Accepted python-django 1:1.10.7-2+deb9u7 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 06 Jan 2020 17:52:10 + Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 946937 Changes: python-django (1:1.10.7-2+deb9u7) stretch-security; urgency=high . * CVE-2019-19844: Prevent a potential account hijack via the password reset form. (Closes: #946937) Checksums-Sha1: 5d7572b2d103d2e38351251a55203a354d9ebbf4 2804 python-django_1.10.7-2+deb9u7.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz ec405d3ab180b33cf78449eb12af94dca4b80ddc 44024 python-django_1.10.7-2+deb9u7.debian.tar.xz c4c293e6b8261d1857fa13353a0f4cf46109321f 1515080 python-django-common_1.10.7-2+deb9u7_all.deb 8b9ddfc21fb812d75e5961f028ca5b007b0a20c1 2536484 python-django-doc_1.10.7-2+deb9u7_all.deb a7e7294eee602d7bf87cc41c78ca585d0e49f5d1 905080 python-django_1.10.7-2+deb9u7_all.deb a70974a395b89996c1b1e1d42ba5a8a7e4c0641d 9386 python-django_1.10.7-2+deb9u7_amd64.buildinfo 8e78dc8699f240af25e93c43257e276c825aaec4 886618 python3-django_1.10.7-2+deb9u7_all.deb Checksums-Sha256: 0b0bb55549574e2a65ffa79669757f4eb409dea8a124a759c3b7e331dac4214a 2804 python-django_1.10.7-2+deb9u7.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz 9325cadba0cb6b8f318a95e482deb71a271d87df1643fc7bea30fc571107c62c 44024 python-django_1.10.7-2+deb9u7.debian.tar.xz 0a174b5d64d6475dd2ccaef9f762fe2d538b4f1c02b381d0ed2a6a958fc84bc8 1515080 python-django-common_1.10.7-2+deb9u7_all.deb 168b275c555b91d42f156e71a4042832ac854877cd3efdfcbf56667ac163de2c 2536484 python-django-doc_1.10.7-2+deb9u7_all.deb cf0cc4006230c8f7e37f6eca9ff31e644ef6fb979d42cfe355f494b54a819d39 905080 python-django_1.10.7-2+deb9u7_all.deb c627110d9dfc4439ce57441c13858239f082ae4d4486fc780fa62bcbff337387 9386 python-django_1.10.7-2+deb9u7_amd64.buildinfo 831e7d7b3089d6b72d490cf343c03a29b9a690563cda53ae7d02b35f04669722 886618 python3-django_1.10.7-2+deb9u7_all.deb Files: 2d0eb81efabac7ca4a1f1630c304c618 2804 python optional python-django_1.10.7-2+deb9u7.dsc 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz 61f2736f354f63fe4f6a4ade30fb0073 44024 python optional python-django_1.10.7-2+deb9u7.debian.tar.xz 32245b8b212510868d2ebcd9670cf31c 1515080 python optional python-django-common_1.10.7-2+deb9u7_all.deb 80e7bf503a7943298e1c06e043c93de1 2536484 doc optional python-django-doc_1.10.7-2+deb9u7_all.deb 981a753ec7197197fe5e08666bfbcc90 905080 python optional python-django_1.10.7-2+deb9u7_all.deb 2e5552b7830340ea92c8038cad364361 9386 python optional python-django_1.10.7-2+deb9u7_amd64.buildinfo 61dd9b604ede07ad9c44ee26e2332acf 886618 python optional python3-django_1.10.7-2+deb9u7_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4TvokACgkQHpU+J9Qx HlhYjBAAgAac7K6Xbf29c/NIPlnpeN6jdHxGOBLkeVKTUm2MRrgogr9Z3bmSwfT3 aQVbgrPAgXDOjSUcmjOmn6QZh33udmPEVku8lG5fYRVERneNz9jnwN74S1H6resz VVYBzk/kKTcjpJdKrS3CitXbmz97LKtJ652XKSUxN83eTaBEsNyYmDCEIKXnmB1s yyMv9L1+0Tuubpeitmxcnx9AROdf5eDf29YFUQilASqw/GbLRTEAx8liF73zW+s4 vu85U/DEMZwnuIT54BZIqYd+A8sDwujbFB6u6xRR04Ooy2bCtIgemvIcwsJ+SfBz 5qFSWAXN7b1msI+07wycrtIh6Z0W76nKc6R2NUgb/cyBq6hCeQ1NA8v7G0zOL4sF +z4ywmoAacfS2zJPKxQyn8dTUuid28Du0XImPGYoEGodWjaHgIZH2KAUX9J4R+B/ fJQfdBZnbwd4EP7cGpAVyOK2eK+P+hA/uDmWZH7PJCxYFxnPzikXq6P2u9C7qoYo DTrzu8MeHM26KjsPZZs94M4dgGet0vcsraJomeFs2qoKy/HDPn5vHcm2fyxksoOd K27W4YE3aTgrcZxXWTW4cU2brXMML6CieBQ80h0lrRc0yq/8hR2LUdmgPF7vcM1E eqxXq4/7PwLfYxOK+fM3nDj4ikxjz21tRfDTjJDkGmrCR6aTCH4= =p5DU -END PGP SIGNATURE-
Accepted python-django 1:1.11.27-1~deb10u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 06 Jan 2020 15:35:55 + Source: python-django Binary: python-django python-django-common python-django-doc python3-django Architecture: source all Version: 1:1.11.27-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 946937 Changes: python-django (1:1.11.27-1~deb10u1) buster-security; urgency=high . * New upstream security release. (Closes: #946937) <https://www.djangoproject.com/weblog/2019/dec/18/security-releases/> . - CVE-2019-19844: Potential account hijack via password reset form. . By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account. . In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address. Checksums-Sha1: dbd523d34605a28fb3880e870aab6809b230cb68 3267 python-django_1.11.27-1~deb10u1.dsc 8f0ad184cbae6e69dbe2a1f4d7ec32d842657001 7976980 python-django_1.11.27.orig.tar.gz c8fbb06f8c6368f596d80e332c7518a537e7697f 27276 python-django_1.11.27-1~deb10u1.debian.tar.xz 4e7b6cb564fcbc0cadf3d8de400d39c9282c3654 1538076 python-django-common_1.11.27-1~deb10u1_all.deb a054fee1e86f82030397bd841dfa5c78e968dc6a 2689580 python-django-doc_1.11.27-1~deb10u1_all.deb bc8a14f1b1b3569da28028f4ec01806e7352dd77 917320 python-django_1.11.27-1~deb10u1_all.deb 9ac9abed0738fed7e8d951c7fa98cd43ae4a2298 14208 python-django_1.11.27-1~deb10u1_amd64.buildinfo 565b60900064d136e3d1a2b0b436cdf5c017c453 917472 python3-django_1.11.27-1~deb10u1_all.deb Checksums-Sha256: d8db6a86b018830d089524a77c5dbe35e2e5ee86fd7f66bbf6061e28a0f740cb 3267 python-django_1.11.27-1~deb10u1.dsc 20111383869ad1b11400c94b0c19d4ab12975316cd058eabd17452e0546169b8 7976980 python-django_1.11.27.orig.tar.gz 4b24466c413d6f80fd8b8fe511b9401c650daca17a253cce6047eaffabf1e8eb 27276 python-django_1.11.27-1~deb10u1.debian.tar.xz 05d843f7f396663203161af92ddc98c3643bcf492169e5e07ff7eef5c32527a8 1538076 python-django-common_1.11.27-1~deb10u1_all.deb 14f2cee56e3a359ad438fe8c05acd6f3c8037778f18fc7f8a4d2e4dcc5bba911 2689580 python-django-doc_1.11.27-1~deb10u1_all.deb 67157d719ec22ee8df031edc93789dcc03b22df43080496ce400809021f5ace5 917320 python-django_1.11.27-1~deb10u1_all.deb 1a48a9763ce0c184440396ee4b82b8576a81cce26a1690e5533031e38a704e44 14208 python-django_1.11.27-1~deb10u1_amd64.buildinfo 5a201f2d3e2117ccad111b89afd941bac8dd4e174f61fdddc31057730d9f9773 917472 python3-django_1.11.27-1~deb10u1_all.deb Files: de97d0a2ce04ea9bb4e87ad3c3b17071 3267 python optional python-django_1.11.27-1~deb10u1.dsc e75626654c7d92ff8bafa2a36d137372 7976980 python optional python-django_1.11.27.orig.tar.gz d1fa1f59ff05d9cc2a70d2e6c1461f3a 27276 python optional python-django_1.11.27-1~deb10u1.debian.tar.xz 602d59aa85f11c7830c714ae8e2a00f1 1538076 python optional python-django-common_1.11.27-1~deb10u1_all.deb 4209972a157dd5b2c0b0d5edd12f4b83 2689580 doc optional python-django-doc_1.11.27-1~deb10u1_all.deb c0500947c8ab6f5f6fc544417fe4e33e 917320 python optional python-django_1.11.27-1~deb10u1_all.deb 0f72d705e397a1d8ef744e88f727352e 14208 python optional python-django_1.11.27-1~deb10u1_amd64.buildinfo a10adf7165cc6f501e14f5bb734246b7 917472 python optional python3-django_1.11.27-1~deb10u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl4TcC8ACgkQHpU+J9Qx HljL2g//QofqKYGSnlXdY5iIJdqGbZcx17ApDnlgOqJr6cq9KGgDkbaJn8RK4IgL Gnpf2xTJpKvxRDIUyNFrmG6e7Ga9bqHepUkRa/svlI/0yW61IS6EBGXQ5oDLho4R F6eh/O0FcQckSHusKY5y235QjlNv1aHDwcW1Gzxreo7ko2PaIIzViSDDYozoPA92 WwXpbJZoPqnBS+ySwDxGT5eFJp8qjg93Ht1e1wVolpADXrfMZL0Qki2/1RHV50jP SIKjQvCqwtriaQD4lGB/TbIcsjfqii98a+PYC2QxuI/AmQqu9VEuyxkYjzw2PrDv G2vLGIdlJmb4SkF4Z4ss26JKDm1+79APkpWlBug/d7+SoKwMrYjO8QC3yVZlrW2B +CeNJoCkDXclqv4qQK+D9fg/hERKzdAyxEvx0VtssJ9apDF58EveC4AgRVuiYJME /kWYmsz4bBmLTE9hrntyTuqyC1OMWKWYCNZ0u+ZQBqECc5edr6YjgWYuE9RqTbE7 pMLC1KjBqSS4R/3wbAYDfvsfKTCfseN18yPH3eHDpcWgrsZqmSmYy506WDHVFcPw DrKNRJRi9elJ39bnJCiledbfqxPGvz2KhkfCN+8l281JRUBI3X9pHP11jJZfO4vV UYLy6Pgdp7GIfDy1Nm7F4nxhsjpC518sFHEspRBgieNrw+v7+TI= =4EQD -E
Accepted monkeysphere 0.41-1+deb9u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 14 Aug 2019 10:09:00 -0700 Source: monkeysphere Binary: monkeysphere agent-transfer Architecture: source amd64 all Version: 0.41-1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Jameson Rollins Changed-By: Chris Lamb Description: agent-transfer - copy a secret key from GnuPG's gpg-agent to OpenSSH's ssh-agent monkeysphere - leverage the OpenPGP web of trust for SSH and TLS authentication Closes: 934034 Changes: monkeysphere (0.41-1+deb9u1) stretch; urgency=medium . * Prevent a FTBFS by updating the tests to accommodate an updated GnuPG in stretch now producing a different output. (Closes: #934034) Checksums-Sha1: f964347c5b70a79460ee9e42afe505afc51968ea 2340 monkeysphere_0.41-1+deb9u1.dsc 486a096234d23ca36efdd5a45fd06b2b4c05c863 6820 monkeysphere_0.41-1+deb9u1.debian.tar.xz 87c9d2087bacebaa7663b092dc3d702402056fc3 25604 agent-transfer-dbgsym_0.41-1+deb9u1_amd64.deb 50963339408e7cac0a5e48a6a94cc0015257931a 21016 agent-transfer_0.41-1+deb9u1_amd64.deb b81ad983e724342d14018ead09a1bbec9907da35 73430 monkeysphere_0.41-1+deb9u1_all.deb 73c2da2c7a7dd9cdbcb814f3af79b52bfa347a71 7512 monkeysphere_0.41-1+deb9u1_amd64.buildinfo Checksums-Sha256: 924946135ea71d33de83fabb4491e06bb317002610323d7ed1e05d20740910c0 2340 monkeysphere_0.41-1+deb9u1.dsc 1f721cf79be4bb7a76208496c7970fec0dd3ac1c791f8dafcb45228674f925df 6820 monkeysphere_0.41-1+deb9u1.debian.tar.xz 38db97659c5cb68476d90efeb3d1004d72637926f8c965886c487978297d319c 25604 agent-transfer-dbgsym_0.41-1+deb9u1_amd64.deb c600f7ac637d1239abed63d7a3c71c326b310be79365a4e97f8999744736 21016 agent-transfer_0.41-1+deb9u1_amd64.deb ecad6268acd5bf0ce37f9bd50950c3b3cedd9e602053f25336f52d7938adc5e7 73430 monkeysphere_0.41-1+deb9u1_all.deb 767d7537b965245765b14ca6487d0789b089442a6fc6d70a8794d92ef3927ebd 7512 monkeysphere_0.41-1+deb9u1_amd64.buildinfo Files: a2e90c1511bb5cfde124ddf4e7314eb4 2340 net extra monkeysphere_0.41-1+deb9u1.dsc a30271c08b4b38438adbf6d52fce30fa 6820 net extra monkeysphere_0.41-1+deb9u1.debian.tar.xz 164e721f29b5d43e31efbb75b8bf4328 25604 debug extra agent-transfer-dbgsym_0.41-1+deb9u1_amd64.deb 32122e3163028b59efc9a7a8b1856bde 21016 net extra agent-transfer_0.41-1+deb9u1_amd64.deb fe82ec8c185ac489dc0abd8f43802d27 73430 net extra monkeysphere_0.41-1+deb9u1_all.deb ee45486b4cad3df7cadd5f774e876c32 7512 net extra monkeysphere_0.41-1+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl1a5ZYACgkQHpU+J9Qx Hlhxnw/8DInon+TakQa2xmPjqEhxwhNQ1j9sK7tCSI5n0ZLtW/8m1Bvg467PzZ5m AqhMZoxnm3NJ+dlBbNQcoRglAb416omeqyfhAf9Hzh1RHdVqpROjtzd8MUD3DIWV K0cy4zpSWIkxwKLfbTQLFhTFBZNZE/XawzAxv66ONqEOpejtwEyp9tXJbVukxO1M YiyffbEWnbbPt/7TBRTJkzRSfI1B1o4q+hJ/SW2Mf0N+l98AN/6TBb8NADcAqqun HpAhtD+p9SjK1LemCXx6cYdKNE12spELBsQKNhOgfEgwjXktYkoel6Z0utc+XfkI 3/shxyXKIdGUYCOoon1Es05ec1qR23s7Z8ZX/gMwby+NMKqAdlbBztWmRWVE95xM QD1rpg4LqyvlnGK8IogKVNPVv9lU1O1OylKqJ7TCG5B3qalRoxNmsmWVbsc/g2vg XVH5cZEdRirSc2kGVCpaebi3P1NGdOLFsYOuoROUZGvFM7geFm68DOGwzEpYOC/z QmpymMlt6GCJDEn6drtT9G/kd+x14c+FLCBoAT37Jgc19P+lVgTYm28T81zWzn3W L68pktmpU9p5yCVzjac6mfclwu9YlJdUv9vgvk5+MLBEuqvZvb1uST8kGWzwnK3W Otqokw5cR5Ujdoa7TLyPPT0rGpKiR0eN/mUMMO4QzJ+HgPb4lNc= =Se2b -END PGP SIGNATURE-
Accepted python-django 1:1.10.7-2+deb9u6 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2019 10:42:49 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u6 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 934026 Changes: python-django (1:1.10.7-2+deb9u6) stretch-security; urgency=high . * Backport four security patches from upstream. (Closes: #934026) <https://www.djangoproject.com/weblog/2019/aug/01/security-releases/> . - CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator . If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. . The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output. . - CVE-2019-14233: Denial-of-service possibility in strip_tags() . Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. . strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made. . Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape(). . - CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField . Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter(). . - CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() . If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. . uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences. Checksums-Sha1: e4c794483d1479af946eeea752961d20a12448c2 2804 python-django_1.10.7-2+deb9u6.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz feab4bd57a62673926a3089667c625ab395c3741 43076 python-django_1.10.7-2+deb9u6.debian.tar.xz 7ebe2c2077bb53cd39df0e45a09b7c0bf7a77944 1514716 python-django-common_1.10.7-2+deb9u6_all.deb 1677744710e8471218b165cc907c93057ba0706a 2536628 python-django-doc_1.10.7-2+deb9u6_all.deb b216433020dd160e046db6b00edd4256eb7e4dd5 904768 python-django_1.10.7-2+deb9u6_all.deb 2058552727dcb0ced961d1ae5f74bef48927ce04 9329 python-django_1.10.7-2+deb9u6_amd64.buildinfo 9142557285e2d19f39e9acd053f066c97fb7b55a 886550 python3-django_1.10.7-2+deb9u6_all.deb Checksums-Sha256: 31b4b068e1d93983fcf41f48c6d03356d180dcd6ae257f6d0e677207c62a90f1 2804 python-django_1.10.7-2+deb9u6.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz 61382e22d2c377a3897365f20119d98230289c67973dc512853b2abb41ff88dc 43076 python-django_1.10.7-2+deb9u6.debian.tar.xz 74d0de4efcbc8ac8d0d4ec39aed86f0f843e935a39028d3e0f5b76dd609443c3 1514716 python-django-common_1.10.7-2+deb9u6_all.deb cb1e96c5c3f1b17b89a5df81fbc774c0c1b0abc680100d8d0778e51c035e602f 2536628 python-django-doc_1.10.7-2+deb9u6_all.deb 6bf000c33f8bb17ad8a257bd78952ad6e35658a5d4be806f9ff6f2daf8a1b653 904768 python-django_1.10.7-2+deb9u6_all.deb 0f9c2eaadfb56b187b2aef853329eb6705940399e26c1075b246628bd486fc11 9329 python-django_1.10.7-2+deb9u6_amd64.buildinfo 6122ac69a7e6a6fc896f740273bed3264a8939baca4ef6c34c62dd08c6a41439 886550 python3-djan
Accepted python-django 1:1.11.23-1~deb10u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Aug 2019 16:00:04 +0100 Source: python-django Binary: python-django python-django-common python-django-doc python3-django Architecture: source all Version: 1:1.11.23-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Changes: python-django (1:1.11.23-1~deb10u1) buster-security; urgency=high . * New upstream security release. <https://www.djangoproject.com/weblog/2019/aug/01/security-releases/> . - CVE-2019-14232: Denial-of-service possibility in django.utils.text.Truncator . If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. . The regular expressions used by Truncator have been simplified in order to avoid potential backtracking issues. As a consequence, trailing punctuation may now at times be included in the truncated output. . - CVE-2019-14233: Denial-of-service possibility in strip_tags() . Due to the behavior of the underlying HTMLParser, django.utils.html.strip_tags() would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities. The strip_tags() method is used to implement the corresponding striptags template filter, which was thus also vulnerable. . strip_tags() now avoids recursive calls to HTMLParser when progress removing tags, but necessarily incomplete HTML entities, stops being made. . Remember that absolutely NO guarantee is provided about the results of strip_tags() being HTML safe. So NEVER mark safe the result of a strip_tags() call without escaping it first, for example with django.utils.html.escape(). . - CVE-2019-14234: SQL injection possibility in key and index lookups for JSONField/HStoreField . Key and index lookups for django.contrib.postgres.fields.JSONField and key lookups for django.contrib.postgres.fields.HStoreField were subject to SQL injection, using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet.filter(). . - CVE-2019-14235: Potential memory exhaustion in django.utils.encoding.uri_to_iri() . If passed certain inputs, django.utils.encoding.uri_to_iri could lead to significant memory usage due to excessive recursion when re-percent-encoding invalid UTF-8 octet sequences. . uri_to_iri() now avoids recursion when re-percent-encoding invalid UTF-8 octet sequences. Checksums-Sha1: b2168921e1d438f375007ec8295a8f51c6d3c014 3267 python-django_1.11.23-1~deb10u1.dsc 6127e40ed8daf85479c984d2d3757cdeed208c8f 7849738 python-django_1.11.23.orig.tar.gz 8b809fd3e0b4e542d0eb297be5beb9667049bb7f 26972 python-django_1.11.23-1~deb10u1.debian.tar.xz 47e625712957cfd14d0434bbe5bbe65c68e9c6e7 1537588 python-django-common_1.11.23-1~deb10u1_all.deb efc2fa751dc51dc952a04482ea6ff89389ad8281 2687628 python-django-doc_1.11.23-1~deb10u1_all.deb c87bb5f8492246eb97887a6d7ff15fd7e7fe 916944 python-django_1.11.23-1~deb10u1_all.deb 4721bd013c22de5304a2761a67531f533960df89 13912 python-django_1.11.23-1~deb10u1_amd64.buildinfo 3c2e3d568a5d00eceeae65058e6045d7fb2f2aca 916856 python3-django_1.11.23-1~deb10u1_all.deb Checksums-Sha256: 8bf9724184741b2f8eb100de78c818f23fb3be97e61e8b32108aff1aa7a6c337 3267 python-django_1.11.23-1~deb10u1.dsc 52a66d7f8b036d02da0a4472359e8be1727424fc1e4b4f5c684ef97de7b569e1 7849738 python-django_1.11.23.orig.tar.gz fcc6bde825eb22e73284ce2a9d68ee9c508c80a7c587f36aae268da5d4e4c0fb 26972 python-django_1.11.23-1~deb10u1.debian.tar.xz 53209600bedff821fe17add2fd05841af260ceb8550d7cbf4eebb8a9b671b8a9 1537588 python-django-common_1.11.23-1~deb10u1_all.deb cf84ccba88283edfe1c676d9b34d6fa23b9d2f6df2dff93a73ab44bec05737bc 2687628 python-django-doc_1.11.23-1~deb10u1_all.deb 521fe4b6982207200905540c34c4af5508ea1aedad663f22e207f7d8d4c39782 916944 python-django_1.11.23-1~deb10u1_all.deb 41d6600889388b47bcd9e7920307faf5d9805e9e05205912d5e2a579d250586f 13912 python-django_1.11.23-1~deb10u1_amd64.buildinfo c3bc137f081ee1564d4afda526bb29ad154227fd33ef102de21fa83be69c5de0 916856 python3-django_1.11.23-1~deb10u1_al
Accepted redis 3:3.2.6-3+deb9u3 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 10 Jul 2019 14:36:26 -0300 Source: redis Binary: redis-server redis-tools redis-sentinel Built-For-Profiles: nocheck Architecture: source amd64 Version: 3:3.2.6-3+deb9u3 Distribution: stretch-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 931625 Changes: redis (3:3.2.6-3+deb9u3) stretch-security; urgency=high . * CVE-2019-10192: Fix two heap buffer overflows in the Hyperloglog functionality. (Closes: #931625) Checksums-Sha1: 55e44c7ad6f19fc0c18646322feee1e6250102d4 2013 redis_3.2.6-3+deb9u3.dsc 516157b5f32e5adc68e554802cd8a2190e659769 39316 redis_3.2.6-3+deb9u3.debian.tar.xz 2f2b3e13f6c5d2725ae8d4d530277f74c53d8fb7 18572 redis-sentinel_3.2.6-3+deb9u3_amd64.deb 8baadaadebe7cd5c7e7365146e98a86fbcbf3537 1038186 redis-server-dbgsym_3.2.6-3+deb9u3_amd64.deb 0c247844a9688a44a0bc8eed0a6e2213cbbc1d10 412558 redis-server_3.2.6-3+deb9u3_amd64.deb cc780ea1488f682678e7d3c486b02c6670f00a64 1255122 redis-tools-dbgsym_3.2.6-3+deb9u3_amd64.deb 6914b9cf4e16a437d7f88de00ad57019063cf6d4 462860 redis-tools_3.2.6-3+deb9u3_amd64.deb de499a6171f368472690315eb128a1c0ad845cd1 7225 redis_3.2.6-3+deb9u3_amd64.buildinfo Checksums-Sha256: b735a47e9d6072ab7e546410ebd33635b9cd7f1e425cd6b963c0b430da58869f 2013 redis_3.2.6-3+deb9u3.dsc ed65d86cf079ca3eab83768993687236c39e1827835e2f3bd9a8e5566da61be0 39316 redis_3.2.6-3+deb9u3.debian.tar.xz 6295bc67a0b2bf5f32c72451e4f8cd9d8d3f50150c2296cdd6475ff1ba8eb0be 18572 redis-sentinel_3.2.6-3+deb9u3_amd64.deb df91a69eb95596c3c560c77e601653ada505b244348bbd2f5c5d3185c012c6d2 1038186 redis-server-dbgsym_3.2.6-3+deb9u3_amd64.deb 59e1848a0392f73dac0fa8f8ae4a41f3f766de0635a81b09e12c6ddcbd53b428 412558 redis-server_3.2.6-3+deb9u3_amd64.deb 08cb80c63350931034fd4c8ae8175a1159a7fb2a890c464143199d3dc4b87e37 1255122 redis-tools-dbgsym_3.2.6-3+deb9u3_amd64.deb be525186a44e804415fd727e0c6f957d78fa8e3fd1f3709a10ce6b1477faafe1 462860 redis-tools_3.2.6-3+deb9u3_amd64.deb 016b0b554df88d46f5f139a89460f0e86c8d339296c2010787384741dff8292c 7225 redis_3.2.6-3+deb9u3_amd64.buildinfo Files: c5d38e049013538a0bf48877eda26b31 2013 database optional redis_3.2.6-3+deb9u3.dsc 430bdad4a829127f9661a58cbd9a3e44 39316 database optional redis_3.2.6-3+deb9u3.debian.tar.xz 0190dccb8526ca805a671b4f4095dff2 18572 database optional redis-sentinel_3.2.6-3+deb9u3_amd64.deb 350a7ed58bf918fa1c5183a606545a88 1038186 debug extra redis-server-dbgsym_3.2.6-3+deb9u3_amd64.deb bd4338ab87de2302f2dec6a30705b4e4 412558 database optional redis-server_3.2.6-3+deb9u3_amd64.deb bf57cd91d2cbbe9c694c7c0a77cec962 1255122 debug extra redis-tools-dbgsym_3.2.6-3+deb9u3_amd64.deb 2973363a4678baf0d6a80435bb087034 462860 database optional redis-tools_3.2.6-3+deb9u3_amd64.deb 27fddc2a17a87370d556fbbec6f2b20f 7225 database optional redis_3.2.6-3+deb9u3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0mIr8ACgkQHpU+J9Qx HlgZmw/+L93I1MSojww4O1wv4aBBL9ucuQo86n78Xr2d5ia1MK6KkSpPZ39MXRug nB+Owl3X1WhyaZUTqgicbzlgZRcSjfQ/8P0p3RVQOFdIetx77M7IF9ahg0IUkn3k yEdoHHEMiY+Ec/jheC9EZdGKWgIhUn4gsddZjBCI6hGNU/0l+LOk4n2U6feMGahM OzKW1ti/52s7u/3va9VyJIcQz/yDcR76XZdWlA960xDUkLLKcxax2/6NjWlimoMr LMWhdlJlqlEqreIx6HhtTwqJjSR51sMJ8tjTv9Q/WBCPHXWqUILQKOtT6BMg4APD d2EhsDaTmtZBWfWMQVXVQ5NrWVTqSfGvB8Gxslr5zOi1YB4NAKFp8RVZnyaZ9h4q mH3mft+90nnUpPhY9eqAyYiMPnBwEY1yvcrv12oDJyCTTHmJlyjCtAwYEA9eL9b6 G/eKdmApYqO1PcaizNVL3i4UmIp5Q+u0SHw8HbP4IqrPw2kk5l3coh/SjJfg2UGV NT6XdflVD9vN2Xw8BaSXAjfIRzWdkcITd63Xwm9QUTycTNoYug/VZLp1iUXCNzz2 Oi2LqJrSWV2roYwa0R70xyN7oo3DiSb6RgYjCW0+P61s2PBF50LIwLIJqvwWCOBc jRMkf/8mSIXD8PItP0YrnzaO4x9vr7boh0vYU8EambLVZrZM8IE= =/w97 -END PGP SIGNATURE-
Accepted redis 5:5.0.3-4+deb10u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 10 Jul 2019 14:50:30 -0300 Source: redis Binary: redis redis-sentinel redis-server redis-tools redis-tools-dbgsym Built-For-Profiles: nocheck Architecture: source amd64 all Version: 5:5.0.3-4+deb10u1 Distribution: buster-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis - Persistent key-value database with network interface (metapackage redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 931625 Changes: redis (5:5.0.3-4+deb10u1) buster-security; urgency=high . * CVE-2019-10192: Fix two heap buffer overflows in the Hyperloglog functionality. (Closes: #931625) * CVE-2019-10193: Fix a stack buffer overflow vulnerability in the Hyperloglog functionality. (Closes: #931625) Checksums-Sha1: bb41c0e6c44e4d69140b52a2ec532fb44d947e16 2183 redis_5.0.3-4+deb10u1.dsc f38800839cb85492da9bc5299507299dd54f726c 1977218 redis_5.0.3.orig.tar.gz 7b069bd22e1a18b5ed4137b6839f694dc1b4ebe3 26880 redis_5.0.3-4+deb10u1.debian.tar.xz d408d10efdef0709934e332a797a3a9a225eca08 52500 redis-sentinel_5.0.3-4+deb10u1_amd64.deb 5d1301e116e67714843c37dfed014e29d84299d7 78384 redis-server_5.0.3-4+deb10u1_amd64.deb 11331512d81877198facbe45278cd88c4f1196f8 1234576 redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb c23cf4683d7028b9753d144eb5f1fd43d2a1892e 522784 redis-tools_5.0.3-4+deb10u1_amd64.deb 9c55ff61510cfc3446f5403738cd978e7e74ece1 45108 redis_5.0.3-4+deb10u1_all.deb c4128edeefa70ef18654faa500482b6eb9e13643 6871 redis_5.0.3-4+deb10u1_amd64.buildinfo Checksums-Sha256: 04a72e191d4c35f52608f67a49b78b3e58d2316e617194c946f37e706f37bda3 2183 redis_5.0.3-4+deb10u1.dsc 7084e8bd9e5dedf2dbb2a1e1d862d0c46e66cc0872654bdc677f4470d28d84c5 1977218 redis_5.0.3.orig.tar.gz f7c6d3b84b2d59f217dd5f9dcd4301fa126abf9332a57c68471ec16d780af126 26880 redis_5.0.3-4+deb10u1.debian.tar.xz 437dd70865dee8296b48c1d9869ee20d832379d37b37f6d5e4deef0a0af70331 52500 redis-sentinel_5.0.3-4+deb10u1_amd64.deb d9ef0d43d3c13c0e8dc50c286d857110e72c8da7af71e9e23d605a6358139fb6 78384 redis-server_5.0.3-4+deb10u1_amd64.deb 4f400bf7841b8fba691dbd1b8e5e15b0508086b781a2db8d3f08734714607108 1234576 redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb b77006d5f476178e7195612ad64dfe03850b4248b500efc4f3dfac907c1ec03a 522784 redis-tools_5.0.3-4+deb10u1_amd64.deb aadc942605364f582d00b839edf8573a6a2c4e9e7842b84759f296d1c846cb1b 45108 redis_5.0.3-4+deb10u1_all.deb 83d1874491e0d992e4a4e3b5d204005d4b4dc11632a23e58ae4346c146ed07ec 6871 redis_5.0.3-4+deb10u1_amd64.buildinfo Files: 37ad23471f10b027ab4034d7a779640d 2183 database optional redis_5.0.3-4+deb10u1.dsc f2a79cdec792e7c58dd5cad3b6ce47ad 1977218 database optional redis_5.0.3.orig.tar.gz 5653bed5aa01392730118309044acd0c 26880 database optional redis_5.0.3-4+deb10u1.debian.tar.xz dacf00c18595cc2d1b9b64f3ffd2fd6d 52500 database optional redis-sentinel_5.0.3-4+deb10u1_amd64.deb 0a206c58007cf247239b3d6d07361083 78384 database optional redis-server_5.0.3-4+deb10u1_amd64.deb a4b5073950facc801e14581d7bfa889d 1234576 debug optional redis-tools-dbgsym_5.0.3-4+deb10u1_amd64.deb 9d93ec54e58d67e945a46d237dc6af71 522784 database optional redis-tools_5.0.3-4+deb10u1_amd64.deb e91716bf61e1f18384e0f2c5deeafd8b 45108 database optional redis_5.0.3-4+deb10u1_all.deb 8e11576d8d77bd775658b27b33a9aa36 6871 database optional redis_5.0.3-4+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0mLPUACgkQHpU+J9Qx HlgqLg/9Ec/ak5+HbrQNkhLwLeXRZtECJcf2MCTrl+I/TazWLEtPnQCGzRKUco8h QgYHMAvaFfWeqI4FK1OCDB9/bTLOKugd3pjgS8m3/2Mm1QOiuWBGMiFy0Wgvjmlo zB3UNqIFVXEW6rUupr/ZkMnBX8IVu85AJOEBmFhtuOilVrDprTbsbSTjyzS2bRGF oCgW9VKt857XAuuiPplvVeHoGd1w4ay3EpbV27mi53AgjueSmy8szE7/uU7x6/Ye lBxa2J4nen/asdTqROaedA+j3nTNp8PP+ZRLQ+h3zOT3qFACriqxidN7hjcYyWT0 zsbhwe5aSELO7r86aJ3zq7KGLqs8bCzx7XdQnxK5Ecc1bXBPR6rgAfbMMYgxHa4T Tn3Bh0y87gW2taWB/fPqgl0PmBOomJcBH069DcC0TFi7prCx+h09wF1PdM1YDnyc y5Q097WkBUZ7fQkrdyj7k7zjcF/Ysv3xBStG/HtlUsRfujXOTh/+uVzbNcSokEW+ gv4uX+5P27syzvPQT+wO0bybkU3L+m2cr+N8t+yqsdZ6Ri4HjnDm22tDZGaGeh4E aV2LykljLqaSmYleB36Iywe3YciapFy0YgduJVlp/Pdaby/QTRCJB33WG9ZtgULT Yr7Xu1P3S2W19DUzy95p+b6dbC+KVCax+ekC2SJy2Tf4R1/LVgY= =c0hr -END PGP SIGNATURE-
Accepted python-django 1:1.10.7-2+deb9u5 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 02 Jul 2019 23:07:21 -0300 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 922027 929927 931316 Changes: python-django (1:1.10.7-2+deb9u5) stretch-security; urgency=high . * CVE-2019-6975: Fix memory exhaustion in utils.numberformat.format. (Closes: #922027) * CVE-2019-12308: Prevent a XSS vulnerability in the Django admin via the AdminURLFieldWidget. (Closes: #929927) * CVE-2019-12781: Prevent incorrect HTTPS detection with reverse-proxies connecting via HTTPS. (Closes: #931316) Checksums-Sha1: 9cf46ff6b53e327287a635d7947504bab66f5e5b 2804 python-django_1.10.7-2+deb9u5.dsc 4b9acc86beb3e79ac0fcfc3339fb7cad9cb7b286 39828 python-django_1.10.7-2+deb9u5.debian.tar.xz 1383e694395bc1db1985a303a387592011dcb2d8 1513850 python-django-common_1.10.7-2+deb9u5_all.deb fbe06f7c2ed9995875601de4fbf915219332b420 2535508 python-django-doc_1.10.7-2+deb9u5_all.deb 0783192722e7846642837d8000e4ee0ea5e99034 904054 python-django_1.10.7-2+deb9u5_all.deb e3f0210d8f6f2158f63b8a3ef46b7ab19792334e 9329 python-django_1.10.7-2+deb9u5_amd64.buildinfo 40303e6ec9bc24c3a99cee145f1297d8d2373097 885816 python3-django_1.10.7-2+deb9u5_all.deb Checksums-Sha256: 5634a1d5ce9a9426076abb87945d7af24b9eab0115f6db039646f6f20437b2b8 2804 python-django_1.10.7-2+deb9u5.dsc f794310b8048bf962425ea1c23ad447cda236d04bba02f518cabab027b988cff 39828 python-django_1.10.7-2+deb9u5.debian.tar.xz 5bc2c68ac9797eba7b2fa3beeae7ee5fa08954ce9fa2b078d2fc6c93fd44207b 1513850 python-django-common_1.10.7-2+deb9u5_all.deb e2cc407ab765e5e0068509471880f0b53c2776d1bb76a847ad33bf56d831dc30 2535508 python-django-doc_1.10.7-2+deb9u5_all.deb c62e37da6e5fe58bfff7fbdb7547a59fd8456ac0825777d86ecc84eafc2b8004 904054 python-django_1.10.7-2+deb9u5_all.deb 25f8ec5325f48dba984300b3393e4ea73b75da5789722dae4981e7b6dcf1968c 9329 python-django_1.10.7-2+deb9u5_amd64.buildinfo e445e5695962a7a120206e4dc16022d670b253e0f275968d4b54776961b27c66 885816 python3-django_1.10.7-2+deb9u5_all.deb Files: 52ccdf5159351ca16a1f676901ae31ae 2804 python optional python-django_1.10.7-2+deb9u5.dsc eb488426deda61b3ba6811ffe1009c3d 39828 python optional python-django_1.10.7-2+deb9u5.debian.tar.xz fa0695738a8ba2b94d9ef7331f29bd24 1513850 python optional python-django-common_1.10.7-2+deb9u5_all.deb 0428ccc6fd9f8dae732b5f085e3a3904 2535508 doc optional python-django-doc_1.10.7-2+deb9u5_all.deb 8b9bdd5aee8b7be9d4c3e15c87e44013 904054 python optional python-django_1.10.7-2+deb9u5_all.deb dd5236564e0e51a91c4fe3d781e6c7d8 9329 python optional python-django_1.10.7-2+deb9u5_amd64.buildinfo 21396fe97a0ec5511abc5c642b494354 885816 python optional python3-django_1.10.7-2+deb9u5_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0cm48ACgkQHpU+J9Qx Hlh7exAAjFGkoYJ+LSIxq+0TmgIdSlbJixN3QemPsd7w/jWcIPpy8u0MjmjqMWqh qe1vvYdBDvW8NUHGa7QW5sUKzaYh9Lcj1f4G9VrcBp45vOXT/ao6RiSeyCsvXBRd WOED9SdOSqOoCS0TGaOVRewkqXxx82MAPXcYeC77mhJvWQ4McvfByHRVw8mvy9uP Ecw2YZ6rPxBrz2l0OVTRhw+HpYWgNSBFiEEBFSt6hSMcfinJlKW48lrAfhVtaje2 uPpucg4feUNQ8RMMueox0tEaJdNMgZ2GCY+I9MhBGyPkvKM/IZtoiCJr3hB560ck OPAoP6vQR3iNafXE7jQRposSHwCUIi0SpmpKVCiW9ZcCjsv7J0dp14Z5uSpUR+mY YVZ7uhCa3NALYsZM/+lj67sTw2H9MV6qZFtNigKvK29f6IuiHeVzMUal3SxWy35m xUvczA4/SXsWn+ov2OVT0IqZATRNZ4lAOv4vTlBCR9mNVXy1RA8iP0ITn0PkzbRZ yA/amxZ6a51a+WR0TUTAecgRjRvwe6GKQSXTQ8abD3Z1g3+/v6mXxNyXmNFRm0vf VvP1892TXDwE69GmW2axmbTnSJ6kl4xHDkHpWhEtoqidraO75Ef0mMvtYyXcGv8g xq94b2P1enGHcfkTnGc4gbfZKSEhgmSvAltxi9xb+W4TNDaLVnY= =Awug -END PGP SIGNATURE-
Accepted zookeeper 3.4.9-3+deb9u2 (source all amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 May 2019 08:57:53 +0100 Source: zookeeper Binary: libzookeeper-java zookeeper zookeeperd libzookeeper-java-doc libzookeeper-mt2 libzookeeper-st2 libzookeeper2 libzookeeper-mt-dev libzookeeper-st-dev zookeeper-bin python-zookeeper Architecture: source all amd64 Version: 3.4.9-3+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Chris Lamb Description: libzookeeper-java - Core Java libraries for zookeeper libzookeeper-java-doc - API Documentation for zookeeper libzookeeper-mt-dev - Development files for multi threaded zookeeper C bindings libzookeeper-mt2 - Multi threaded C bindings for zookeeper libzookeeper-st-dev - Development files for single threaded zookeeper C bindings libzookeeper-st2 - Single threaded C bindings for zookeeper libzookeeper2 - C bindings for zookeeper - transitional package python-zookeeper - Python bindings for zookeeper zookeeper - High-performance coordination service for distributed application zookeeper-bin - Command line utilities for zookeeper zookeeperd - Init control scripts for zookeeper Closes: 929283 Changes: zookeeper (3.4.9-3+deb9u2) stretch-security; urgency=high . * CVE-2019-0201: Prevent an information disclosure vulnerability where users who were not authorised to read data were able to view the access control list. (Closes: #929283) Checksums-Sha1: fd422563f8da1d774762931103c97e8515da3b3b 3021 zookeeper_3.4.9-3+deb9u2.dsc a0a6168dcd380c5586c8dcfa144668f7a1a21c6d 1931392 zookeeper_3.4.9.orig.tar.xz 96790de23fd6781d297276ded726d95efa1185ff 87508 zookeeper_3.4.9-3+deb9u2.debian.tar.xz cc0ae6b679b3c431bbff5768d57757478716943b 370888 libzookeeper-java-doc_3.4.9-3+deb9u2_all.deb 61657b56f6dd11792c90a29a1da3b8b61e177cdc 1360168 libzookeeper-java_3.4.9-3+deb9u2_all.deb 64fe2edb1e7c2eeeb6d90a832c18ad6ad2e603a5 90990 libzookeeper-mt-dev_3.4.9-3+deb9u2_amd64.deb 93b93d0d47773cd23f3853954a9f7a1bc328460c 112700 libzookeeper-mt2-dbgsym_3.4.9-3+deb9u2_amd64.deb 7525db2f8c22dd3db1f2d82f248852edac5d891e 75406 libzookeeper-mt2_3.4.9-3+deb9u2_amd64.deb 0fe1abc3325edfc21d551a6a91c1b16670878ccb 88248 libzookeeper-st-dev_3.4.9-3+deb9u2_amd64.deb 9d78cceb2f4c020a4c43446038cdaff1d678e1a1 105602 libzookeeper-st2-dbgsym_3.4.9-3+deb9u2_amd64.deb f9fdd7ac14042e29455c4f258cca91c4c2f78edb 72966 libzookeeper-st2_3.4.9-3+deb9u2_amd64.deb a6b739496bd7fc40c13776f9a90c77e9804f4e58 40982 libzookeeper2_3.4.9-3+deb9u2_amd64.deb 0cd165ffaefa231ca56c78010a9767f0430cae95 32352 python-zookeeper-dbgsym_3.4.9-3+deb9u2_amd64.deb 8893ba2fce4b65393c25781a8b9fc69cdc74b39d 58382 python-zookeeper_3.4.9-3+deb9u2_amd64.deb cdf4de6ac208d33dee28da1e306eaca2c63c1cb7 413390 zookeeper-bin-dbgsym_3.4.9-3+deb9u2_amd64.deb c35e5e224a75c7fd8fcd17fd6623d8bfa04c3662 94730 zookeeper-bin_3.4.9-3+deb9u2_amd64.deb 83f323ed9e982feb33809d3f8aac785f446b2ad9 141954 zookeeper_3.4.9-3+deb9u2_all.deb 6d399ec7ed1efe3ebb2a5023f746ac8c497c6b8b 17413 zookeeper_3.4.9-3+deb9u2_amd64.buildinfo 498a76e0bfabc5ca175691716314b94a345d936f 44068 zookeeperd_3.4.9-3+deb9u2_all.deb Checksums-Sha256: efbf3e61208c807edba26e62535f76527045fbeb21d18ade5b352db2c35f54ac 3021 zookeeper_3.4.9-3+deb9u2.dsc 1471e69d0b391c87208ec5a6ef5c6dbb1e31820b274b34ebd9a808940f36410b 1931392 zookeeper_3.4.9.orig.tar.xz eec0dee2d132413af212cf07eec8fe9c57737761026462b645105b44258cfe74 87508 zookeeper_3.4.9-3+deb9u2.debian.tar.xz 91711e8000dbc6066598168e4e32fd0c702666b9a41be45d3cab279d2fe3af57 370888 libzookeeper-java-doc_3.4.9-3+deb9u2_all.deb 8254de5cb5c406f0f75bd9195cbf1ef251f389fc97f3f36aa5bdb85efda992e8 1360168 libzookeeper-java_3.4.9-3+deb9u2_all.deb 417778e736a31c5fbede8bfc60bd4bf91d67a4863455829b328f9d8b4cbc85df 90990 libzookeeper-mt-dev_3.4.9-3+deb9u2_amd64.deb 463b2ac62797051501b3fce7aeb5b300ee4bf987b48941e26d807e25849d4e3d 112700 libzookeeper-mt2-dbgsym_3.4.9-3+deb9u2_amd64.deb 705707822972c9ddb575bd89e3aaf0becf2241bf72b9e28bbb2acfac8467 75406 libzookeeper-mt2_3.4.9-3+deb9u2_amd64.deb 888cee40140e31d763b1e5b84ac8d971537165a9f9f54b8112954d090c1a4b28 88248 libzookeeper-st-dev_3.4.9-3+deb9u2_amd64.deb 3f033833f6e2ea02e377e66769c0c7b26f9d350b0c0c3ec75d36f1254e9293fd 105602 libzookeeper-st2-dbgsym_3.4.9-3+deb9u2_amd64.deb cc220abb7197ecad89f1aa111ac2565647d9d0b29cc85da62ec344a79d271994 72966 libzookeeper-st2_3.4.9-3+deb9u2_amd64.deb f4ba21723801807fd61f6725c2d01a4049e7e6df1338d8c35091444a797464ce 40982 libzookeeper2_3.4.9-3+deb9u2_amd64.deb c7992e1f460167e26a751a9171776fbecff2866e4ae3c5dcc1bf7dbe51460c21 32352 python-zookeeper-dbgsym_3.4.9-3+deb9u2_amd64.deb 4f6164918249af2dd43310fe43eabcbf3e14aec1d7c0f53e55db4db6f6e325b5 58382 python-zookeeper_3.4.9-3+deb9u2_amd64.deb 2a8d2865f4cffbacdcdf2306abab859ff4762765ffe5e584da31663dbbac07aa 413390 zookeeper-bin-dbgsym_3.4.9-3+deb9u2_amd64.deb 3ed7b14aefc70368820601bd104409c630f3bf2eca35155c029449b568056ea1
Accepted minissdpd 1.2.20130907-4.1+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 27 May 2019 10:14:26 +0100 Source: minissdpd Binary: minissdpd Architecture: source amd64 Version: 1.2.20130907-4.1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Thomas Goirand Changed-By: Chris Lamb Description: minissdpd - keep memory of all UPnP devices that announced themselves Closes: 929297 Changes: minissdpd (1.2.20130907-4.1+deb9u1) stretch; urgency=medium . * CVE-2019-12106: Prevent a use-after-free vulnerability that would allow a remote attacker to crash the process. (Closes: #929297) Checksums-Sha1: 73df7e00168675324260ac4b92694cd540c58f70 1961 minissdpd_1.2.20130907-4.1+deb9u1.dsc 9d548a55449e7eb2638631562cc35df9434b7a74 20237 minissdpd_1.2.20130907.orig.tar.gz 429f27387bda690a5ef02bc43056990c11668e66 7032 minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 6a28ee5ed764ef3fb06a07efafc23f61aeffab27 34204 minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb 657b4760bff9c73b0a504e99d70d0f6788b2b3bc 6120 minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo ac0bfe0e859714c1731a2fbe4592219bc8777d83 20110 minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb Checksums-Sha256: 2ddfcf6d30de6a343df000504badb874bbdfc30ce51f3c4e95280052907a6e37 1961 minissdpd_1.2.20130907-4.1+deb9u1.dsc 18bc5b9336947d63724c85402dbb8bb134eab2a2ba8ecae4446232f01683b468 20237 minissdpd_1.2.20130907.orig.tar.gz 30cb9a99dcde2c1007071ffe516e56738451f25ac28910232f08fd71f1a325c0 7032 minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 6cd08d88237deaec5358f983eee24207cd47c3cc58b46f47ce0f958bfb9f8d3a 34204 minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb 1fa3c61180d9cf5ffd59ab647c52730baf3609d889c308296f6f962c5a84b93c 6120 minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo f60d9f067ab7d5a5dfef665acf3cd1802c798889644f615aa6437d7145643146 20110 minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb Files: 979fb7e988a60a1c184fbc9d88ea28cd 1961 net optional minissdpd_1.2.20130907-4.1+deb9u1.dsc abe636faef155cd8f606bcb32cd257e9 20237 net optional minissdpd_1.2.20130907.orig.tar.gz ff5e5202f57f7a9179d9c48b2c5a00ff 7032 net optional minissdpd_1.2.20130907-4.1+deb9u1.debian.tar.xz 340d0aca34052783c62f74cb7a22244b 34204 debug extra minissdpd-dbgsym_1.2.20130907-4.1+deb9u1_amd64.deb e058c830292e368a380ac33e4044bdcf 6120 net optional minissdpd_1.2.20130907-4.1+deb9u1_amd64.buildinfo b7a7f5864a9476a712b314ae4391a7e9 20110 net optional minissdpd_1.2.20130907-4.1+deb9u1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlz2peoACgkQHpU+J9Qx Hlj58RAAkrLfwCljKrirsxUc1oTTfaLDZh8I/NRkk7PJobZRvnR2Z+MxmtxRlhqS S+9GTaWEnINW5FMOQmguwNEOg/S5LLxrh9pGu5P7pxbOqFozOdeXzjE3b4/5LpNl vYfOHRoSy97Hf5QBeF3RB+ru50XrpYH5i5MtvRQSM3vhk70Hc2beOeFqe72q7sKU mx9lANebYf3qSoDJKHMzUX1wpVsZ2nCPAK9O2AAUBhDCDIQxNr0umIg4GCB9bu1H sTSLKb8ur+cGWcYUoBUjKWO6VMubcwbBXIcy+/WxqNHOTzoz80mqZdu2QbuYt6hm f+JEPixDi0Qpi8yr1OkjjGpb1vP1aolTUSnGRmVL/z9hJ53ThX0B2VNXDqTaFN3q tuBTiCB476WiTL1y94V4SOshmruK0iP2Z7+w4WluuE3EfqUScHMa9ZKqEDHl+eXS nSHxQ/YePcIwh7diLrNQER/RU7ZIt7YMyA0CUSCJQV/1NYECZ/K0yNu8WcakI5kZ 49YS0umyHhA1JRT94x7sKuDt99X9t/0NG74+WwAUSJ6i+fkjCERCdeZGd3Mn0piV 0pMLN16DuarfC1jSW640i4LtbLDnXCJLOztPHp9f6jAlo8wT85+cSXzYrVD82xm2 XQVpDjWE1m4LA2fEl42YHU6eNCaXFPbeKLQO1+Y9qrYkmnc18rA= =xE0V -END PGP SIGNATURE-
Accepted ruby-i18n 0.7.0-2+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 20 Nov 2018 10:32:18 +0100 Source: ruby-i18n Binary: ruby-i18n Architecture: source all Version: 0.7.0-2+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Chris Lamb Description: ruby-i18n - I18n and localization solution for Ruby Closes: 913093 Changes: ruby-i18n (0.7.0-2+deb9u1) stretch; urgency=medium . * CVE-2014-10077: Prevent a remote denial-of-service vulnerability via an application crash by engineering a situation where `:some_key` is present in `keep_keys` but not present in the hash. (Closes: #913093) Checksums-Sha1: 7edac20005f06eb5af856f8335419046e209adbb 2097 ruby-i18n_0.7.0-2+deb9u1.dsc 6be744d7cdcac9fbe1e051ca0e79504c12922daa 5060 ruby-i18n_0.7.0-2+deb9u1.debian.tar.xz 4b92cf5be801b0a337048f4a136ee54970e2d207 34956 ruby-i18n_0.7.0-2+deb9u1_all.deb 7a750e9edabaec1a49656ffa99feaa4f1ca676e0 7204 ruby-i18n_0.7.0-2+deb9u1_amd64.buildinfo Checksums-Sha256: 2ed8c5ea85e59f7aa04cb4a7b2611a6f89f07d535fba3df72bd73242a5f2068d 2097 ruby-i18n_0.7.0-2+deb9u1.dsc 523f939db81db03d2b6b4119f88dae371780a41b4677172da7cf1b35326a42ba 5060 ruby-i18n_0.7.0-2+deb9u1.debian.tar.xz 500fd015a00b71e3ac504b57839e91576c7c52e9029c05c238669559cb27772f 34956 ruby-i18n_0.7.0-2+deb9u1_all.deb feffd3f53afcaf3b0257507a225122f84acb61a29a53747aa6778f78e132f7dc 7204 ruby-i18n_0.7.0-2+deb9u1_amd64.buildinfo Files: 7f65dc7aaaf0ee0dce2b8c3c56cd30ea 2097 ruby optional ruby-i18n_0.7.0-2+deb9u1.dsc a0f29ea40483acbf1542b8308979a10e 5060 ruby optional ruby-i18n_0.7.0-2+deb9u1.debian.tar.xz ac77667d0a611686529a83cef664df0c 34956 ruby optional ruby-i18n_0.7.0-2+deb9u1_all.deb 92f445b08c3001328a1390e351470944 7204 ruby optional ruby-i18n_0.7.0-2+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlyD8CEACgkQHpU+J9Qx Hlifnw/+MfguHrQ4U3iBn48QnUBljjmXcmot7OvHtpUWrMvV409IjROnjcR3OyY0 fJ/hlW0xcI9qfffxu+kzBsSzvV3QKquymLXV45vOo5tiAbItpfRlDF4zYZn7yNga c2XoefoczWp20RZF7Xm8NOkWLzfWXomQNM1qxV/rdQG11zVlgdBze+pScfAUkD0w XHlt+R7EmsJvhhChs2Fk6yRmXVsT8qq0tx40KLd1rjrzS+kp5aaHlqkXEkaDkLP0 eXHtvr0LEJZlXNuCk0ca5g1Iv16iVi28PLFLdMF9IgpRu7fZUz1V+c79XIZe1pzK lamrQlvEqk2t4UeF+Hib+5N8i1e04O/wC04AchFWNCN6icJO9HJNyteOuqfBawAp TPktzpdRGkIV2+kRSlcOnktujrapkTQumcjogZXgzGUEKvROb2yxUAUevqLqOa62 nf6IuhfSeZBvlYZBp+1PhXq2jJODBYZW+L7il8lbrmOD+LcjFLH4ZnIeLN/yaoNq fMRgTGmuqpkD4rTdPWaxamCfzgj1361SoU5sLH0uU/XnmSzQMMqfo9JlfQcjHVRe Q5VvXCCcFW/zhejNJVohHfj2iGoY4FVE/kqF4H/wSO3U2Dn9vKOvqezsiXKNVB5D 4R60o5kl70hgnxWc6Q5kdhgGyjLWo3PfiRuTDmYW73M6g8Mj9Zs= =Kgr7 -END PGP SIGNATURE-
Accepted python-django 1:1.10.7-2+deb9u4 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 06 Jan 2019 09:35:11 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u4 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 918230 Changes: python-django (1:1.10.7-2+deb9u4) stretch-security; urgency=high . * CVE-2019-3498: Prevent a content-spoofing vulnerability in the default 404 page. (Closes: #918230) Checksums-Sha1: 5efaeaca83b3a50a1a7ec625754de098699167e1 2804 python-django_1.10.7-2+deb9u4.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz e01359592fda6efd3190c089c116656e3f757b07 37644 python-django_1.10.7-2+deb9u4.debian.tar.xz fe1b2e76cafe244b60191437c3b0f9f0f0f93e38 1514142 python-django-common_1.10.7-2+deb9u4_all.deb db37122f7bd1f91089d7aa2a873f39e870a98660 2535672 python-django-doc_1.10.7-2+deb9u4_all.deb bffd8fe13bb80f0f531bec564ef0caf864a84334 903582 python-django_1.10.7-2+deb9u4_all.deb 95eaf30ff4a2879349d0dc0105587a6f0ac29a96 9306 python-django_1.10.7-2+deb9u4_amd64.buildinfo ebd316e1b60275c3718ee034b2779070d5f9d5f0 885312 python3-django_1.10.7-2+deb9u4_all.deb Checksums-Sha256: 5580bf9ca6d79a6adde05a8b5d302ef92ca8cc5d58f32234de5fa53d2a0be73d 2804 python-django_1.10.7-2+deb9u4.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz 88e3bf0c7f30c6fcbee6269b107cfa23e23f799d747dab2900ec8886e0606fac 37644 python-django_1.10.7-2+deb9u4.debian.tar.xz 30867f974673e8476e0be00a385642b789bf556a2aa2a3784f2928f8fc90f73c 1514142 python-django-common_1.10.7-2+deb9u4_all.deb 89d8e2891242665c410bfcc9a9d7bbcecb82173cccd831244dc14527deac9041 2535672 python-django-doc_1.10.7-2+deb9u4_all.deb ce7fb9dc817ffb285193f5f9b5eaffb20a5a4bb55f2e0eb5bc0d803604f2720c 903582 python-django_1.10.7-2+deb9u4_all.deb 1952f40cdbcf336562d88dd908a672a70aa0dd2728e506dc61544f5df4aac81a 9306 python-django_1.10.7-2+deb9u4_amd64.buildinfo d45a6993b629ee6a098407058b3e52b4a2715ae0abc276af6ddefadb55975c97 885312 python3-django_1.10.7-2+deb9u4_all.deb Files: d92baefb611435ceb37f9d868c863cc2 2804 python optional python-django_1.10.7-2+deb9u4.dsc 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz b92973c03f17d3b9ed1bba70edf07cab 37644 python optional python-django_1.10.7-2+deb9u4.debian.tar.xz e850ff2d5f0a0a5d8a136616c1e3a3fa 1514142 python optional python-django-common_1.10.7-2+deb9u4_all.deb a7560502fc611e5c9c1aaa7fa92d0511 2535672 doc optional python-django-doc_1.10.7-2+deb9u4_all.deb 47ca744e66278d9dc38748c28557f91c 903582 python optional python-django_1.10.7-2+deb9u4_all.deb 66a2210dbe3d96c9992394c4384c2fea 9306 python optional python-django_1.10.7-2+deb9u4_amd64.buildinfo d569435e9bab9af9d8f9f0ae669c9eeb 885312 python optional python3-django_1.10.7-2+deb9u4_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwyNzIACgkQHpU+J9Qx HlgEaxAAs9Kim/P8eP9gvfVSN5Y0wNd++lQGzi/A0ml3wBd/lhkKt9jAuo1f7L6w 0YyrAW6OsqBtTwxFONVACuxouE+XO7lS/347JekwcNHTDCAbTBYRtXsK44xYvnkK Z9flEHXaw5TDy/ZbkhQRr+yXGskMe4p1xS2OWVwqpjJy1Xf1lwpRl6t1u0Fckz+N ZlFIyfqj98Rpkkzy8vvB3RFsrOfMe6PnmiOIQm1xSJ0Raaa2EbdaYDtiCXjJgb4t p8FZDUDzlz80cp2tM/nTCZTkgwHY5WZWNFBQVSF+DDxnRUUuyNrLJwenTcjujWFy acqG9svytSH6h4Nc/t9mba9GKCZRSjR3S/iFKZumEDyBlm1/ABUmlfWsZM7v0tjN pCF77BQLrwJwr3qPBo4QaT5Gz/u/ztr84rjQ6IJPIHI9FEOvV1BeiTtsoBXoAnl3 3p4bb43OZFNhuUVR3mJ6caWABPXBFmfgzev78+U08ehAD9FiGspCo9mQr2eiUvid oN9TX+oYkOelMkVmpWC2gird2wphJMXUzELSwe7DkzwvCq/oF5QZDcLOARbOg+oQ stxQLcxIDYWRUHx8uk784s/a2tNbh1nzNs52GWmTppnXOlXR1ZSJrrQhKD8n2WsL YQ6pfoSSN7CdTQ2rUq4be6YjpoLWVPQ8At5kAeuxsN3nKZAtiX8= =gh65 -END PGP SIGNATURE-
Accepted ruby-rack 1.6.4-4+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 20 Nov 2018 10:10:14 +0100 Source: ruby-rack Binary: ruby-rack Built-For-Profiles: nocheck Architecture: source all Version: 1.6.4-4+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Chris Lamb Description: ruby-rack - modular Ruby webserver interface Closes: 913005 Changes: ruby-rack (1.6.4-4+deb9u1) stretch; urgency=medium . * CVE-2018-16471: Prevent a possible XSS vulnerability where a malicious request could impact the HTTP/HTTPS scheme returned to the underlying application. (Closes: #913005) Checksums-Sha1: 25032a6865e6b5ca28368108772f42e9c063a8cc 2271 ruby-rack_1.6.4-4+deb9u1.dsc 9a72f441c920e6698133eb2fb8c6f9762220096c 6776 ruby-rack_1.6.4-4+deb9u1.debian.tar.xz 6f479f2feceb67ab0bc96db82edc2cb7f2fac614 88602 ruby-rack_1.6.4-4+deb9u1_all.deb 25c475a4a71fa05c61745c680048d00298a5fa3d 7079 ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo Checksums-Sha256: 41142ffdfd57589a1f928a1117bce26752e3150434e675ab9e26685c2137f26b 2271 ruby-rack_1.6.4-4+deb9u1.dsc 67f38992d2d7110cc5cecf363661f720221e91c25de79a75e1ca23d86060 6776 ruby-rack_1.6.4-4+deb9u1.debian.tar.xz 3202b81ba94aea5da8a2ef45ec3118bf6754692c4c0e5e3b60c42e3a2f3bc1b1 88602 ruby-rack_1.6.4-4+deb9u1_all.deb d943e22e25f064fe4e34d67b04277538f5131115234ae952de5fb9190afa6564 7079 ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo Files: 678efcbdc5dcc8b271dbb9b51aa1ca4c 2271 ruby optional ruby-rack_1.6.4-4+deb9u1.dsc 423edc354bee70551915934b6fba8aae 6776 ruby optional ruby-rack_1.6.4-4+deb9u1.debian.tar.xz e116308c96a0d3e7acd6ea688d5fb684 88602 ruby optional ruby-rack_1.6.4-4+deb9u1_all.deb 0cbd60265e20328b2e8a0fa44aa1f0fb 7079 ruby optional ruby-rack_1.6.4-4+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlwhGQQACgkQHpU+J9Qx HljRAA//fzo9oYSvgOxmbpSkC0G6v3buywpYqe8Nta9vWk1+3vGs8bv7/eroQt5E Z64Nv4+uati3zvlDc5S8c+50BbA42edXP0pvtu4KlxJYmJ19Nk3LJOxP4KJ+r9zD XV03k2IMY8ib3fh8g2/g7jr334J8dD6T4tIPGDzeetcTtD37bcTC+f2Gx3+Q+ENm 7Klql6jOQJMsApyavyYuRc9hpQFAwZ8IlgqAke+WczXmHyL1QPvVdeI1IB9Ctz85 y25FnB2vICofhqo1eAhyUzL85k5w8raaEv8hWX6zpU3XVohBCZzl7O2FwQw7a4Ut wSKY5s0VrD4J/mU68bym5hV0NREYQRGI+r3eJCDY5lxJOWyZse+zwOlugIGQutxz mdSg0HqTVOHppbYYhb642d4bERz0ulHkvGblB94R0YqZ3KLL1LkZclzbutP4tqhN BEvbcYeecafgiENcd7gJZHi/RLQBXkcQKmihEvUcwcTwN/SLZYnLG30uB0qaL85D vkF1HVG47Gdr9hmBCBkHgMW4H0QINPrKt2E8gjsPKWdiA+QsPZpzfWUc5krOlV5H uKOwtMI9Ftdcjm26IebmOsBj9ZVsWRNrzxDYK9F9ygL0NNqqYJwa0RcXv37CZFEc WADHArDwrVR2gS1402ahKmDbMGut9cHVALHujHMgoy0k5jDSRqw= =LmSz -END PGP SIGNATURE-
Accepted lastpass-cli 1.0.0-1.2+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 24 Oct 2018 10:40:01 -0400 Source: lastpass-cli Binary: lastpass-cli Architecture: source amd64 Version: 1.0.0-1.2+deb9u1 Distribution: stable Urgency: medium Maintainer: Troy Heber Changed-By: Chris Lamb Description: lastpass-cli - command line interface to LastPass.com Closes: 898940 Changes: lastpass-cli (1.0.0-1.2+deb9u1) stable; urgency=medium . * Backport hardcoded certificate pins from lastpass-cli 1.3.1 to reflect changes in hosted Lastpass.com service. (Closes: #898940) * Add missing ca-certificates to Depends. Checksums-Sha1: d275ae26713eaf8d80e08a7d68f73a662ffd0277 1851 lastpass-cli_1.0.0-1.2+deb9u1.dsc ea51c8d5574fa8a8c4804e3eed2fa2911e2afa63 6900 lastpass-cli_1.0.0-1.2+deb9u1.debian.tar.xz 5c2120626e310a3c8536a8d13869dadd8a39e273 213044 lastpass-cli-dbgsym_1.0.0-1.2+deb9u1_amd64.deb f2d29654ba8b0b62520326326e89c78443420d94 7707 lastpass-cli_1.0.0-1.2+deb9u1_amd64.buildinfo 790882540530bf8a88a02e6440f2b3c58643532c 70502 lastpass-cli_1.0.0-1.2+deb9u1_amd64.deb Checksums-Sha256: 254df83a392042244785203a8d7825dc5386414061cb6ee088cb25d7f7594952 1851 lastpass-cli_1.0.0-1.2+deb9u1.dsc 39f74287c398e0988079dc44ac1c6f8464ac2d43ec996420b8cbd47946ca89cb 6900 lastpass-cli_1.0.0-1.2+deb9u1.debian.tar.xz ee2ea4ad9d19f31a8f7926ec4e88e65daf0a28e2b9a9fde0e4662f6cd24897eb 213044 lastpass-cli-dbgsym_1.0.0-1.2+deb9u1_amd64.deb e8dbe06798a7a628392ca96ee1c7f0ba8220ff392161de0752c72ef050ea2f79 7707 lastpass-cli_1.0.0-1.2+deb9u1_amd64.buildinfo 1ff1f72301444baa4e261a5217687cda0ab314f24a1478949aea632ac395393f 70502 lastpass-cli_1.0.0-1.2+deb9u1_amd64.deb Files: ae37cce9a234161eef7f77f32dce6b1b 1851 utils optional lastpass-cli_1.0.0-1.2+deb9u1.dsc f1fa6325e4a89d0962b27b7c9fcb185a 6900 utils optional lastpass-cli_1.0.0-1.2+deb9u1.debian.tar.xz 5dea65e1119af071a1c571abd5605dd7 213044 debug extra lastpass-cli-dbgsym_1.0.0-1.2+deb9u1_amd64.deb ecb93fc474d4d8e0a27c76aa90847f79 7707 utils optional lastpass-cli_1.0.0-1.2+deb9u1_amd64.buildinfo 36e32883b21dabb2212ef59ea194e9df 70502 utils optional lastpass-cli_1.0.0-1.2+deb9u1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlve1sMACgkQHpU+J9Qx HljQXA//bT8yiCK5OHRy+HKt7LOb2NwxV28uGj/58WDhnp62oeHTW+SHM1WUCoSH /VNAn8JFBr50GKtnt2IuV+TyZja27Cnz2M4nSpDJDa9bpmDo7OnVynS7rR6t6BbK vWIVPlawq3Dvn2n8sbxJ78kNYwnvaZSxFvWFy+ByrLv+7mGbAQuwJ3vTdDaePOba 6Fm9VdvPp2qD1KqC9ue+opCO/TSbvG+oHnxa7zNDJr7G+JXtklKkTFjUxP4WwP88 BlpB9jvHm9+yXkoSWdA2V41B2aVCINl5++1dFPBdMrOv+KI2HZuofk5dCd6tZps9 tnXfkO0kP3fY3/4DG2Nv0HjMjh5K1eA030ad6ktBLCsnssLUPWpCN24RSGKvGZEp SYJC4tgycLWQe0HkB17u5JJc4/r1M34U3QFtILqgV8g5kBoGrDJuuAoKfsjlKlcr s9jhr4L4+vez/91+e4ITCiqToOgi9gYKXqPdfc16rpjc2AOEFDPs0qFwXee5oaw4 ZjC99enOOPW9ce6AJrmsew0OBg4Qd02p2ilCAFCENF8pQQIjidhv2emGr0jbh00F 3OtkBIAfQClPYEjED/XLVOpgyR36StSFskBf999k4tJQGM9If2jskKGaHAIG5Pxu dmwtvKg0DRd73uZ3qKe6RGwFwvD6F3+IBbwhdAb7ZBU7BfM0YKo= =DdQe -END PGP SIGNATURE-
Accepted python-django 1:1.10.7-2+deb9u3 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 11 Oct 2018 18:47:12 +0100 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Built-For-Profiles: nocheck Architecture: source all Version: 1:1.10.7-2+deb9u3 Distribution: stretch Urgency: medium Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 910240 Changes: python-django (1:1.10.7-2+deb9u3) stretch; urgency=medium . * Default to supporting Spatialite >= 4.2. (Closes: #910240) Checksums-Sha1: 9d8519a68722e4e67f2d334aac221beacc9dc525 2804 python-django_1.10.7-2+deb9u3.dsc 8754dbc1f72849ee85bb0cb83f61c26910cbe775 36500 python-django_1.10.7-2+deb9u3.debian.tar.xz 1f566b3b007d774ffaaf939d063528bfbb57e5e9 1513858 python-django-common_1.10.7-2+deb9u3_all.deb fb7c4ff4e651efab5749cd0c482c300a9468f215 2532036 python-django-doc_1.10.7-2+deb9u3_all.deb 87b9db217cbb9f835ab6095a64d572eb78ea12f0 903616 python-django_1.10.7-2+deb9u3_all.deb 8e2b7de58606bbed2a656a59cdb8e4bc5c4e0f05 9329 python-django_1.10.7-2+deb9u3_amd64.buildinfo b514e0ea5b2d016f616593b232f051a0873e1dff 885106 python3-django_1.10.7-2+deb9u3_all.deb Checksums-Sha256: 4540d12889764ba3129c63050c3f04ed9d6c87083479913203fd9e9a2835acc7 2804 python-django_1.10.7-2+deb9u3.dsc ffbbe36215bd35d8704a4df8433c4a181bbf0c24fbc93c316cdd2710087b05f9 36500 python-django_1.10.7-2+deb9u3.debian.tar.xz 2deabb476e1d195abe64d432d5ac147ffce8d9f311af01ffb5648727aaf0de58 1513858 python-django-common_1.10.7-2+deb9u3_all.deb a38e83e0acf840399bc4dae5b6c1a96dbd9bd340dfdfa4684bcad0d5535f3de0 2532036 python-django-doc_1.10.7-2+deb9u3_all.deb 03d7621aea99730385e5bef8487df30893168bacf75358201b662ad091e06c84 903616 python-django_1.10.7-2+deb9u3_all.deb 02590b24543861f7f4ca374d3ced967cca4173142ef906373a5f35f265a154a5 9329 python-django_1.10.7-2+deb9u3_amd64.buildinfo d32a3a17595b7450dd336ad7740220d3dac76d154f553242a21280b7a2588938 885106 python3-django_1.10.7-2+deb9u3_all.deb Files: 8eb46d0ed40da007ba39648cc4f4d286 2804 python optional python-django_1.10.7-2+deb9u3.dsc d7da76aa36b788be5b296733fdfa375d 36500 python optional python-django_1.10.7-2+deb9u3.debian.tar.xz a806165206d21241b7a6b37bb8345724 1513858 python optional python-django-common_1.10.7-2+deb9u3_all.deb 4f693a944daddbb7d18fc1d7d61fa4e2 2532036 doc optional python-django-doc_1.10.7-2+deb9u3_all.deb af604ffd84360f2203e60ddba3ed7750 903616 python optional python-django_1.10.7-2+deb9u3_all.deb 2d857f8a16e913935ab65a3b72b6f481 9329 python optional python-django_1.10.7-2+deb9u3_amd64.buildinfo efd1e602a417b0c483f7c2cddf04be99 885106 python optional python3-django_1.10.7-2+deb9u3_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlvbf0wACgkQHpU+J9Qx Hljwpw//X/hA0Yv5w+EQySeRzJh5yEn9CSE2MzfVCUnxeXTcnZUVZDMzWNTusuoy MXzvuf/285U+pIZVyIq0Txz93kgTwiRGAnSFJdQBr+DD+AjipRzoc7FRCZSUVPVz SaQ5JGTzBrviwQT+rmgLqrlIsT4CBA6hiU3WJToYcZHQgjZvKZi6+YWMj3XsyS47 9oSjs7M2+RM5stpR9ODRenO/3bHxqbek414L50dzsz5OwCzIhMoNweJUbzDNvz6J ufCYLfXG+/d3SgkJ/g+FutYqffyYdiA1njmV0D8TPXAmz5p0omUCkYpqmIZ0fqcQ kMOZSrOW/r0fvRmRFYUsxKnxFtE9tUsVocKGyhp2lad/DqAyCE1RKql7Vlb8Yc4e T/vDAJZNqEdkFpwga3K8nHCKkmOjsdc9jDQ3d+0NE/XqMDqt3dGPtflph2bNxvmS YTwpGHIxMYVGsDOkaayZtXLcq9SGFoS4uKPHVmsh5j7Rkoc3vHeF269FhKBAkMbh 119TdahWFdjyDDBO4lAT5ldx7Wk92x94nl5YEqQrs8ubNihddd77WtXH2hWtdY5c HSnpQEv79dIhjK7689LPuGsSZ6wTsz3excWHGrG64QAiKdYBzU8yA67AIaymz+qz fjc3YWyp8J1rtZ0Hk6yq7JjQW6yzZCDeky1mxCrnjFNwhKy9jg8= =ys5O -END PGP SIGNATURE-
Accepted libxcursor 1:1.1.14-1+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 13 Aug 2018 09:09:13 +0200 Source: libxcursor Binary: libxcursor1 libxcursor1-udeb libxcursor1-dbg libxcursor-dev Architecture: source amd64 Version: 1:1.1.14-1+deb9u2 Distribution: stretch Urgency: high Maintainer: Debian X Strike Force Changed-By: Chris Lamb Description: libxcursor-dev - X cursor management library (development files) libxcursor1 - X cursor management library libxcursor1-dbg - X cursor management library (unstripped) libxcursor1-udeb - X cursor management library (udeb) Closes: 906012 Changes: libxcursor (1:1.1.14-1+deb9u2) stretch; urgency=high . * Fix a denial of service or potentially code execution via a one-byte heap overflow. (CVE-2015-9262) (Closes: #906012) Checksums-Sha1: 61d56a3532404d89e20e2b22e97efb5d96e387b1 2334 libxcursor_1.1.14-1+deb9u2.dsc 873a91831946cdedc0724b1d048c8041d958807c 374910 libxcursor_1.1.14.orig.tar.gz 7ca624b1c6f12855a28f2b41b5c99d1ad5180046 19765 libxcursor_1.1.14-1+deb9u2.diff.gz 56294fe5750c1ad9740012641471b3c6d3586839 42552 libxcursor-dev_1.1.14-1+deb9u2_amd64.deb cd74f7f46bb5ebc7259670ba64f2c19c1f4217f2 67360 libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb 92c44fd03cea00982d9e71e4eaa8db9b63772dd3 17170 libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb c1beb12a2ba565210c904ddec30d6c08da1b3aeb 34910 libxcursor1_1.1.14-1+deb9u2_amd64.deb 7318b023cf8df91a17ca718a9b89c67a75005713 7405 libxcursor_1.1.14-1+deb9u2_amd64.buildinfo Checksums-Sha256: c7d9fb3b4aee36b317f62a8a04697931ac2356f9ebf7f8937c7e9ac8a41034ea 2334 libxcursor_1.1.14-1+deb9u2.dsc be0954faf274969ffa6d95b9606b9c0cfee28c13b6fc014f15606a0c8b05c17b 374910 libxcursor_1.1.14.orig.tar.gz 5b56f9b5f9327471ddfd8c5f8a349d93faded3b40e9eb1d0ea1b5129e2db84a3 19765 libxcursor_1.1.14-1+deb9u2.diff.gz 3182938f4b8511866710badfd20e4aa660ae1793913c0a7d1ba86cbeb3bd0fb6 42552 libxcursor-dev_1.1.14-1+deb9u2_amd64.deb 2404b00ca789d27b89648fd1d8ea7a3979c9e19c2d3805512ff8dcbd58832802 67360 libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb 5e14ce0ac6ff0e10a8f810bfb7509a396656f692fe7815b8211b40e8e29e2f42 17170 libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb af4908f3f2bcfe78586823eaf8ed65d838936cb26698c520538717367d836dc6 34910 libxcursor1_1.1.14-1+deb9u2_amd64.deb 31d48b5b9b82246905c2fe498e0aacf47349d213e83a5b4914c2c8610385ad65 7405 libxcursor_1.1.14-1+deb9u2_amd64.buildinfo Files: acc990e11509e6996276e263eb38af7b 2334 devel optional libxcursor_1.1.14-1+deb9u2.dsc 39c8423de190d64f1c52fbc00022e52c 374910 devel optional libxcursor_1.1.14.orig.tar.gz dc7bc23048569d80495f18b076a064c2 19765 devel optional libxcursor_1.1.14-1+deb9u2.diff.gz 17d70baeb33edddef81d8ef7d6e4498f 42552 libdevel optional libxcursor-dev_1.1.14-1+deb9u2_amd64.deb 04c9c4056789bf6402371767af684966 67360 debug extra libxcursor1-dbg_1.1.14-1+deb9u2_amd64.deb 648df027c161c02dc54410065e3db85b 17170 debian-installer optional libxcursor1-udeb_1.1.14-1+deb9u2_amd64.udeb 28b8f760545fba07638cb8af00361965 34910 libs optional libxcursor1_1.1.14-1+deb9u2_amd64.deb c3a05658c7a25c0b437ae2482cb4fdff 7405 devel optional libxcursor_1.1.14-1+deb9u2_amd64.buildinfo Package-Type: udeb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1yxUACgkQHpU+J9Qx Hlj0hA//bTDkRUU2l1NHsfM/Vp8HaQgerMWW19U+QQSVPp9klWv67DTZpyDfn1eg Y1LCtZWpL9wNbkFFygBE7c4m92Ew6sbPkWFrwLL3wrpRGtI76a3dEwRe71x3oAkC uOci9RvEQwZir2+A9QoXEaoU3D10lO4k9G1p8G8Z0LQNRXK/RynJaUiG5mxZn8Fu H8xm/ZqK2wEXwvhS0aexSGCdfoJB7fJNLDorbqJrL00Mrw++EiSEmaL7fDIGdgTE RNqs+gm5RZplJC/1gqIMQWSH87Uz4yHq/3lBWzS1V75MgIZM0AyJVHz4ksqBeIPL 2O9zGFPxv2fwL0BZyQSA0iXbNcZ+mBfzN/UL8NtcA+DRyT/HdZeGNrKTS6vy2leX FQtM8XJXaeljxH1UHNO8th3Z3FO7N6isVwe2a+fpG5dj/C+tjpgKGl0eAW8h9jB2 I1oQvzjFZPznI27IZQzaeVh/wzrWmCiPY5Pw6QT3fdH4yXoloxYbZfGw6bK0CfHU ziVEkn9YDEo/lAptt79+p1zvP9O4UoFaZJBa9wX3ydA9ggnK2F+3NnbQRK2UHLnL jfMylSOIImrMey960WgPgood8DRCKbiQIfd7bBwKrd1y+xU3iv6iZSCVSLCatHQX h0wS93qPYHA2ImS+6diIYFtTOtYhP8C37+GdfrwNhA1nrzafo4U= =vWgu -END PGP SIGNATURE-
Accepted php-horde-image 2.3.6-1+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 23 Jun 2018 11:09:57 +0100 Source: php-horde-image Binary: php-horde-image Architecture: source all Version: 2.3.6-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Horde Maintainers Changed-By: Chris Lamb Description: php-horde-image - ${phppear:summary} Closes: 865504 865505 876400 Changes: php-horde-image (2.3.6-1+deb9u1) stretch-security; urgency=high . * CVE-2017-9773: Prevent a denial of service attack by ensuring an infinite loop cannot be triggered by a malicious request. (Closes: #865504) * CVE-2017-9774: Prevent a remote code execution vulnerability (RCE) that was exploitable by a logged-in user sending a maliciously crafted HTTP GET request to the image backends. Note that the fix applied upstream has a regression in that it ignores the "force aspect ratio" option; see <https://github.com/horde/Image/pull/1>. This has been remedied in this fix. (Closes: #865505) * CVE-2017-14650: Prevent another RCE that was exploitable by a logged-in user sending a maliciously crafted GET request specifically to the "im" image backend. (Closes: #876400) Checksums-Sha1: 47d78aaa68d3afd9fc0deb5c4c12419d1eeec577 2112 php-horde-image_2.3.6-1+deb9u1.dsc 3c2e1237dc532c1e40cf46d7bc59cd75d5794a3f 769650 php-horde-image_2.3.6.orig.tar.gz 7f35c6186f0e8c24c87374427c06cd9a74c56631 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz 967e0e206efe2b61cea3064fd29306405567fa26 165020 php-horde-image_2.3.6-1+deb9u1_all.deb 95df2167f336e96b8218cb2f132ab205d9044116 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo Checksums-Sha256: fedd93b4e0580e98abc1fa9343d06c8dc29c7a8b93e8478b17424b3d9047196b 2112 php-horde-image_2.3.6-1+deb9u1.dsc d5c8953df1a7d4bef9fa65e33f4e6945c554eaa261a4233fab08593de5f82b60 769650 php-horde-image_2.3.6.orig.tar.gz a5eba44a63a43b178a1df042e9e6e27fa5d0ddbfbd7599a4adae1ddeaf40ce57 4816 php-horde-image_2.3.6-1+deb9u1.debian.tar.xz da869c96cd620231c697a9b02584efea9f01a37d134fc8e2309978a1b8fc256d 165020 php-horde-image_2.3.6-1+deb9u1_all.deb 07c7575bc25b2779acfb624828bc59081a88dbd011bf49f555e6797600343c30 6343 php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo Files: 38e2ebfcc1c58e581c31a81e6a5dcb17 2112 php extra php-horde-image_2.3.6-1+deb9u1.dsc 3314aa612d97ee9c92ec47652601bba0 769650 php extra php-horde-image_2.3.6.orig.tar.gz ab94d6f57be315863bd3a9ee8944e290 4816 php extra php-horde-image_2.3.6-1+deb9u1.debian.tar.xz ac03f6dd0d26d05d93c12831bf95aece 165020 php extra php-horde-image_2.3.6-1+deb9u1_all.deb e4b9f653e06e706d60e8b86749900a55 6343 php extra php-horde-image_2.3.6-1+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlt1lf4ACgkQHpU+J9Qx HlgYwQ//RKHjOa0CY6A7pdzjrOheIAfx6+SB+N1AHPh2BV8v9tnZFrmTBzNk7G6A 5xXBhDdQT0pSQpB3hWteFF7zmZvGGrnXcgJQI0mjWAasNyqHO+XE4w2LkN8KLZA5 NLoZx1pWhHiUgUryMv4l6ivpbAK1aeFYB8/KFuhD11/1FeXsFkRl/ctV0yY1is78 4mybxkT1jWXBEdTLOoyFwu8dMXlgtKSZS6cR4JoBVJcAOxTwkFqC6moNnkEg7V4f xKhygvVfWbZN+Xwf4tEJ/GkkUvmffiACSX2jdG6vEb1aaCLJMooS8dundLwer9O/ 6ocpBGrT/VkAGehpCKSC0cic9k8byyuQD2XvkHEfD7Jue76CZDOGnECbUK90aVkB 7SqQbGPcmGg8ZAW8lVsj+iWp2y35OjSB/z426D74AgsenMIG6qKZ7mtjgN6ub04A iZrsrIw6VvCq4uxDaSW2MlKSCaVdcbs1OwWNk18hysZ7VAInXcNop0npxNlbuvDW lPHv9KvCFHKMKD8a4SgrxNiRBs713cv2V5WwAYH87O2hvoRwA7f9GMjtfaRqMpne l7kKrM/gj39//T9cbWNzAoKjDyXG9MzRHN8SpzaFIltFGuZVvs+gSvNLrqL/m6ny haecT1LVZxsMVafMIFg8VIY1iFzoP7NPGNxMeJPJwFS0RjOprHk= =8w3R -END PGP SIGNATURE-
Accepted python-django 1:1.10.7-2+deb9u2 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 03 Aug 2018 15:11:16 +0800 Source: python-django Binary: python-django python3-django python-django-common python-django-doc Architecture: source all Version: 1:1.10.7-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Description: python-django - High-level Python web development framework (Python 2 version) python-django-common - High-level Python web development framework (common) python-django-doc - High-level Python web development framework (documentation) python3-django - High-level Python web development framework (Python 3 version) Closes: 874415 905216 Changes: python-django (1:1.10.7-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2018-14574: Fix an open redirect possibility in CommonMiddleware. If the django.middleware.common.CommonMiddleware and the APPEND_SLASH setting were both enabled, and if the project has a URL pattern that accepted any path ending in a slash then a request to a maliciously crafted URL of that site could lead to a redirect to another site, enabling phishing and other attacks. (Closes: #905216) * CVE-2017-12794: Fix a cross-site scripting attack in the technical HTTP 500 page. This vulnerability did not affect production sites as they typically do not run with "DEBUG = True". (Closes: #874415) Checksums-Sha1: d4d06dbb55c65852065648f3c52c3549b9dfb070 2804 python-django_1.10.7-2+deb9u2.dsc 5edd13a642460c33cdaf8e8166eccf6b2a2555df 7737654 python-django_1.10.7.orig.tar.gz 3199a75fd024170733fbf2e37594ac63e337c0ed 36080 python-django_1.10.7-2+deb9u2.debian.tar.xz b8ddf9e3b3f62f25cf37c6302b46af6b0d81a783 1513558 python-django-common_1.10.7-2+deb9u2_all.deb db77dfc3afd2f56d4651ed097b8b1e81c182602e 2532012 python-django-doc_1.10.7-2+deb9u2_all.deb 2e23e245432e6542b46754a907ad5cd7e9c3cc8b 903406 python-django_1.10.7-2+deb9u2_all.deb d5b065462ec015c0880f0498531f28d09b65d491 9264 python-django_1.10.7-2+deb9u2_amd64.buildinfo 1d44e145cb74b7b15b41078a61b1d928075648e6 885284 python3-django_1.10.7-2+deb9u2_all.deb Checksums-Sha256: ebc070b0ac89ef5366033ed3a65d7186cb69e50439f141c3453a4e28339ef381 2804 python-django_1.10.7-2+deb9u2.dsc 593d779dbc2350a245c4f76d26bdcad58a39895e87304fe6d725bbdf84b5b0b8 7737654 python-django_1.10.7.orig.tar.gz c6635a5f8952d2b955c7e3bcfe41035055ed2962992d5221d99d224d7e16886b 36080 python-django_1.10.7-2+deb9u2.debian.tar.xz 39c5353d2b3340cf89003bf55b4dc7f8a2e286586d282fc4d8e583ed1ecbc969 1513558 python-django-common_1.10.7-2+deb9u2_all.deb f1675e269447784180af0ea34237b7d38d1b1f5374332dcae597d010502a 2532012 python-django-doc_1.10.7-2+deb9u2_all.deb 2340be6efff9397bb824dc01b58088aac847212e84c2d7a0cc01efdd062a83a5 903406 python-django_1.10.7-2+deb9u2_all.deb 642f82f6d6afb6a6f5f1ba1d68275c1f999019ef5d000dadc0b93f2d2bd006e4 9264 python-django_1.10.7-2+deb9u2_amd64.buildinfo 1574f3e292dff909d1e05418c7a38c4003bff69f28456a847cbeadd17eac5673 885284 python3-django_1.10.7-2+deb9u2_all.deb Files: 0deb756e1e4525802024155e7e57a34d 2804 python optional python-django_1.10.7-2+deb9u2.dsc 693dfeabad62c561cb205900d32c2a98 7737654 python optional python-django_1.10.7.orig.tar.gz 462ff484065d741dfc4ddd100a9d5c03 36080 python optional python-django_1.10.7-2+deb9u2.debian.tar.xz d9d238ed3a2ce33c7c4f7c864c95171f 1513558 python optional python-django-common_1.10.7-2+deb9u2_all.deb c50ec227e86bb8f1cb1d949a7844cd01 2532012 doc optional python-django-doc_1.10.7-2+deb9u2_all.deb 402bf959aea2b8040235c452eb7f2f11 903406 python optional python-django_1.10.7-2+deb9u2_all.deb a25a3f79aa5c993570c6a9dff08550bb 9264 python optional python-django_1.10.7-2+deb9u2_amd64.buildinfo 9ecd4027ae32bdc2e27340b76bf00331 885284 python optional python3-django_1.10.7-2+deb9u2_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAltkAygACgkQHpU+J9Qx Hlj+VA/9FDN4ieSysnp8g/2cDQ2F7wyEk2ufI0CIvVCbPu/jigoi2HVMFYCcShcW 0B50Kjjhr8qkrI8qY7xaA3wBQ/fWlnEZK4/uuFi27rnauMeFNCA9jowpYsmgPatE rhu99y4Ou91mJBm9r+gibH7K73o147DcwlePWKS7iYXpGGPOSrCfVnmLOEexcrn3 uFoxUcfVhhPr0RwoXaSe0tt4UwqhVblFQ1OnAFOgEJxhevh93MxpLoamsDBnnrAL /1nFubKIIGweXcARXG8tQvE3fCUavmOYDOrHmRdNaK7z44qMoUYu6HUj+EIe5GTd kfIpBzXU6Q6ynFMTsTMC4vSUSaVsgz0Jix4C05LG1wNRMVFrwEB02txfCsQ0fMEE 4iLA6puiZQ5dPBtA5e522CuTxGSlzyPcarVAIM33PF/TWfZwDppGxOuGCYbdused uw2IgQ1WniB/rTYmnW/CEL8g+tru+s0glQLlyPYxwMfDtkMRT9mDDscgKbp91ywZ Ib7awFf3H+z7u2t0B0Pdp/wmposrZG1zLN/Fywk+2LUpqDf9lqykL/uML3A2z75S GFeofeyMgiNictgm0NPEJpDapbEmrvDrNWXsSWChFHYJIsGunU7sgRZNJB/S3N5q g9WV8j390BqiS7++N6olu/ODvMUmzdAK0olJm+Eql00Il+j5aVQ= =tHk1 -END PGP SIGNATURE-
Accepted redis 3:3.2.6-3+deb9u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jun 2018 15:08:27 +0200 Source: redis Binary: redis-server redis-tools redis-sentinel Architecture: source amd64 Version: 3:3.2.6-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 901495 Changes: redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high . * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap corruption and integer overflow vulnerabilities. (Closes: #901495) Checksums-Sha1: 2c6d029f541e0f6eb15491f9d3c3566b1f37522f 2013 redis_3.2.6-3+deb9u1.dsc 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b 1544806 redis_3.2.6.orig.tar.gz 5ca7378156cac0d842c80fc76c86a1f0c62d39e7 38904 redis_3.2.6-3+deb9u1.debian.tar.xz 96a8f2ee6ab578c5eef69f85eb1e9b732a10fcb1 18476 redis-sentinel_3.2.6-3+deb9u1_amd64.deb 24275d0221edce2baa1529ac28e55972caf0209b 1038238 redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb eb69917194d7263b91f27f69e51c450a78f43205 412890 redis-server_3.2.6-3+deb9u1_amd64.deb f3c7d7700e6c40222bf4d1046b66eb03139aa0cf 1255818 redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb 08fa7f1fa66f554370f9f044e780fdeb26043b34 462498 redis-tools_3.2.6-3+deb9u1_amd64.deb f4209192b39afc65d17775bc9a5241d1e28b6ab9 7195 redis_3.2.6-3+deb9u1_amd64.buildinfo Checksums-Sha256: 80da262658515878816bc54a91025a19dc908e19e900c20edc05105a5a082762 2013 redis_3.2.6-3+deb9u1.dsc 2e1831c5a315e400d72bda4beaa98c0cfbe3f4eb8b20c269371634390cf729fa 1544806 redis_3.2.6.orig.tar.gz 4dd8b850f189a14f506ab2dbd9ec9825ed1d125390281cd4e51dd3a23047a239 38904 redis_3.2.6-3+deb9u1.debian.tar.xz bdc22af158b230cd4766f73f227eda22a1cfbc0cdcbce370e6e2bca35a68c264 18476 redis-sentinel_3.2.6-3+deb9u1_amd64.deb 1bd65e89e6af090127f8046b5628d7bf174d5a02b1a0c2b24877353072bc7583 1038238 redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb 6e698e1511719caa5c868e04d7b84f6bb0478c5d79d5660935feace484f123cb 412890 redis-server_3.2.6-3+deb9u1_amd64.deb 366b7b25147ef54a91f379444b9d55030999f747bd02c66d493ecb1f33d77c62 1255818 redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb e836f6c21a7d0c9285fd6f6eb5c04cd4f9242ce36370a3665009cf6ccd114fe0 462498 redis-tools_3.2.6-3+deb9u1_amd64.deb 1be8c36b74ed80ac3dabb5c940dcba0be77c84e7bffa84adc23deb7e9f51116d 7195 redis_3.2.6-3+deb9u1_amd64.buildinfo Files: 46211e7014c90c56ef19a874429c73c6 2013 database optional redis_3.2.6-3+deb9u1.dsc d0e81d1e19f673fd84d01784bf9fb5f0 1544806 database optional redis_3.2.6.orig.tar.gz ac6e30e29dafd9f1065112fc1280dcf1 38904 database optional redis_3.2.6-3+deb9u1.debian.tar.xz da7637a773f146ecb621c92223016bfc 18476 database optional redis-sentinel_3.2.6-3+deb9u1_amd64.deb 350d1395fb7603697cbc406b6a655564 1038238 debug extra redis-server-dbgsym_3.2.6-3+deb9u1_amd64.deb 9a904651fa902b8c03b3377db76d02d6 412890 database optional redis-server_3.2.6-3+deb9u1_amd64.deb 57733c799dacbc72b57d971745ff97ad 1255818 debug extra redis-tools-dbgsym_3.2.6-3+deb9u1_amd64.deb f5b835645f9f213c6ab026a428870c7c 462498 database optional redis-tools_3.2.6-3+deb9u1_amd64.deb 367712223162b170b21999718c75f2c5 7195 database optional redis_3.2.6-3+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlslJ7cACgkQHpU+J9Qx HlhDGQ/9FgaVOid3YEi60DqUTprZlsiNoAOfs0TdvqZ24p3zokZ7oOWUO3Aty3Fn 6GEGsDiao8ZSttgeRXF3k13S8loBRY6ORhKdeIzOv9TQ2tY6zJAIui2XtDx0krF8 Nb4IITgSSTQCLCI6Gu5wZBHly/0Wno8Y6fBozLaZAREkug8BM8i4PwceG5ETN9uM JVdJmhIRAtmctBaQV5y47ajYdbCrYqJ+P/MR3BYx7I5VyahiCcB82sDHcYXsH7Ji iMsEo4/oa9T7XxC32p/hdGnNvUTQXeEJ/MhNqy03YfJ9xEFUE79ixp3x7ka4c0Gp Vulp/QNBbtWkNHodGKtDafoijqST8on6TELtQiUyWIJI9o+JmDkv/MPDjzdkY8hY nQGIXK71ZmAQku/fWglVSyswEF9Ms9Auc67J/mc0nfzRJYEklLeF0fRpLdjlZwD9 T/BdGIH0B5SnZCYFpflDVHGVaF5diU+8ojPeU+sDpi2QBp5ej9tJ4HGQpedxbKgn g22u9tpRjzuWfA54BqedPig0FJ4WZBjXxVrU7d0b+XvL7oSGaXqtx5kfWy5yy98P WwPX0uT13iZZ8smKVB0lqu97AMu4SDQEv/iOdpDeNfYrN1m2aNbP8RmdX4SjPuQQ 0ONy20bnjQc5qojfzhBuw3GowCfoRiL+Y0EnqCEoMkAHQAEd2L0= =pdQL -END PGP SIGNATURE-
Accepted redis 3:3.2.6-3+deb9u2 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jun 2018 19:12:58 +0200 Source: redis Binary: redis-server redis-tools redis-sentinel Built-For-Profiles: nocheck Architecture: source amd64 Version: 3:3.2.6-3+deb9u2 Distribution: stretch Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 850534 880474 901495 Changes: redis (3:3.2.6-3+deb9u2) stretch; urgency=medium . * Correct RunTimeDirectory -> RuntimeDirectory typo in systemd .service files. (Closes: #850534, #880474) . redis (3:3.2.6-3+deb9u1) stretch-security; urgency=high . * CVE-2018-11218, CVE-2018-11219: Backport patches to fix multiple heap corruption and integer overflow vulnerabilities. (Closes: #901495) Checksums-Sha1: f2ff97c5aca201e7121e045467346703e22578ad 2013 redis_3.2.6-3+deb9u2.dsc 0c7bc5c751bdbc6fabed178db9cdbdd948915d1b 1544806 redis_3.2.6.orig.tar.gz 05dc32ad1687b5cbf63f6991c87dac0617c5bcea 38952 redis_3.2.6-3+deb9u2.debian.tar.xz a7f99638c2153d735413c1881ddb22e38ef95a20 18520 redis-sentinel_3.2.6-3+deb9u2_amd64.deb 924866e7270d9124ac0cd4915cd9394e933c657e 1038240 redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 2be0ad58c1f791fd4478e1db04a96e3e5d4ca878 412640 redis-server_3.2.6-3+deb9u2_amd64.deb 016c4fe02b025c8cc42751e7f9f7c2865d05f3a0 1255814 redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb db5c19e572a644779772f4e749c947024aa2b152 462686 redis-tools_3.2.6-3+deb9u2_amd64.deb af8e619f6a4b507f27efef23ac4f2835edfeed25 7210 redis_3.2.6-3+deb9u2_amd64.buildinfo Checksums-Sha256: 4edd6de71bdb0c409723ef6d4d808dc84f5615ce897e4cc958527280d1f8174b 2013 redis_3.2.6-3+deb9u2.dsc 2e1831c5a315e400d72bda4beaa98c0cfbe3f4eb8b20c269371634390cf729fa 1544806 redis_3.2.6.orig.tar.gz f1f9a05c90e72a7c0f8e343ebec93ce43cc0fafae54379d78941f1b2e13487f5 38952 redis_3.2.6-3+deb9u2.debian.tar.xz d7f29e2f0b6c11ea9ff663070a5f4c1e62d89a2be67885913bc9351d1da738bc 18520 redis-sentinel_3.2.6-3+deb9u2_amd64.deb 5adbdfd9e1514f2f428121bf5e9de11bf3090a1e6efa2213e5c1390ff1b42b47 1038240 redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 097ecb62420b47deb78629cf00b15ebba6216078006f3a88a21bf55a5d1e9154 412640 redis-server_3.2.6-3+deb9u2_amd64.deb 467a4f69f9258aba1b487955a3c507ad788a23140be1d2a4856911026a608244 1255814 redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb 061da861c506626b54ab648f6120e96818ff423faa08c469ee8e44aaca87d2e5 462686 redis-tools_3.2.6-3+deb9u2_amd64.deb b9b073e8ead040ebdb7bb7d2529c0800ecbb2fdfd5d7d2bbacbf770ac6c3cc0c 7210 redis_3.2.6-3+deb9u2_amd64.buildinfo Files: 2fa9e1c426d6be642f9dba8a09cdd2a3 2013 database optional redis_3.2.6-3+deb9u2.dsc d0e81d1e19f673fd84d01784bf9fb5f0 1544806 database optional redis_3.2.6.orig.tar.gz 026fbbd264a21b6734dc88b3a43daf4d 38952 database optional redis_3.2.6-3+deb9u2.debian.tar.xz 4d9ff924f466a21f1e8c56fe4dd83fc9 18520 database optional redis-sentinel_3.2.6-3+deb9u2_amd64.deb c3950ce82c25c032ffef0b1a83840df0 1038240 debug extra redis-server-dbgsym_3.2.6-3+deb9u2_amd64.deb 354a98f70238bc81d9a32651379acf93 412640 database optional redis-server_3.2.6-3+deb9u2_amd64.deb d1797a2541cf12277fa62129a3b55e17 1255814 debug extra redis-tools-dbgsym_3.2.6-3+deb9u2_amd64.deb f261e29b2e318f68bedd0331ecdb349f 462686 database optional redis-tools_3.2.6-3+deb9u2_amd64.deb 6896f71576ba71906b8528b2fa87 7210 database optional redis_3.2.6-3+deb9u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlsn6p8ACgkQHpU+J9Qx HljYCg/+NFlpDA5q52Ha0QVA2BpbBH+dkS34Ez3U+pA1DpHFth+gzGUQmh8GH+d7 xxA1nnUphZMEJs9P71sSMTeGfGNHrdz6t3cEEmCAqTXw43zCB6FPET8VsU64cG2r DOLISKw2ozfkqu11hUQUX02mVrCCqJyyFfJs79vVE7HBeviCSoTTlPSCALtToRjg ESHjfJ3wbZEDlofw+/yxAN0mF9MfkLALHbTGH0vaeIBu/DH/G2MxJtRWB6yTWyNH do0WBVvWQDf+XzGdNkmDGu4CRzO7AyQpq62TZHQjsR8MfQRwcJTpVNht8XvacDTU OipbhV24B9d5RTASXqTQDyBfd8dSCsEKKhrDg6x17cK0+Gknm0kmr51PYLO2WU4b RG9xj4iEetKOCkgNSlOz5413Ot+thdSgMIs0zLcXgxHaom+DRqwo42mHIXvze7FQ udzlFOXJ/f/jhrDgupeiAfbdaii1VZNE8wMZl8fWKF3P7LCDfq2s92oaWwyLrShr iMSYF3araLSBf9BhVQm0L/+BQNQIO6z1WnZVHSY91Sri50nYhr/47rbrobWL4v2b kFrDm3+no/3wCIRoJR2RyyIOBwdlkxT8mDzuH4lPv7usX+y9X6IoYtP3+vj/YO49 r8mUrtV5noBzn3mFdT9YNE3ZdPiUx2GtTM5cxyIMR70XbtRn59E= =FLcX -END PGP SIGNATURE-
Accepted adminer 3.3.3-1+deb8u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 07 May 2018 09:06:51 -0700 Source: adminer Binary: adminer Architecture: source all Version: 3.3.3-1+deb8u1 Distribution: jessie Urgency: high Maintainer: Medhamsh V Changed-By: Chris Lamb Description: adminer- Web-based database administration tool Closes: 893668 Changes: adminer (3.3.3-1+deb8u1) jessie; urgency=high . * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) Checksums-Sha1: b31208291084d5c6087c18248f714cda05fa63d8 1851 adminer_3.3.3-1+deb8u1.dsc 152c4969356d6330382d28dd22e6f16e0d9653bf 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz 60a5a781ce2ba73955f1bd148598b08987606a1e 242238 adminer_3.3.3-1+deb8u1_all.deb Checksums-Sha256: f02979dd83d45231319325ec33ee1c3956589a598fb15746910463e5aa8cef57 1851 adminer_3.3.3-1+deb8u1.dsc 168cbe44a91fc809a8ff37a5ac7f077252b00d75810b2a1c18500a0bee1f4f63 3404 adminer_3.3.3-1+deb8u1.debian.tar.xz b836b655330e4966879b72e8779b766cc457ec3a65fd3de7a8e71556a957f7ff 242238 adminer_3.3.3-1+deb8u1_all.deb Files: 4ef4480574c57b6ed93165e06414aea2 1851 web extra adminer_3.3.3-1+deb8u1.dsc fe7be26d19e366eb8667cd43dd01d080 3404 web extra adminer_3.3.3-1+deb8u1.debian.tar.xz 5019c04c412f7f3e1a460f33b0e10f28 242238 web extra adminer_3.3.3-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrweeIACgkQHpU+J9Qx HlhpdA//YHKcK623ufQYm+Ad4GJb986YEk1p2YZy7Nv31kcCtnZsutHqihcXlhPT WQSKGEfmaCORXzhlqx+qOjmrG+3QZa943+vUmUWgzpVIF39s/JuE2YjHSW6M5yYU +JJCrVJ4l7kezEdMwYWd2EqjBuXCShDeEtSE8ytPAIMNnICuPF02CwCoQPDsUoDM nXAeSZQxUUskqaZWLKOWgu3i7n5tBqYAYoN36f4Tj1PEp+ou7i/EZ80Z2jmf6W65 X6eqVYxU7LjiAuzDeVRhYEiIuPpbSnAoBA5aL5OfIe7YjQyB3ICPCXwZ60DQSA0U gsuZf4GuPCLahaYYxmNES3vPdc3rPVmVTYNIEyfsaPLUTbU+E9rGp8lq6hQbO6kM 3jxI5AVUl3h+JCTEw213lWzXdKUdi0grkBRSsPL8aS52r5gQvZ6aG4XNlsectest S2Kg9iKv1zR0Lg1NSV3esjpMwEnHYpaiOwyhsMMV2I6Q5KneZn73eMK/P49ODdBg xmtH2GK8At1U6fEuYMkgnHstcpIC/oog3ZvdAicTBCU1OkrVKLkJrxhGdb7OwmsO szJvOvfx6Hlwp++C5ko/sIxMh7axcNBQE0VwA/U9kkik1ekpNmyl5SnYDY7q+nBo XxCRtKS4z7SnbFmshjTzPyNrJYfIEpOuQ/2uQr4ZPnP2lDT/mz8= =wlHB -END PGP SIGNATURE-
Accepted gunicorn 19.0-1+deb8u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 22 Apr 2018 11:14:07 +0200 Source: gunicorn Binary: gunicorn Architecture: source all Version: 19.0-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: gunicorn - Event-based HTTP/WSGI server Closes: 896548 Changes: gunicorn (19.0-1+deb8u1) jessie-security; urgency=high . * CVE-2018-1000164: Fix an issue where CRLF sequences in HTTP headers could result in an attacker tricking the server into returning arbitrary HTTP headers. (Closes: #896548) Checksums-Sha1: 884a6ca6852b96128b8b927f008e440cc891abe3 1881 gunicorn_19.0-1+deb8u1.dsc 632a06634b6796a9976208e7997c80e06e2587c5 385165 gunicorn_19.0.orig.tar.gz 1be42a8ac5e134c944700afec96982ade04bed68 10184 gunicorn_19.0-1+deb8u1.debian.tar.xz 499ede5fa925452f9ca42313cfd690fe8e25f1bf 131416 gunicorn_19.0-1+deb8u1_all.deb Checksums-Sha256: 90e4e1e39e2ef21f89905c383e94c79febcd6374c92bf8f2f729162eca22e722 1881 gunicorn_19.0-1+deb8u1.dsc 9c277c1c10e914d648f2cb8b5245a23ff0289255e195f74e96117e944e1b087f 385165 gunicorn_19.0.orig.tar.gz de18bd4947b3883cc3bfdc5da51269ea9750c2d145aa27150da4530909e82fb6 10184 gunicorn_19.0-1+deb8u1.debian.tar.xz 23e7e0b3b820dbce0ff21ba89a8df824be5b08e429a51756a10e5d5aab5c6676 131416 gunicorn_19.0-1+deb8u1_all.deb Files: 81b9da552cb2e3c2cf3a8cc230fd01bc 1881 python optional gunicorn_19.0-1+deb8u1.dsc ad158eb9b5e8f74b223c0ccfba7dae8f 385165 python optional gunicorn_19.0.orig.tar.gz d71207821f721807f8265c67e89f3da9 10184 python optional gunicorn_19.0-1+deb8u1.debian.tar.xz 4f44afeb19ceb24449659e002b352669 131416 python optional gunicorn_19.0-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrdxikACgkQHpU+J9Qx HliH2w//eXKK9RHUXhaTXmvJ43eZS8/GHpQhZTJ/OtAuUehpMz1bAiNvbuFwf69V nYvPkR6TMiek/Dhm9ue9IeieCh+WJ+E6lMDTFu/qaGgiIyzWUcqPfzA08TpCmyAx ltdvcFvSNNv2CP0fZjajxgAXxE6uh8cIcIsKkj0ocwGHFi/48rWYgqhIIyNn9sG0 UHDLxcIQCoZCTNytn75ZBUSK1t2KMMKHeM7ovD36Sixgg08QfXnu5bySsfq5QEEY 4YdaZ72GBZHvsxvSGWm6aubLG22YqQlQmMaOyV1O93F3AOhL7uAqfE0QouYKyfDx HfuHV8gGzNScDIgMeszV9VpNwQLyVn5sjDWCbDym5R4cdDxSr6bwzQjCWTmJwIro edAkfLOGhpK6VbDNLNmEOfC25WccHkHWk7NbObtzlCVJHgAaSl0A7WCcQumUgamD uL080rBPPzrPlaU2RzhroNAK0p7yhTc2OSbhc0iJuNLZsQWNsV+B3W58bF/uKpZ5 HX+RsxjlO0ai8HWZdL8Y/bQFFBWhPtH7+u6XTDoh3i5J97Ueuv1xquissaQoTnev cTWLWOxc1kEX8RzFbtpvMAATHavHWDw0cidynz1b7AMFcGltx7uZ29V6e2XebnBe VKZmPelr+GhoR+RLxMQJCL0Hpyr4/0SVdeUUd2apZN10K5AFW7o= =00kJ -END PGP SIGNATURE-
Accepted adminer 4.2.5-3+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 20 Mar 2018 22:40:06 -0400 Source: adminer Binary: adminer Architecture: source all Version: 4.2.5-3+deb9u1 Distribution: stretch Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: adminer- Web-based database administration tool Closes: 893668 Changes: adminer (4.2.5-3+deb9u1) stretch; urgency=high . * CVE-2018-7667: Adminer allowed unauthenticated connections to be initiated to arbitrary systems and ports which could bypass external firewalls to identify internal hosts and/or perform port scanning of other servers. (Closes: #893668) Checksums-Sha1: 8ae7c258df2749666d955a13663fd28af904b5dc 1809 adminer_4.2.5-3+deb9u1.dsc 05db4eb98bf092afe04052733612c2841ad97317 409762 adminer_4.2.5.orig.tar.bz2 2497a8541adf1f352942658dc352b75ea92ef99a 2732 adminer_4.2.5-3+deb9u1.debian.tar.xz ed939788115cd89e7d002ecf2d757f1772378601 386380 adminer_4.2.5-3+deb9u1_all.deb 46244b1a3b17f2f484b0968fe04f2468b076545a 5709 adminer_4.2.5-3+deb9u1_amd64.buildinfo Checksums-Sha256: 718c5bc1144f8f7e2b817387e236ac6a49dc96a402383d368f7b47add691a013 1809 adminer_4.2.5-3+deb9u1.dsc 69a177ba87ed0cf8d7633799248511d1c7d4cffb66c9a5742795e1de506f1946 409762 adminer_4.2.5.orig.tar.bz2 6109a0042955d441878280aa25073e97de5ad3b64384873e3914bf4a6fc4a7b6 2732 adminer_4.2.5-3+deb9u1.debian.tar.xz 1a885eeb402f1470d94908832471c397ac116ada6c24b8585ed0fe1d7a3c9a6d 386380 adminer_4.2.5-3+deb9u1_all.deb fc17a857cd8d2fe3121530b3a3d09c3683669573b7912f6bac1394f56de8a9d9 5709 adminer_4.2.5-3+deb9u1_amd64.buildinfo Files: ffbbce0f60a274e0853977838cb49608 1809 web extra adminer_4.2.5-3+deb9u1.dsc e4b85ffc6b5b674b83daadd9e9d23cfd 409762 web extra adminer_4.2.5.orig.tar.bz2 450a9aeb8d877e1bb98f914122ae213e 2732 web extra adminer_4.2.5-3+deb9u1.debian.tar.xz 29481fc81488b6f06259df8583e47b0a 386380 web extra adminer_4.2.5-3+deb9u1_all.deb 7a08ca773b4b524408408a3387d7b4da 5709 web extra adminer_4.2.5-3+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrAmi4ACgkQHpU+J9Qx Hlg95Q/+PYGMzgrH9Yb+fT/KppD5FanIZE79COauHORKLEBuG4OtQLTAomldvolu FIBcZ3rgf6Y8X0iwIAlaIQivYJgF9SstHRIdBqbxDBBc238XvBApo5lhFjoXvzmJ Iz6NIT57ozFODzqQdlV1AyfQcO1fdi6+e1PSuxXt5t7zN9Ujx8dAW2sIIj+IbGCW LpwVBd+ZmWn00kZO3nbxVIneGhKQ7513gCBwv+qGf0g5mOmZqKM1oHRLiNW28Uwg 9np4btZKAVlrxomyzmN8c6idfCOGRdApXrg1er/Z+dXGf35NO9lbCQfAavEL8+nO pekOOR/eAvznIWxneAF5Jr0sky2xnVa4GmlD8HI8vt4bSPPucLBsA2mh1hoxt0SN VKGMwX07gv65eso8hdrNBIsFsJY7U6YsIHv0iQgSWdqcyor3bA4HbbOG8WKcjEwR X7BsQwmlyQN4vBg3fG0B6q/WqKy6cTt6bqvqCDm95ZinIUyDke5NGGb0a4R4bBbl ppSgVSYx/YfbipZOx8WcT20ax1cGwA3iJkl9478DBV02bRyHP428FH7bpIECp+4W W4poozeQ3PtCa+cneulx9nCeJQ7Iv6gt0mH943ZTnJePr+u9GJjIra5Bayu0T0+G rvexGzOvGy3F5kZMZ0qAmPbounckOvzmdYVUCa8/maJ4oWEhh+U= =Yklv -END PGP SIGNATURE-
Accepted net-snmp 5.7.2.1+dfsg-1+deb8u1 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 25 Mar 2018 20:58:00 -0400 Source: net-snmp Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev libsnmp-perl python-netsnmp tkmib Architecture: source amd64 all Version: 5.7.2.1+dfsg-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Net-SNMP Packaging Team Changed-By: Chris Lamb Description: libsnmp-base - SNMP configuration script, MIBs and documentation libsnmp-dev - SNMP (Simple Network Management Protocol) development files libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support libsnmp30 - SNMP (Simple Network Management Protocol) library libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug python-netsnmp - SNMP (Simple Network Management Protocol) Python support snmp - SNMP (Simple Network Management Protocol) applications snmpd - SNMP (Simple Network Management Protocol) agents snmptrapd - Net-SNMP notification receiver tkmib - SNMP (Simple Network Management Protocol) MIB browser Closes: 894110 Changes: net-snmp (5.7.2.1+dfsg-1+deb8u1) jessie-security; urgency=high . * CVE-2018-1000116: Correct a heap corruption vulnerability prior to the authentication process. (Closes: #894110) Checksums-Sha1: 5646a22f183e0a4daa8f19a5f149ae8049fd4eff 3074 net-snmp_5.7.2.1+dfsg-1+deb8u1.dsc 887dfc3c27770ba53740f9fe70907b3ab77b1cfe 3300532 net-snmp_5.7.2.1+dfsg.orig.tar.xz 280805902a13016ebf5a34a990dbd81aa0de2b9e 64408 net-snmp_5.7.2.1+dfsg-1+deb8u1.debian.tar.xz d133d5b7a8616cb8427d63f31df7415a6a319d1f 56718 snmpd_5.7.2.1+dfsg-1+deb8u1_amd64.deb 8e42ad4ed6d6f1f2bf7f0695089ab20641d264e1 23130 snmptrapd_5.7.2.1+dfsg-1+deb8u1_amd64.deb 68dd62b0833f41cf530d91054ef7b267c0043d69 146918 snmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb e837ddaab18a8a2750dc9ef242a184bf40f9e34b 1543180 libsnmp-base_5.7.2.1+dfsg-1+deb8u1_all.deb a0062c3e6dcd6401e9211a22a472bd109feb331c 2157690 libsnmp30_5.7.2.1+dfsg-1+deb8u1_amd64.deb b2fc54cc9ed6bb3f874b5d87042dea90d792e523 2016220 libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u1_amd64.deb d3bd5c831a728006f2cfd71de7efa8019d0ab5f3 1073446 libsnmp-dev_5.7.2.1+dfsg-1+deb8u1_amd64.deb 16f2b2999529e58a706bbfaf797c36d7b1839bb2 1459098 libsnmp-perl_5.7.2.1+dfsg-1+deb8u1_amd64.deb f268f10dc02124edda5e1e9846690a3888bc63b6 19682 python-netsnmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb 498560d3cc9620091a034203e93b63c4617f0803 1430984 tkmib_5.7.2.1+dfsg-1+deb8u1_all.deb Checksums-Sha256: 08c453fde54873455b4310caa249535ba60096a6b2b8a422c0dc9ba182f2d9cc 3074 net-snmp_5.7.2.1+dfsg-1+deb8u1.dsc 0cea52558582a8e104d58c47e49cd967e6b78d8b086adc52bd0d195a8b5733e9 3300532 net-snmp_5.7.2.1+dfsg.orig.tar.xz 15b0b5940bf073ed327f45bdb857a2d3b55a9b38baddc533e5f8494509b4d198 64408 net-snmp_5.7.2.1+dfsg-1+deb8u1.debian.tar.xz c2f97d873e4a20a059543e453cadbffbca370fa8d775b38cf4f3e74db5fd6dc0 56718 snmpd_5.7.2.1+dfsg-1+deb8u1_amd64.deb ee6ca8fa6c553c67c1b8183059c6f0d7741d890ecc22a97edc65ec0276e5a538 23130 snmptrapd_5.7.2.1+dfsg-1+deb8u1_amd64.deb c686c79eed5ebbbc30c31d5d6d822ca04feb5847f8c327689b781ecdaaa3e0ad 146918 snmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb f03cacaee14b2b8c7e35dd6b628f60583113d8d60fab47a6a89ca48992db7b7d 1543180 libsnmp-base_5.7.2.1+dfsg-1+deb8u1_all.deb a4c8ec240f35f4c7fab451daa5f5d58ae2ec94b2602db5dee5a2a138d8f9bb7e 2157690 libsnmp30_5.7.2.1+dfsg-1+deb8u1_amd64.deb 3f0bfc597894169bbb81eed1540d4161d1e1e70788bfe65d1d3a27873763981d 2016220 libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u1_amd64.deb 36dce7f54e2f951f7ecd1c5e3850eeaca3e2fb1019c4083e06ac898b19cf72af 1073446 libsnmp-dev_5.7.2.1+dfsg-1+deb8u1_amd64.deb 186cf6f452161517a340d4f8ef77d70b8b9ebefd1d43d223bb050c4a3381c606 1459098 libsnmp-perl_5.7.2.1+dfsg-1+deb8u1_amd64.deb 30c679aab0a0f8874a529c0b207b6a153161850b15e966ddb6b4596572ac6110 19682 python-netsnmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb 6ee3dc90274c7be524691d17014da543e10c92aca4e3537363a779d4a3ac44c0 1430984 tkmib_5.7.2.1+dfsg-1+deb8u1_all.deb Files: 5da89abc608d270c9f356d3e21f7a70f 3074 net optional net-snmp_5.7.2.1+dfsg-1+deb8u1.dsc 4f878c027f36aeab0118d10606fac8f1 3300532 net optional net-snmp_5.7.2.1+dfsg.orig.tar.xz 2cb4794b1d4a8365f74e44062b5e068f 64408 net optional net-snmp_5.7.2.1+dfsg-1+deb8u1.debian.tar.xz be43c98f371214c3d74a4b34a2a69784 56718 net optional snmpd_5.7.2.1+dfsg-1+deb8u1_amd64.deb 9588f224aa083f7fa5f1ce57eae646e0 23130 net optional snmptrapd_5.7.2.1+dfsg-1+deb8u1_amd64.deb 8213ab246dc41a484da019ef0f87745e 146918 net optional snmp_5.7.2.1+dfsg-1+deb8u1_amd64.deb 982acb39c8113bb8de50cd15ac1fd8af 1543180 libs optional libsnmp-base_5.7.2.1+dfsg-1+deb8u1_all.deb 154728715549f391396eacbb16befbb0 2157690 libs optional libsnmp30_5.7.2.1+dfsg-1+deb8u1_amd64.deb 9a3aa0e314db95e2d3686ff41336ee2e 2016220 debug extra libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u1_amd64.deb bbf2b575350880e749ee7ba8cf824079 1073446 libdevel optional libsnmp-dev_5.7.2.1+dfsg-1+deb8u1_amd64.deb
Accepted gunicorn 19.6.0-10+deb9u1 (source all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 29 Oct 2017 18:41:40 + Source: gunicorn Binary: gunicorn gunicorn3 python-gunicorn python3-gunicorn gunicorn-examples Architecture: source all Version: 19.6.0-10+deb9u1 Distribution: stretch Urgency: medium Maintainer: Chris Lamb Changed-By: Chris Lamb Description: gunicorn - Event-based HTTP/WSGI server (Python 2 version) gunicorn-examples - Event-based HTTP/WSGI server (examples) gunicorn3 - Event-based HTTP/WSGI server (Python 3 version) python-gunicorn - Event-based HTTP/WSGI server (Python 2 libraries) python3-gunicorn - Event-based HTTP/WSGI server (Python 3 libraries) Closes: 877712 Changes: gunicorn (19.6.0-10+deb9u1) stretch; urgency=medium . * Drop unnecessary "Pre-Depends" on dpkg-dev which was causing gunicorn and python-gunicorn to bring in a compiler as a dependency. . It was orignally added as dpkg-maintscript-helper(1) was being used in the preinst script requiring a pre-dependency to ensure that the version of dpkg has been unpacked. . However, this version of dpkg-dev is now satisfiable in squeeze, jessie and stretch and can thus be safely dropped. Thanks to Neil Williams for the bug report. (Closes: #877712) Checksums-Sha1: 7786f50fe0c65e046db4bf7c169624f23fdc54f9 2232 gunicorn_19.6.0-10+deb9u1.dsc b2ab07b62783bab20d0c2d6a221ca91c9ca0c04b 11904 gunicorn_19.6.0-10+deb9u1.debian.tar.xz 636ccebdbbff3c47b08cadbb2dad679a3981bd24 51558 gunicorn-examples_19.6.0-10+deb9u1_all.deb 3be7085bc5c4142a5a801d4ffa60ed7885e10cad 21024 gunicorn3_19.6.0-10+deb9u1_all.deb cf70d30a0aa808f070b2e36d50f4ae4798a89ac3 21602 gunicorn_19.6.0-10+deb9u1_all.deb 597e76c31fd8832a5cf66b897f31bd5a9fd53a87 7502 gunicorn_19.6.0-10+deb9u1_amd64.buildinfo 157791309dc2abf6242427b8682a9019825e5dc5 86352 python-gunicorn_19.6.0-10+deb9u1_all.deb df5c24f713e8feae383ee988e24bc9a6130a7fcc 87310 python3-gunicorn_19.6.0-10+deb9u1_all.deb Checksums-Sha256: 879305d6db7bd59b24d1b2c563b2ab1905afd3bc2e311c1f03f96f692742cb32 2232 gunicorn_19.6.0-10+deb9u1.dsc 4c8d4c4e0bbeb0aaf721b97df3030a34ac7b4f9b4938dee7cc30cbe5e32008c5 11904 gunicorn_19.6.0-10+deb9u1.debian.tar.xz df1e0ce34267ea821857ee51fec1985078777327fa04a3258ec1c6f69c2abada 51558 gunicorn-examples_19.6.0-10+deb9u1_all.deb 37c73f5afd18bb5e0f4d08e69cafdfd7655f2dbca42ae9667efd755b2c85dca6 21024 gunicorn3_19.6.0-10+deb9u1_all.deb 7513fadf513b5e4eb2395a67f3dbfbc72ec699103fe091ec1f0245fc6790a9d0 21602 gunicorn_19.6.0-10+deb9u1_all.deb 2ed11a4fc26ba66e53ff5691968e1e3bc42ce1a738720486b34480572cb32d53 7502 gunicorn_19.6.0-10+deb9u1_amd64.buildinfo 4ec636aa3f7bfe6b2cc73cc69514dbaaf407ba03bab9201150759e3154def43d 86352 python-gunicorn_19.6.0-10+deb9u1_all.deb cea64dbaf6e83c33dd274c49e59195933ac66f916e33962076b686d49331b4ff 87310 python3-gunicorn_19.6.0-10+deb9u1_all.deb Files: e5358fa2da183a463ff878367a7ba7e1 2232 httpd optional gunicorn_19.6.0-10+deb9u1.dsc ebb4bb1fbd566c8962a46b4672db6f5d 11904 httpd optional gunicorn_19.6.0-10+deb9u1.debian.tar.xz c381cf4889bb231bc4a32feecd04ce6c 51558 httpd optional gunicorn-examples_19.6.0-10+deb9u1_all.deb 2fe248821670c77367d71cf621cd167d 21024 httpd optional gunicorn3_19.6.0-10+deb9u1_all.deb 08c2afe3128468c0dbb61b1f4192c0ea 21602 httpd optional gunicorn_19.6.0-10+deb9u1_all.deb 37f2ca7bf5190002e97f01cdbce48c3e 7502 httpd optional gunicorn_19.6.0-10+deb9u1_amd64.buildinfo 11658c35f3cc658f9e5c3f80e767ffe9 86352 httpd optional python-gunicorn_19.6.0-10+deb9u1_all.deb 1ea4a1d57472f640b408ee8f35d47ab1 87310 httpd optional python3-gunicorn_19.6.0-10+deb9u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAln2ISIACgkQHpU+J9Qx HlgjEA//dZWOsqiBtREHb148lR4D09xuHZLhec9noXO2liF9jpxHw5hXFjbHYk2K 01Z+uzE5WVwC3u2AFNGpvJTr9hk0nGzNL0YhELNzR6AQdD8PucNmF6dKR/zjk7yq O1Kwv6lAsisMaTxNzEwOmvfFXXGDWWolsHuU55H5tXBbWqI96unEC0THuyZHgiqe 2RdfJdF4DN9unuoMlDO1kAZ85DZOeqvcIPqMaWvaSaNR15KKKZpWxT9RETYUe4TW QUBD+/WqzdPMOBacZKLaDzCKMZFH8Ka/6obXJgtBJ1ErS0Slh1k0icp6FtUu1S3C HsfiMUaYbaBJS/W+7cbI96JfLaJQG+o2wJTxgmR65fRwm77KCLD6yfD+Dlrdc7AA PYXjPJNyXjgYySmeA48P82r5v/i6fVdnSo35NhX/2avJE39W791p8vtTp3CRVhcV 6msYHJwWiwLH9HNzdvvyXXoIW5gc319CArBIENW6kpmEA94Zlrn7WfY0iAvAuJMn IynmpJfT1nvsalM1T6h+VX2UX8vXFpiNgW3j5oiPxSOu0f+OnoB8LzCzujnbOvYm bGJD+MQUdfZ8qQRPdTQgSlJlR3pp74uUej5rT1Swu+LyPXpXP7X8mYZ/dYLOhkbR 1JuLzqvstsxWTU2dN9pRd2975IG1lWW2juEjh+vEIABxTVzJHe0= =U2XA -END PGP SIGNATURE-
Accepted redis 2:2.8.17-1+deb8u5 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Jul 2016 08:50:49 -0400 Source: redis Binary: redis-server redis-tools Architecture: source amd64 Version: 2:2.8.17-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Changes: redis (2:2.8.17-1+deb8u5) jessie-security; urgency=high . * Re-upload to security-master with -sa. Checksums-Sha1: 4493571d018cf8cf35dd478821242d79cd4d0254 1910 redis_2.8.17-1+deb8u5.dsc 913479f9d2a283bfaadd1444e17e7bab560e5d1e 1234543 redis_2.8.17.orig.tar.gz ad1039e8f103007fdeb69272ea923686d24dba39 23436 redis_2.8.17-1+deb8u5.debian.tar.xz ec78dde050d2a3d61fbcd7427bec63753cafb162 308084 redis-server_2.8.17-1+deb8u5_amd64.deb 3bb410896756f8dfbc707c5900b45fd7752b107b 79592 redis-tools_2.8.17-1+deb8u5_amd64.deb Checksums-Sha256: ca00eb4bc751d7da728fbc4363f5fbfea4cad9ba34708999c63ef3ae1e63d17b 1910 redis_2.8.17-1+deb8u5.dsc 53c7cc639571729fa57d7baa7f81aec1d5886f86bac9c66f6ad06dbdaee236a7 1234543 redis_2.8.17.orig.tar.gz 3d895e6d8c4e889d5d34b2f5ac54ea9d5c8584c0936206b98544686ed12ce493 23436 redis_2.8.17-1+deb8u5.debian.tar.xz 79e17484e9e35f1cd3bc74170f76c700502e97d92cf1d556d3c00127be11f88b 308084 redis-server_2.8.17-1+deb8u5_amd64.deb ba0648f196b47f200531a5ff5e266584bc42ae8129dc7b727b6d6c208649eb45 79592 redis-tools_2.8.17-1+deb8u5_amd64.deb Files: 66eb4e9aef8205e4bf32686a3ae8f6cd 1910 database optional redis_2.8.17-1+deb8u5.dsc 69023c3005664602268a5e2dbe23425c 1234543 database optional redis_2.8.17.orig.tar.gz 6e626490ddcf8a44ad5f023e9f29b93e 23436 database optional redis_2.8.17-1+deb8u5.debian.tar.xz 3516eacee51d6cedb9d5508345f23c0b 308084 database optional redis-server_2.8.17-1+deb8u5_amd64.deb 22f61908e2688f7651d08101a9963413 79592 database optional redis-tools_2.8.17-1+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJXnLefAAoJEB6VPifUMR5YoSwP/3nTWT7gBY+ScIL2kWxIFrCP Hs8WL4FsX1Hv4SQbsDrZH3yBjj3ObgefjyMsx4L8G6/3gf56K0Sqmv+mD3rb85Ae 9+XOLcMvU4CjU/9nJz1SlI5H+MIwfzbYASxi5s0kpS7OClRK80owDLnUu8aXWmm/ ODKWq2z0zJ3ROtic8RJ4gxWHKKA7wKPVlueF9+PKo7+Iuu9jzq1pDd/CkGvSofiB Oe4SIP0KnlyyNA85tSC6EdaiAxqW8VUCKYhDxbE8iSbtkJViCIXtPvKQJKnBEYE1 74IOMSYTOiwVh13fcCNa7gI/hnzkMahPilPeOIk/zoEAZv/OfuA5HnBEdR+a6QRZ Vai8skCt7dUR+z3bFJ/GbQYJ4KB9TyWOHJTOQCdbesIkYM9u9DHaImA5I3OcCq2f HcgbpQPx278Ju4POxgq/mAI038vbo0E471mi9imthcWocu0P/DpwkaFGYte9q4W3 ASINARqTAF2kcm8rr5MmUJrOsGI3W6bZYLzUl/NGXtUFsObz+FTE0mwL9Je3Huv6 JDLn25fi86Qu0co4YXlaDwpvTrzKWzcLvb6AreonhSO4jfYkIxdOgFxw7qiffmSF 3VjiWes4MMGZ60FAmIKAxO9nDvLi1WuTYh4ByRYRUoUY8hUo60G2mEjsH/Oqnutw gLqr8JdqsEdXwbL6cYOl =p9vJ -END PGP SIGNATURE-
Accepted redis 2:2.8.17-1+deb8u4 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 28 Jul 2016 08:53:56 -0400 Source: redis Binary: redis-server redis-tools Architecture: source Version: 2:2.8.17-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 832460 Changes: redis (2:2.8.17-1+deb8u4) jessie-security; urgency=high . * Avoid world_readable ~/.rediscli_history files. Thanks to kpcyrd . (Closes: #832460) Checksums-Sha1: be29f3f9b97e40b28105be2f8db4fbaade5d2301 1910 redis_2.8.17-1+deb8u4.dsc e3a49a3d92394e9fced7d9e092663d6b8fcd08a6 23404 redis_2.8.17-1+deb8u4.debian.tar.xz Checksums-Sha256: a0b253a02cc8a32ff1db46152d5d943eb03512a3e4ff066819716c44454a434f 1910 redis_2.8.17-1+deb8u4.dsc 01bcb8231f7d8a681b05dab20e13c5ae572b25c373057466993078a66191ae43 23404 redis_2.8.17-1+deb8u4.debian.tar.xz Files: d842da9bfe7093577de8394787eaf5f2 1910 database optional redis_2.8.17-1+deb8u4.dsc 9ff297757ad0a13cfd7c13915a3a623a 23404 database optional redis_2.8.17-1+deb8u4.debian.tar.xz -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJXmgFBAAoJEB6VPifUMR5Y+X0QAJSvG0r3Wl4/kKYtgVcK5lnO C4cEw8lJ3VFvJ2HF2oQKLDy2ivWQKPYl4YJ9TVZoDdNJ+peWkDA9ZFkmpPlZSAeY baGoela+301Trfe5XeQBMzm306uM/94jXi/RR6TmOErBGZgWtT2H49DvCZwSPmw4 bpSsYWE7kQ426ACYflFAbLtJ8lzTlF6L3WLCdpumfdDMJfHlElvY7RQgPfuDXgYz K1LJy5Qy9sDTf/mEiaiG82b87lb9UnKeRRBgs3LQei5CwP0QR7r5t1m7um+V4gsQ 4uqVbu47QP3+MP3bggackVo2XUeo7pzj3lO0nbCojCEMg0aPxSG1es274gcoS8lw fJOTJQGoO3ldp0XTlJZPCmJR5rds0GAzlna0OUeO/jpwd/18Y1FDKg4bA4i7bAuL +veU9AMye6mE8evU2ww3W9bz1fDwz9/Fumolx+QhYs6rL/ASUf3qSc3aICDfzbh4 fc9gIasTm/q7q3cjMhKatqidWQe4OU/fLb2TMxH8HIfZ21rAImzbT1TipAyyupW7 vlZlfjpQp2t9iHxm1gCJkI1Rb5DqRkFUhOx9yDyrvUgrFSuB0BaBiwyNyC4RvDhr +tgZVKCoN5+FkweLUXK77PXpec5trvJlIhz+eUeKaPQvUVCMNG4BBowutoWs75Up mMTpCu7EjLmSx+gQyajY =EzG0 -END PGP SIGNATURE-
Accepted libphp-phpmailer 5.1-1.1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Dec 2015 07:55:03 +0200 Source: libphp-phpmailer Binary: libphp-phpmailer Architecture: source all Version: 5.1-1.1 Distribution: oldstable-security Urgency: high Maintainer: Kevin Coyner Changed-By: Chris Lamb Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 807265 Changes: libphp-phpmailer (5.1-1.1) oldstable-security; urgency=high . * CVE-2015-8476: Reject line breaks in to, from, and HELO calls to avoid command injection. (Closes: #807265) Checksums-Sha1: 1d40998a00f76fba38c4a4f2f3e1e00676826ec2 1725 libphp-phpmailer_5.1-1.1.dsc d6de376dfac6251624c18f97609163e942dad393 84081 libphp-phpmailer_5.1.orig.tar.gz a62ab1e119ed3f8a479a1c5637846516bb4145e5 3624 libphp-phpmailer_5.1-1.1.diff.gz 6d33042837928ed9552e2ae0850bf43c6cbc 77048 libphp-phpmailer_5.1-1.1_all.deb Checksums-Sha256: f178463502f21bda940bc4b64662eaf378f69dff4040ea331a4286aff84c6739 1725 libphp-phpmailer_5.1-1.1.dsc f64b366c760d625133010ef94f30e71a4f5101ae980a733bdba2d67350f00a11 84081 libphp-phpmailer_5.1.orig.tar.gz c1b1345b2670fee8aedc27d18512eb85bd79112fba86fb336f98369190377984 3624 libphp-phpmailer_5.1-1.1.diff.gz d9982adb2a8a6a768b4dcba949ceb974a4d3287e0497dc637c5d83f5fafeca2d 77048 libphp-phpmailer_5.1-1.1_all.deb Files: bf81f2766851461ad5571a8bce9c3a11 1725 php optional libphp-phpmailer_5.1-1.1.dsc 6e81fc229f88f7d9dd7cf70d65296ef8 84081 php optional libphp-phpmailer_5.1.orig.tar.gz 15603748761f2fb83f518721c3a86b6e 3624 php optional libphp-phpmailer_5.1-1.1.diff.gz c654140908498b5e740a5318eb48c225 77048 php optional libphp-phpmailer_5.1-1.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWaRSwAAoJEB6VPifUMR5Yf9cP/j+JEv1wT0q9vFQuKjhkuwrc NPlCNZMCQ6Xl9vgqgDrDZFpACUoTQMW+PpopDN3P3Im7WdHbpTQOBgqqH0hTI8Ab huH3GAHlIzLBr+7W2JlnkqR4DumLGZIr0DWa2e3C9g3dSTvO4PKvx20gqo428/dI htZVGeC0N/qfcyQlx/VxAm2VDn4zPBPWETAYB+tdnx2i2pc3fkRU0U32TN7qwj7T CU5g0m0RKWvpZVecQcXpuzpBCjphd67b3+LNuq3oZKS9appff2gPT+KCI9uMZMS9 5VFGUKpFzwfme4usH4TglZLcMhuw0Ohijh0pMozRTNCviuTM8OyjFcdpPTo5tZKn tqHEEfXf/Cn2ISP08svmDk9ZYqhy4O2/NT7jDFCKVRWiMmbvoewTdWEfsDdNBXVB b9Drp0QbwOWLQetKOoXoBtT07OpOahSj5V+qshB7YYb7ejLemgqYcc7+vbjQYEt+ 4PuCR4rvA4a4tZ7D4lD9ZhCkXJng/Ocf87EqBBPlLe8wVJIPu90p/+G5voozdQ0k izyn+xyCjpys10tIcylXSKoyxj+gV+crQ1V/SZ7rEjAnPnNsLdhS6gxFxguxMIZc ijdM66VfWKkYPuWIZe7yZfmpX7WsAw6yRJ20kOdQWBz/FyFvQK2TjtJl6ZI7U1cc A1ffBLMe0vZNmAA5HxuM =BTKs -END PGP SIGNATURE-
Accepted redis 2:2.8.17-1+deb8u2 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 30 Oct 2015 18:53:34 + Source: redis Binary: redis-server redis-tools Architecture: source amd64 Version: 2:2.8.17-1+deb8u2 Distribution: stable Urgency: medium Maintainer: Chris Lamb Changed-By: Chris Lamb Description: redis-server - Persistent key-value database with network interface redis-tools - Persistent key-value database with network interface (client) Closes: 803233 Changes: redis (2:2.8.17-1+deb8u2) stable; urgency=medium . * Backport debian/redis-server.tmpfile from unstable so that a valid runtime directory is created when running under systemd. This ensures that there is a secure and sensible location for the UNIX socket. (Closes: #803233) Checksums-Sha1: 6846de4fa1db9d0f2d58063cbddf9dc6fca25456 1910 redis_2.8.17-1+deb8u2.dsc ed6796e4c280a4d54e2379574f947eea0a5b13a1 22652 redis_2.8.17-1+deb8u2.debian.tar.xz fd95fc7c8be37d9c231d2215f6c558095528b1cc 307884 redis-server_2.8.17-1+deb8u2_amd64.deb 63116e9a53281f671a9141d0eb9bf8df16e242d8 79432 redis-tools_2.8.17-1+deb8u2_amd64.deb Checksums-Sha256: 8d71f33db16fb76d0ee3a2bf9a5a8619e30c4e0c9ec99da165c46984d6e06e1e 1910 redis_2.8.17-1+deb8u2.dsc 45c84092901849b88559c4405f306fc92f2500c6a610beb7d18473bfedfffea4 22652 redis_2.8.17-1+deb8u2.debian.tar.xz 8789b66d077822caaa825516b33aa5483adfcefb148b905467759409ffa17161 307884 redis-server_2.8.17-1+deb8u2_amd64.deb 8ed65a80ece447b4bc6af19ddc901268ffdde54c19b9137dc53a5fdb70ad39f6 79432 redis-tools_2.8.17-1+deb8u2_amd64.deb Files: 4d07e91b75ab80ef16a78cb394e891a1 1910 database optional redis_2.8.17-1+deb8u2.dsc e2ad7e7bed4c8129bb2d8993768e0945 22652 database optional redis_2.8.17-1+deb8u2.debian.tar.xz 82692d08c41aa9a2ab37d5871facc6d6 307884 database optional redis-server_2.8.17-1+deb8u2_amd64.deb fe1628bb602f99da1be25df777a9f728 79432 database optional redis-tools_2.8.17-1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWM70RAAoJEB6VPifUMR5Yh8MP/RQGNDBjXoV/4EfV0sGsSM53 NMzy8RWiYihuj630E6AVeI+DV5KlOICXrd6MsyfJBkZSKx5Avx5jFvCHzsBC6Zrr OjloAPZfChyDrnZ07a5t6t1zUBskcNdq9IUrya5KRPYxfWp6UYo+DqfYxSDHoIhA bfpenDIKiSvi4VvtXbbCV9+U5KmwCFtQJX98l4UiWrWY/KF6ncSTqSfnGL+NDyUP hpEWLUNzSeD2NxN5aESm4tzjY/3TiuJoq39CiI+59Xwaa3m5R9TNOXIx+SV7/ZRH LQjYtggWDWJCd7mIYaxnGTvvQwbKGyC1RDeuOjhBsBpBoHw2NJc7cwsZjImliUuZ r2B6Xzx8bMfLimbO11B1IX7j+DYox8dN7kTwN7vdlI5uzouDLyctb/VJcUhrnqWs 5B7r5LJvzr/pcib/3LDefUrSJYLmMX4vX1y5tXtE/hGtVUUBrqRuoqBO4kebl+EW vlZstLXM+Kx4gKzXlOt88r1FD5RKsrFEemcT4ANzPAUYtysdBAEQc3qLjvrXS3IY 53/eDlqrwHMCp+E7AB9D4OddTAm8qDzwlyjpVvZk8lPYw37HP3GR82Revt3l9j5a PvnyzcAnvKwf6UORoINm1iERZOyd9cx//t0Cz4vGn0N3yBqgNLjqTAZWCzWCCwOG +LwzxoWdqMN1qEbegpgA =7ra3 -END PGP SIGNATURE-
Accepted python-django 1.2.3-3+squeeze1 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Tue, 08 Feb 2011 16:02:06 + Source: python-django Binary: python-django python-django-doc Architecture: source all Version: 1.2.3-3+squeeze1 Distribution: stable-security Urgency: high Maintainer: Chris Lamb Changed-By: Chris Lamb Description: python-django - High-level Python web development framework python-django-doc - High-level Python web development framework (documentation) Changes: python-django (1.2.3-3+squeeze1) stable-security; urgency=high . * Resolve two vulnerabilities: . - Flaw in CSRF handling . Django includes a cross-site request forgery protection mechanism, which makes use of a token inserted into outgoing forms. Middleware then checks for the token's presence on form submission, and validates it. . Previously, however, Django's CSRF protection made an exception for AJAX requests, on the following basis: . 1. Many AJAX toolkits add an 'X-Requested-With' header when using XMLHttpRequest. . 2. Browsers have strict same-origin policies regarding XMLHttpRequest. . 3. In the context of a browser, the only way that a custom header of this nature can be added is with XMLHttpRequest. . Therefore, for ease of use, Django did not apply CSRF checks to requests that appeared to be AJAX on the basis of the X-Requested-With header. The Ruby on Rails web framework had a similar exemption. . Recently, engineers at Google made members of the Ruby on Rails development team aware of a combination of browser plugins and redirects which can allow an attacker to provide custom HTTP headers on a request to any website. This can allow a forged request to appear to be an AJAX request, thereby defeating CSRF protection which trusts the same-origin nature of AJAX requests. . Michael Koziarski of the Rails team brought this to the Django developers attention, and we were able to produce a proof-of-concept demonstrating the same vulnerability in Django's CSRF handling. . To remedy this, Django will now apply full CSRF validation to all requests, regardless of apparent AJAX origin. This is technically backwards-incompatible, but the security risks have been judged to outweigh the compatibility concerns in this case. . Extended notes on how to accomodate this change will be added to the Django homepage in following days. . - Potential XSS in file field rendering . Django's form system includes form fields and widgets for performing file uploads; in many cases, the name of the file currently stored in the field is displayed. In the process of rendering, the filename is displayed without being escaped. . In many cases this does not result in a cross-site-scripting vulnerability, as file-storage backends can and are encouraged to (and the default backends provided with Django do) sanitize the supplied filename according to their requirements. However, the risk of a vulnerability appearing in a backend which does not sanitize, or which performs insufficient sanitization, is such that Django will now automatically escape filenames in form rendering. . Thanks to James Bennett . Checksums-Sha1: d002fea211de1121c3b6227eea197047ba919752 1539 python-django_1.2.3-3+squeeze1.dsc f65146218ab61bf5efe715db3fc3a177a24fba0d 6306760 python-django_1.2.3.orig.tar.gz 1f4d9c41ca7bcd3fdd68787fa29d2b326364366e 26100 python-django_1.2.3-3+squeeze1.debian.tar.gz 3d026bdc38748b882ea9f32518832f534055afb5 4178508 python-django_1.2.3-3+squeeze1_all.deb 7c574bc93c571f5c2310073a763ea6a3e4f0be97 1896338 python-django-doc_1.2.3-3+squeeze1_all.deb Checksums-Sha256: f59a983609850c9de45e0a91c0edd520fa2eb8a6a0db59c726451267640411b0 1539 python-django_1.2.3-3+squeeze1.dsc cb830f6038b78037647150d977f6cd5cf2bfd731f1788ecf8758a03c213a0f84 6306760 python-django_1.2.3.orig.tar.gz 29f1adceb1f1f3559a594d487d139d9027899b22d88dafc49ff60c7e9d3c3c8c 26100 python-django_1.2.3-3+squeeze1.debian.tar.gz 53254256b817fc4dd5c0feab3f418f420d15f2158dc1bdd91b1d27eaa27d78c2 4178508 python-django_1.2.3-3+squeeze1_all.deb ddd5384c35b842123a627238f7068b9d740453da2942a65339f02dedf79f0034 1896338 python-django-doc_1.2.3-3+squeeze1_all.deb Files: 63da398e7de1902ca47e31615c4d8338 1539 python optional python-django_1.2.3-3+squeeze1.dsc 10bfb5831bcb4d3b1e6298d0e41d6603 6306760 python optional python-django_1.2.3.orig.tar.gz 8bb305329f5f59a71e1267e16a2c1af3 26100 python optional python-django_1.2.3-3+squeeze1.debian.tar.gz 0937bf90335d1bb73f9e79c7a7107d84 4178508 python optional python-django_1.2.3-3+squeeze1_all.deb 30109ce08726edca9dbf18cd0119c4b8 1896338 doc optional python-django-doc_1.2.3-3+squeeze1_all.deb -BEGIN PGP SIGNATURE---
Accepted python-django 1.0.2-1+lenny2 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 10 Oct 2009 10:33:24 +0100 Source: python-django Binary: python-django Architecture: source all Version: 1.0.2-1+lenny2 Distribution: stable-security Urgency: high Maintainer: Brett Parker Changed-By: Chris Lamb Description: python-django - A high-level Python Web framework Closes: 550457 Changes: python-django (1.0.2-1+lenny2) stable-security; urgency=high . * Add patch to fix remote denial of service by exploiting pathological performance of regular expressions (Closes: #550457) . Upstream writes: . SECURITY ALERT: Corrected regular expressions for URL and email fields. . Certain email addresses/URLs could trigger a catastrophic backtracking situation, causing 100% CPU and server overload. If deliberately triggered, this could be the basis of a denial-of-service attack. . <http://www.djangoproject.com/weblog/2009/oct/09/security/> Checksums-Sha1: 466095f33104f5379f4a00619c37404cc48a9875 1606 python-django_1.0.2-1+lenny2.dsc f2d9088f17aff47ea17e5767740cab67b2a73b6b 4649433 python-django_1.0.2.orig.tar.gz f9e69917b7555014724957707f1fe775fd11e5aa 15789 python-django_1.0.2-1+lenny2.diff.gz 648979e26b4d850626538d27f6365942acd26048 4706950 python-django_1.0.2-1+lenny2_all.deb Checksums-Sha256: 4848234afbdb076d8dc4156b1424df1d12f30a218038030cefc214cb19a7bbd0 1606 python-django_1.0.2-1+lenny2.dsc 50a5d228743a69a682899b20141194bf8fd3fd75eaf33ba5f2932f43ea93ea0d 4649433 python-django_1.0.2.orig.tar.gz 27239a86821dde3e9e843ebc744040a0515c81b362273d9d8cc962c8e83b3076 15789 python-django_1.0.2-1+lenny2.diff.gz e1e5258f4ac75e42c9ade6eb68fe537ac52fe5500c6a6bc605253e5476cb67a6 4706950 python-django_1.0.2-1+lenny2_all.deb Files: 7d335038ed1c10264a8ae9089574397c 1606 python optional python-django_1.0.2-1+lenny2.dsc 89353e3749668778f1370d2e444f3adc 4649433 python optional python-django_1.0.2.orig.tar.gz 586cdeaa9d99dc74240a16d1c40803fb 15789 python optional python-django_1.0.2-1+lenny2.diff.gz f01133963dbac73a87e9a209f85cb38d 4706950 python optional python-django_1.0.2-1+lenny2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkrQXksACgkQ5/8uW2NPmiDlWQCeOn6qOAvqreyQ9eO+xGpvHUpO QvgAoJaqaz1XTSydUpu8ce9YrwS3yK9L =kWDt -END PGP SIGNATURE- Accepted: python-django_1.0.2-1+lenny2.diff.gz to pool/main/p/python-django/python-django_1.0.2-1+lenny2.diff.gz python-django_1.0.2-1+lenny2.dsc to pool/main/p/python-django/python-django_1.0.2-1+lenny2.dsc python-django_1.0.2-1+lenny2_all.deb to pool/main/p/python-django/python-django_1.0.2-1+lenny2_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Accepted python-django 1.0.2-1+lenny1 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 30 Jul 2009 17:43:56 +0200 Source: python-django Binary: python-django Architecture: source all Version: 1.0.2-1+lenny1 Distribution: stable-proposed-updates Urgency: low Maintainer: Brett Parker Changed-By: Chris Lamb Description: python-django - A high-level Python Web framework Closes: 539134 Changes: python-django (1.0.2-1+lenny1) stable-proposed-updates; urgency=low . * Add patch to fix issue with a maliciously crafted URL gaining access to any file on the filesystem (Closes: #539134) . Upstream writes: . Django includes a lightweight, WSGI-based web server for use in learning Django and in testing new applications during early stages of development. For sake of convenience, this web server automatically maps certain URLs corresponding to the static media files used by the Django administrative application. . The handler which maps these URLs did not properly check the requested URL to verify that it corresponds to a static media file used by Django. As such, a carefully-crafted URL can cause the development server to serve any file to which it has read access. . <http://www.djangoproject.com/weblog/2009/jul/28/security/> Checksums-Sha1: 853a69b3a6c5b7e6d8113300ca5daa9ae93b0602 1606 python-django_1.0.2-1+lenny1.dsc f2d9088f17aff47ea17e5767740cab67b2a73b6b 4649433 python-django_1.0.2.orig.tar.gz 8c5ce9095b8e68e5e06a734f0ab8c3b57de7cb63 15074 python-django_1.0.2-1+lenny1.diff.gz 55bc9af48b7b17495881ac0d8e75e43d3fcf0be1 4704274 python-django_1.0.2-1+lenny1_all.deb Checksums-Sha256: eaea5115fc5e43e487e8e30785084d7707ba5a0c82b881b5c0439de1beb5397f 1606 python-django_1.0.2-1+lenny1.dsc 50a5d228743a69a682899b20141194bf8fd3fd75eaf33ba5f2932f43ea93ea0d 4649433 python-django_1.0.2.orig.tar.gz cfcdbb5e48ae07a36d82028f6f4a14278c9749c638db486c75c4ed58a17966e0 15074 python-django_1.0.2-1+lenny1.diff.gz bd41ecacec4653f999e9e6f7ced2ec49b5eeb171ff39c02c30bd124063ac0832 4704274 python-django_1.0.2-1+lenny1_all.deb Files: 68232b6343d631cd5cf7776d7e574f09 1606 python optional python-django_1.0.2-1+lenny1.dsc 89353e3749668778f1370d2e444f3adc 4649433 python optional python-django_1.0.2.orig.tar.gz 9e54cef320ce7d274f691ad8d11084b2 15074 python optional python-django_1.0.2-1+lenny1.diff.gz a069a680667fe04419621312634d25ec 4704274 python optional python-django_1.0.2-1+lenny1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpxwpMACgkQ5/8uW2NPmiB9kwCePmfFkods2yLOl7jRuh0+na0F ifMAnib70VvOsz7WD9zH+REm5DDwqAW0 =ZwWR -END PGP SIGNATURE- Accepted: python-django_1.0.2-1+lenny1.diff.gz to pool/main/p/python-django/python-django_1.0.2-1+lenny1.diff.gz python-django_1.0.2-1+lenny1.dsc to pool/main/p/python-django/python-django_1.0.2-1+lenny1.dsc python-django_1.0.2-1+lenny1_all.deb to pool/main/p/python-django/python-django_1.0.2-1+lenny1_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Accepted python-django 1.0.2-1+lenny1 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 30 Jul 2009 17:43:56 +0200 Source: python-django Binary: python-django Architecture: source all Version: 1.0.2-1+lenny1 Distribution: stable-proposed-updates Urgency: low Maintainer: Brett Parker Changed-By: Chris Lamb Description: python-django - A high-level Python Web framework Closes: 539134 Changes: python-django (1.0.2-1+lenny1) stable-proposed-updates; urgency=low . * Add patch to fix issue with a maliciously crafted URL gaining access to any file on the filesystem (Closes: #539134) . Upstream writes: . Django includes a lightweight, WSGI-based web server for use in learning Django and in testing new applications during early stages of development. For sake of convenience, this web server automatically maps certain URLs corresponding to the static media files used by the Django administrative application. . The handler which maps these URLs did not properly check the requested URL to verify that it corresponds to a static media file used by Django. As such, a carefully-crafted URL can cause the development server to serve any file to which it has read access. . <http://www.djangoproject.com/weblog/2009/jul/28/security/> Checksums-Sha1: 853a69b3a6c5b7e6d8113300ca5daa9ae93b0602 1606 python-django_1.0.2-1+lenny1.dsc f2d9088f17aff47ea17e5767740cab67b2a73b6b 4649433 python-django_1.0.2.orig.tar.gz 8c5ce9095b8e68e5e06a734f0ab8c3b57de7cb63 15074 python-django_1.0.2-1+lenny1.diff.gz 55bc9af48b7b17495881ac0d8e75e43d3fcf0be1 4704274 python-django_1.0.2-1+lenny1_all.deb Checksums-Sha256: eaea5115fc5e43e487e8e30785084d7707ba5a0c82b881b5c0439de1beb5397f 1606 python-django_1.0.2-1+lenny1.dsc 50a5d228743a69a682899b20141194bf8fd3fd75eaf33ba5f2932f43ea93ea0d 4649433 python-django_1.0.2.orig.tar.gz cfcdbb5e48ae07a36d82028f6f4a14278c9749c638db486c75c4ed58a17966e0 15074 python-django_1.0.2-1+lenny1.diff.gz bd41ecacec4653f999e9e6f7ced2ec49b5eeb171ff39c02c30bd124063ac0832 4704274 python-django_1.0.2-1+lenny1_all.deb Files: 68232b6343d631cd5cf7776d7e574f09 1606 python optional python-django_1.0.2-1+lenny1.dsc 89353e3749668778f1370d2e444f3adc 4649433 python optional python-django_1.0.2.orig.tar.gz 9e54cef320ce7d274f691ad8d11084b2 15074 python optional python-django_1.0.2-1+lenny1.diff.gz a069a680667fe04419621312634d25ec 4704274 python optional python-django_1.0.2-1+lenny1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpxwpMACgkQ5/8uW2NPmiB9kwCePmfFkods2yLOl7jRuh0+na0F ifMAnib70VvOsz7WD9zH+REm5DDwqAW0 =ZwWR -END PGP SIGNATURE- Accepted: python-django_1.0.2-1+lenny1.diff.gz to pool/main/p/python-django/python-django_1.0.2-1+lenny1.diff.gz python-django_1.0.2-1+lenny1.dsc to pool/main/p/python-django/python-django_1.0.2-1+lenny1.dsc python-django_1.0.2-1+lenny1_all.deb to pool/main/p/python-django/python-django_1.0.2-1+lenny1_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Accepted live-magic 1.5+lenny2 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 17 Jun 2009 12:21:55 +0100 Source: live-magic Binary: live-magic Architecture: source all Version: 1.5+lenny2 Distribution: stable Urgency: low Maintainer: Debian Live Changed-By: Chris Lamb Description: live-magic - GUI frontend to create Debian LiveCDs, netboot images, etc. Closes: 532421 Changes: live-magic (1.5+lenny2) stable; urgency=low . * Rebuild in non-tainted environment. (Closes: #532421) Checksums-Sha1: 26b75b991506e3ce7cb9a58074cf60bfef1b46ac 1044 live-magic_1.5+lenny2.dsc 960746efb15238f3f67976923a64c67a9a5a5478 79298 live-magic_1.5+lenny2.tar.gz 71b3950561705b80bbd32497d389a1801bee0d6f 61952 live-magic_1.5+lenny2_all.deb Checksums-Sha256: 9fc3fc4011c4411d09e3dce2bc107443328c2f667b28d2e54884930129d8c8c8 1044 live-magic_1.5+lenny2.dsc 5f5eb0e5260e13967b83415e650ac022ca941ae7a28ccaa72d1accbe740cc64a 79298 live-magic_1.5+lenny2.tar.gz 3d1fab994121d85d74c8bef602e6110f9cf07464c56803dec8e1de180ebebf12 61952 live-magic_1.5+lenny2_all.deb Files: 078b7569bac48ad374d10ef87e26e4cc 1044 misc optional live-magic_1.5+lenny2.dsc 289f070815aea6542031df7064fa28f5 79298 misc optional live-magic_1.5+lenny2.tar.gz fbf2cb1c0f0306a76fe5d4500114d100 61952 misc optional live-magic_1.5+lenny2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAko404oACgkQ5/8uW2NPmiABRgCdEOW2Hr+qyfpyF9dveLTpHX+L oVkAn3oLRysvI5h6knPeo64F6D/Ugzz3 =GnIE -END PGP SIGNATURE- Accepted: live-magic_1.5+lenny2.dsc to pool/main/l/live-magic/live-magic_1.5+lenny2.dsc live-magic_1.5+lenny2.tar.gz to pool/main/l/live-magic/live-magic_1.5+lenny2.tar.gz live-magic_1.5+lenny2_all.deb to pool/main/l/live-magic/live-magic_1.5+lenny2_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Accepted live-magic 1.5+lenny2 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Wed, 17 Jun 2009 12:21:55 +0100 Source: live-magic Binary: live-magic Architecture: source all Version: 1.5+lenny2 Distribution: stable Urgency: low Maintainer: Debian Live Changed-By: Chris Lamb Description: live-magic - GUI frontend to create Debian LiveCDs, netboot images, etc. Closes: 532421 Changes: live-magic (1.5+lenny2) stable; urgency=low . * Rebuild in non-tainted environment. (Closes: #532421) Checksums-Sha1: 26b75b991506e3ce7cb9a58074cf60bfef1b46ac 1044 live-magic_1.5+lenny2.dsc 960746efb15238f3f67976923a64c67a9a5a5478 79298 live-magic_1.5+lenny2.tar.gz 71b3950561705b80bbd32497d389a1801bee0d6f 61952 live-magic_1.5+lenny2_all.deb Checksums-Sha256: 9fc3fc4011c4411d09e3dce2bc107443328c2f667b28d2e54884930129d8c8c8 1044 live-magic_1.5+lenny2.dsc 5f5eb0e5260e13967b83415e650ac022ca941ae7a28ccaa72d1accbe740cc64a 79298 live-magic_1.5+lenny2.tar.gz 3d1fab994121d85d74c8bef602e6110f9cf07464c56803dec8e1de180ebebf12 61952 live-magic_1.5+lenny2_all.deb Files: 078b7569bac48ad374d10ef87e26e4cc 1044 misc optional live-magic_1.5+lenny2.dsc 289f070815aea6542031df7064fa28f5 79298 misc optional live-magic_1.5+lenny2.tar.gz fbf2cb1c0f0306a76fe5d4500114d100 61952 misc optional live-magic_1.5+lenny2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAko404oACgkQ5/8uW2NPmiABRgCdEOW2Hr+qyfpyF9dveLTpHX+L oVkAn3oLRysvI5h6knPeo64F6D/Ugzz3 =GnIE -END PGP SIGNATURE- Accepted: live-magic_1.5+lenny2.dsc to pool/main/l/live-magic/live-magic_1.5+lenny2.dsc live-magic_1.5+lenny2.tar.gz to pool/main/l/live-magic/live-magic_1.5+lenny2.tar.gz live-magic_1.5+lenny2_all.deb to pool/main/l/live-magic/live-magic_1.5+lenny2_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Accepted live-magic 1.5+lenny1 (source all)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 28 May 2009 13:35:18 +0100 Source: live-magic Binary: live-magic Architecture: source all Version: 1.5+lenny1 Distribution: stable Urgency: low Maintainer: Debian Live Changed-By: Chris Lamb Description: live-magic - GUI frontend to create Debian LiveCDs, netboot images, etc. Changes: live-magic (1.5+lenny1) stable; urgency=low . * Don't assume /etc/debian_version will contain the string "5.0\n" for the entirety of the lenny release - just check for a prefix of "5.0". Checksums-Sha1: 8b5da8a1c4cedbe1023ce810bf338446441c70ed 1044 live-magic_1.5+lenny1.dsc f2640c0456d727b56c2cff1cfb1cc99be2a1f7a0 78580 live-magic_1.5+lenny1.tar.gz 519067a9e0046bfa52f453d6937a9fb22633286b 62372 live-magic_1.5+lenny1_all.deb Checksums-Sha256: e26664184e62b810f5bb834251f7bafa5513dbf297fd684c800756dc3cf69fab 1044 live-magic_1.5+lenny1.dsc bd78685fbe0a6cb04805edeade399522924bcb677b3a02079bed34b4d7829790 78580 live-magic_1.5+lenny1.tar.gz 460df5818197d7aa8f63bfd0eb97001fdfe72c4975e1524b5b745b96b7f06a31 62372 live-magic_1.5+lenny1_all.deb Files: 44f4d4a8e53591bc9841584d334146ea 1044 misc optional live-magic_1.5+lenny1.dsc a9a22f5b7d5be6123182a05556dd57df 78580 misc optional live-magic_1.5+lenny1.tar.gz 05ab1856f2e1f2fb991f4c13f9c84a64 62372 misc optional live-magic_1.5+lenny1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoehUIACgkQ5/8uW2NPmiAzJACglE+QPMNLCkbk9jFpJL66/t1N qpMAn21vzXL3jbOfUDhl+NVE+7G6PJlZ =GWKv -END PGP SIGNATURE- Accepted: live-magic_1.5+lenny1.dsc to pool/main/l/live-magic/live-magic_1.5+lenny1.dsc live-magic_1.5+lenny1.tar.gz to pool/main/l/live-magic/live-magic_1.5+lenny1.tar.gz live-magic_1.5+lenny1_all.deb to pool/main/l/live-magic/live-magic_1.5+lenny1_all.deb -- To UNSUBSCRIBE, email to debian-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org