Accepted libapache-mod-jk 1:1.2.46-0+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 18 Nov 2018 09:06:40 -0500 Source: libapache-mod-jk Binary: libapache2-mod-jk libapache-mod-jk-doc Architecture: source Version: 1:1.2.46-0+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Roberto C. Sanchez Description: libapache-mod-jk-doc - Documentation of libapache2-mod-jk package libapache2-mod-jk - Apache 2 connector for the Tomcat Java servlet engine Changes: libapache-mod-jk (1:1.2.46-0+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * New upstream version 1.2.46 + CVE-2018-11759: fix information disclosure and privilege escalation Checksums-Sha1: b966949edbb9d8239a27f3e02386e2746b448f56 2182 libapache-mod-jk_1.2.46-0+deb9u1.dsc a18c3a8a218d11ea220e6f8a9ae3cdd89dd96e1e 3252837 libapache-mod-jk_1.2.46.orig.tar.gz 76be76b0b2fd59acbcf36bbe1a5374977e745ff7 11308 libapache-mod-jk_1.2.46-0+deb9u1.debian.tar.xz 01bbe334f6e626122f8ce83902a6aa73a72cde04 7090 libapache-mod-jk_1.2.46-0+deb9u1_source.buildinfo Checksums-Sha256: 22e522d91acbacc79d3041c73ebd9f6e55eafc6bf77fd345bffa3c7299831946 2182 libapache-mod-jk_1.2.46-0+deb9u1.dsc 7e1d520e1d1dacd042087ae52be7aae47a093b93cf26931827724aa8ab66cbe9 3252837 libapache-mod-jk_1.2.46.orig.tar.gz 8a01c9136ff7e52d9ad61aaadee11ad483b78060d190ab1918e54b35a0857d7b 11308 libapache-mod-jk_1.2.46-0+deb9u1.debian.tar.xz 447e05139d2424d94da070a59ef874507c5cd1f31f6eea7d9acef91918779718 7090 libapache-mod-jk_1.2.46-0+deb9u1_source.buildinfo Files: d79ca4388d85221de1e98d98e77377c5 2182 httpd optional libapache-mod-jk_1.2.46-0+deb9u1.dsc 2f48f513a7bc0790c5473ac0f9cb6d3c 3252837 httpd optional libapache-mod-jk_1.2.46.orig.tar.gz 0fd1209979b96f6ba7bff4cba9525831 11308 httpd optional libapache-mod-jk_1.2.46-0+deb9u1.debian.tar.xz eb4b56cb19688471042e1004139662cc 7090 httpd optional libapache-mod-jk_1.2.46-0+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlwYFL8ACgkQLNd4Xt2n sg9oYQ//QTaO9FsKX9XKeoYbJRlsKNrX3Tojh3iMIjs5pZY3ZH3tr+qoYXsQxnq0 ieRyFa/N8KEMDClH+kvl8NcERHeXEv/Guj0UF1rqGceeDrUkKGqAE5bupL82ioKa RySz5r10glt58DWz5pnELCOXAK+7I/2ARBUmJ8L1SqWsLhWQI6KbM/rGh6HbOoPB XIMrJD36mSN9YIP2ejU2+sSDCmI6AjHt3MYRW4oX9NDVAD5DHXCnRdhEzku0RZqi C/YsITLI1d92LHCx/VzG/jjlNWFcBDGA/uVy3BQM8nXElSiZZOmPglRUjhcgS2yK RFy75wcuZBoA8d7cj5rdofhDIyc2++3bx48IpLF/6OEQE8O/e4XIdBIyIjkrB9kt WxX32B8ycCX2rjhfsrb1/O354HzGmn9N9DsuNJ/q4PCKwOQjhukuFWApWm8FfAvk oAFOhHOYNiRc28jR+ppRIrd+4QhzBigHnLZ2pNQ/VH1t1roKMB81j9Gi+oBh+ooY a+NuN3YHsIkccQEKqoRpxCxnGhiX6/TVWYXzkusiSuj43ce3zS0A/I3+9u4gY6oO eSZx+vkYgAIM3U1RzLVKL7gp1EfdO/wGUS7u/DHvgmQIjmYfJGEIB9fLD/cK8he/ fj67VlddtaS3IY7Ylt7/bgFQ3LVZcL49DaHuztqRfZbnPiv056s= =ybv7 -END PGP SIGNATURE-
Accepted openssl1.0 1.0.2q-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 16 Dec 2018 21:07:51 +0100 Source: openssl1.0 Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb Architecture: source Version: 1.0.2q-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian OpenSSL Team Changed-By: Sebastian Andrzej Siewior Description: libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl1.0-dev - Secure Sockets Layer toolkit - development files libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries libssl1.0.2-udeb - ssl shared library - udeb (udeb) Changes: openssl1.0 (1.0.2q-1~deb9u1) stretch-security; urgency=medium . * use signing-key.asc and a https links for downloads * Import 1.0.2q stable release. - CVE-2018-0737 (Cache timing vulnerability in RSA Key Generation) - CVE-2018-0732 (Client DoS due to large DH parameter) - CVE-2018-0734 (Timing vulnerability in DSA signature generation) - CVE-2018-5407 (Microarchitecture timing vulnerability in ECC scalar multiplication) Checksums-Sha1: e397d2f3c16a44baca863f8eb979bf29154d29c0 2557 openssl1.0_1.0.2q-1~deb9u1.dsc 692f5f2f1b114f8adaadaa3e7be8cce1907f38c5 5345604 openssl1.0_1.0.2q.orig.tar.gz 52c2f46fe1d9f4edd6421357e5d1d6212dabcef4 488 openssl1.0_1.0.2q.orig.tar.gz.asc 056f674a95e7cddf6ab73a2b6857c828c72ece97 94536 openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 9b42c6d9830a4673f4a9c26f7c9931d27f738c7c 5968 openssl1.0_1.0.2q-1~deb9u1_source.buildinfo Checksums-Sha256: 059237c5aff241f8e71183985746fb748c7024ef77ebb31a9265a377370ab7f9 2557 openssl1.0_1.0.2q-1~deb9u1.dsc 5744cfcbcec2b1b48629f7354203bc1e5e9b5466998bbccc5b5fcde3b18eb684 5345604 openssl1.0_1.0.2q.orig.tar.gz d8a8e611cb1c46e167594a19aac7b9b56e070b7ec762659462ffa23183064cf0 488 openssl1.0_1.0.2q.orig.tar.gz.asc 6e1f69c8283ded702dc1f8410baaafa5d5408d73b4999ae7e0422a7e58753465 94536 openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 542daeb263a7444974b081d3b4be41da414efc64a7717ed03d63b4bc5ab7091c 5968 openssl1.0_1.0.2q-1~deb9u1_source.buildinfo Files: 44955e19f737d80a1806a52ecf6d5a73 2557 utils optional openssl1.0_1.0.2q-1~deb9u1.dsc 7563e1ce046cb21948eeb6ba1a0eb71c 5345604 utils optional openssl1.0_1.0.2q.orig.tar.gz fe9271891371076e283ccd6bbd96f2f6 488 utils optional openssl1.0_1.0.2q.orig.tar.gz.asc cbf43d4b24a2dc6e0e8d43fe07e3c752 94536 utils optional openssl1.0_1.0.2q-1~deb9u1.debian.tar.xz 061de784fe0af0969cd6251e20578b7a 5968 utils optional openssl1.0_1.0.2q-1~deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEZCVGlf/wqkRmzBnme5boFiqM9dEFAlwYHOsACgkQe5boFiqM 9dHxHg//TOI7avT+2PAxEwf67unOR5byPjF6+GhIiU+l76Yqcmq+RyRHxCpwV/cU Q7jJF9IeNRlY/qj9NCZIJsUdxmUHFsjKVBpmnlTTFS5pJm6g3SvzkQSYYuoBCBpo O5mw57+p8X7HVE4m2z56ifrzGULtbZn65rLtsk5upUBo8KwN+oLGZ9Hxyl/5df0a tocH2F4TTyKSVephx0vfgVoRudw3YxE6pSs1nApd9FMIgw3fBKamyzhDDrkT0qA5 RhkrVpLfEkFMz6NsJ8JLZTBeRtBCNPWcpEwQYD5U6iqp5uml9ZCCtWpTkBmYFUag dHt7g6UvIZCqerjhza4i6rDKyEhJDEz5sXYk0IG0y0/9WiCkAz1JFl9r38IcDn6H H1UksdbSP5pGn40uCi+Q0BBfiEZC1UXTlhIvXOBputMJERolKL+VSNKVAZfdfYZK wDGxFwtaPh8i2UbPbh7JZlndtO5lriJ4ymouxmjsHvc5xGxZu7DTA//ZRcqHfyGo 7q7CkS27HNmss4J1u/E1VtygPpiaI2RSHe/1WQcVq1aB3kxdTlyi2vTIaq8l+pCg 4r+IhqAkZ5PQuk7PWDBEy2wIWmGWapbjamiIVDahC+95q/s67JaH+bmmNDBWwYTr /L3JNzS6bfXVtomiLN0PgYsuBcW4FBDEz3zp3sIfr7E6GITCB7E= =WILF -END PGP SIGNATURE-
Accepted netatalk 2.2.5-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Dec 2018 10:39:05 +0100 Source: netatalk Binary: netatalk netatalk-dbg Architecture: source Version: 2.2.5-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Netatalk team Changed-By: Salvatore Bonaccorso Description: netatalk - AppleTalk user binaries netatalk-dbg - Debug symbols for netatalk Changes: netatalk (2.2.5-2+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * Unauthenticated remote code execution in Netatalk (CVE-2018-1160) Checksums-Sha1: 9e36b5195c5877798b5f2b136eadc4c60c42c83b 2477 netatalk_2.2.5-2+deb9u1.dsc 069e98a63b57d25bec5521a6dcdc0d38957f9f35 1727893 netatalk_2.2.5.orig.tar.gz 6951b955543b4e96623875f6c299d08e601e6330 49788 netatalk_2.2.5-2+deb9u1.debian.tar.xz Checksums-Sha256: 42f27b88bb900bbb5de904b97a59b314f8f25eba33c4456f97a37d207782c819 2477 netatalk_2.2.5-2+deb9u1.dsc efd95fc95c1821a80d0db34babf1e94d70145aaa7c6a2597f10ff1f72508f9c7 1727893 netatalk_2.2.5.orig.tar.gz 6c7d21ad7129d527d59985ea7599a8fa7e7e61b793b0fc61627db77caebe03fa 49788 netatalk_2.2.5-2+deb9u1.debian.tar.xz Files: 1f0342c7a9734272d0d3722a49b71d45 2477 net extra netatalk_2.2.5-2+deb9u1.dsc f93d23ceb27a77634fcd554858d0857f 1727893 net extra netatalk_2.2.5.orig.tar.gz e140cca7e92c7402ce2d100bbbef8fc3 49788 net extra netatalk_2.2.5-2+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlwbZJdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EwpsP/3DGxslWnjSOVewrGmz00R9K9uxParDy 7Kt75fUj525Bca/FNLH5QvCMmYbQ9JIOO/E2iRlgNt6AUQlQKb27WjVA20z1TkrZ i8cGm5l83FNWxhTesGLY4HYeDIg9xhKt9cRSWvT5wp8gYxLgwTFV+BRBo+Gv88pa ITXOYXOs6G5NwAPYVfexKWLKpGXhWLhejbPu79SdfONJcKv9s6NYYcjQf/El3ocB LAPTxIxTaLdy8k1hSN1LAmXAY52IlwSFeqnARF+Uo8FRJTw9dEULOw29QIaN9OpN dJtrAmJa6XZCuVHXPFCf3/FYzqBkL5cOxzWDUjxe0SbfdqCTUXJ/yurDPZePpB1M eBD0jEkXa6tkS2AZrFdYD+LJiZ/O2QQUuqkiK0J12B2tE0JWzocvrW+XFhgFuYY8 SJQQ3gozcgSGZse+qkvc6ye0Mi/5QFQFaPpq9PyIjl1ufwWQBAp7HD4h+IZpdp8P 1Gu9nxK9M22ydeRjzbXue3mWFQH5GqpDrYeqkxAHiT4Ob0nJgoAXVvs38TroR2rh LzIPxRE6j4oG7g1C2jmcjbCu41tXck+LWWPGuiNmBJPVCkXPKhIAUTFfuX4r1FGK UFN5Bm32uT8RnxpqSUGuKJwFOokDeeNeZGS90lZQ3Gs6aaQ5h8KfConR/gsrtZ17 KU0UNT5TUzSF =Fk8l -END PGP SIGNATURE-