1e58c235fa22014ba8ffd98d73cf945 17712 
glusterfs_4.1.4-1.debian.tar.xz
 2413bae34ff6b28b8154ce6d439765cb23465d0f0a9d527bdc4acf0c70dca83e 37596 
glusterfs-client-dbgsym_4.1.4-1_amd64.deb
 bb18964f70579573031311aa35aba94db540f1fadda0b49cfb2aafbe5ccbd915 2358740 
glusterfs-client_4.1.4-1_amd64.deb
 865997b8a51af3fc696d319c90c8145bb1e0b7a73ccc2c45c330fac5890746dd 18547272 
glusterfs-common-dbgsym_4.1.4-1_amd64.deb
 02dcb7078f97abfa96ff43779229e3aa2d876bd9e0a9b281dfb617c6e9dc0d89 5691972 
glusterfs-common_4.1.4-1_amd64.deb
 cab26267c39ce55526c751ce39bea77adb0d3d321918213eec407effa585fe11 750984 
glusterfs-server-dbgsym_4.1.4-1_amd64.deb
 3912c378dc53948371d193c120f1cf18646e593062949bdab5132e7b69db4060 2532168 
glusterfs-server_4.1.4-1_amd64.deb
 a42a0724f763c220bbce39e254f3c8278a7fb9edd95c65af8d25cb8cd7919ebc 10652 
glusterfs_4.1.4-1_amd64.buildinfo
Files:
 7fada2bf7e85516cc7a7a1fefbdfa601 2157 admin optional glusterfs_4.1.4-1.dsc
 f367ad03011a41248d4f230f3d391765 7801583 admin optional 
glusterfs_4.1.4.orig.tar.gz
 56f18af3c4dc466ad5bcdc2520b13389 17712 admin optional 
glusterfs_4.1.4-1.debian.tar.xz
 2ea57a41cbf94f61ca2008174dea0f48 37596 debug optional 
glusterfs-client-dbgsym_4.1.4-1_amd64.deb
 6ce1fa45adee3c34da12872aba3dd168 2358740 admin optional 
glusterfs-client_4.1.4-1_amd64.deb
 30e9badb20923d96d432a301154fd582 18547272 debug optional 
glusterfs-common-dbgsym_4.1.4-1_amd64.deb
 aab6e779449e0c7d4753830428c12e77 5691972 admin optional 
glusterfs-common_4.1.4-1_amd64.deb
 891dcd71233ac434c261f2ed46565b8a 750984 debug optional 
glusterfs-server-dbgsym_4.1.4-1_amd64.deb
 64fa26e3a3fcb050ab764aaeb057852d 2532168 admin optional 
glusterfs-server_4.1.4-1_amd64.deb
 1dc638de5bd5eaf9b0147444ec14ca69 10652 admin optional 
glusterfs_4.1.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlujd9wACgkQEtmwSpDL
2OSyiA//fzQ+HOaVLVigZreGyjw0QXjAzt1a4PN/txblt0s5Y7mfiY2fXOIHd2GV
p5Oj1G76neTrXHfXXDcDgUuP3umAUFAQ7iXJwWSMeGEuMVrPyUGngvN7zHP0wtAz
wsC7+7HD4aYP6Xvzt+82vZLj+oLhFN7OqulmIS4TKwSrwMK/6C8aCf7XvOZY0jUF
V3IM/kyKWQ2UsdbNyae9+jid2VHqqp4MgQG6KokjMhjTKjrrYBTHBOdvie5OnDwl
N1Z0po07zzUff424YOzk4YlpvwzUImEXNqF49FbSQlLdGEju8KkjE1K2LltpXytF
9R6xOk7yPSNKfAUR4zM+Wq1w6XLIo5UqzKqxLjCk0Nhj5sgQkJone8l8lcXA+vjB
kYDzBMJc7YqcgxfP2IoNzZ0VjWg+P5FmEHiKap3G3173UV4XZmi9glvTEWcJJcMU
s5KvCdAE5h24BfYjeQGB8iKiyVofZ08qufR1G+Hxv++kAKPKa60C6xoGA31JZKQd
m8mX1weuxl5De0B7ek4cofNV0mx4f3JspDxbv6ic/PcJbVnvrykXrrFENf3ihncB
Nm7tO20nn/Im2sciCRx5PYh1XZx281BvRmEUFnU+pLaxj1+Fma6Ccv0NzT3AGnxy
OH0EPhHGQ/BcyXU/HzgB8GIPyT7XzRchq5opgCvcn0VGSI/wyRM=
=EATa
-----END PGP SIGNATURE-----

Reply via email to