Accepted uw-imap 8:2007f~dfsg-4+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2019 00:01:06 -0500 Source: uw-imap Binary: libc-client2007e-dev libc-client2007e mlock uw-mailutils Architecture: source amd64 Version: 8:2007f~dfsg-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Magnus Holmgren Changed-By: Roberto C. Sanchez Description: libc-client2007e - c-client library for mail protocols - library files libc-client2007e-dev - c-client library for mail protocols - development files mlock - mailbox locking program uw-mailutils - c-client support programs Closes: 914632 Changes: uw-imap (8:2007f~dfsg-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * [CVE-2018-19518] 2013_disable_rsh.patch (new): Disable access to IMAP mailboxes through running imapd over rsh, and therefore ssh (Closes: #914632). Code using the library can enable it with tcp_parameters() after making sure that the IMAP server name is sanitized. Checksums-Sha1: a6757bb10b2085157af26eb5b26c034c5d3636bb 2206 uw-imap_2007f~dfsg-4+deb8u1.dsc 2eb8f6c51d2e522723c3aa083da3f7671244f62c 1607992 uw-imap_2007f~dfsg.orig.tar.gz d0847227f62eb489f99d9792fefad0364734d05d 43052 uw-imap_2007f~dfsg-4+deb8u1.debian.tar.xz e34419f0813e2b92d8154526d1ce6ebfbc257e6a 528594 libc-client2007e-dev_2007f~dfsg-4+deb8u1_amd64.deb 0d93e95dfea238570b6025f124c425fd84bb46bc 606188 libc-client2007e_2007f~dfsg-4+deb8u1_amd64.deb 6f525ecb6c0a55b75c40221ea2a0b845828c0ab6 34380 mlock_2007f~dfsg-4+deb8u1_amd64.deb 5a2da883245c78cf90495a665becccb51f8ec571 57302 uw-mailutils_2007f~dfsg-4+deb8u1_amd64.deb Checksums-Sha256: dc663bcd8e39daa85ceccd5b854de447db0b67a57c80ca62195abe36b0be02e9 2206 uw-imap_2007f~dfsg-4+deb8u1.dsc 4fdec0b5a085a7269db87214276e14ce79afdf7efec2ca8d431ab176b9062a8a 1607992 uw-imap_2007f~dfsg.orig.tar.gz a716aae1243b553512bc08c5f6f87811aad4f5d29a49b9b03662637c7c3f7f05 43052 uw-imap_2007f~dfsg-4+deb8u1.debian.tar.xz 4096f9530108f3554733f95206d50412268a5b17d5454b68a4c0eb48e2ea5e75 528594 libc-client2007e-dev_2007f~dfsg-4+deb8u1_amd64.deb ecf8e99422c6a412a0bc8385b1394c11e9b40fd012a1ae8ee9bd8f64230a 606188 libc-client2007e_2007f~dfsg-4+deb8u1_amd64.deb bac4da829c3b91c2e151644be2e0bad13b936c2e1110d35f2abc2cf4a1d5b1fb 34380 mlock_2007f~dfsg-4+deb8u1_amd64.deb b6777ff18cb0599b84ab372dc3c372c80569ea5928ec79d637edb23310cc3ef3 57302 uw-mailutils_2007f~dfsg-4+deb8u1_amd64.deb Files: ba321139fa6af5932623434f94e6a189 2206 mail optional uw-imap_2007f~dfsg-4+deb8u1.dsc 3c19869f80f81d56ff25cb80ff23f697 1607992 mail optional uw-imap_2007f~dfsg.orig.tar.gz 1cd0bd4384367aa7358c6c50ab389121 43052 mail optional uw-imap_2007f~dfsg-4+deb8u1.debian.tar.xz d8ccd6945a5cfe5259f40b68b99a8c79 528594 libdevel extra libc-client2007e-dev_2007f~dfsg-4+deb8u1_amd64.deb 8c74f3a3c1dbd64cbfb127e78d1d83ce 606188 libs optional libc-client2007e_2007f~dfsg-4+deb8u1_amd64.deb 32226200407e091af76d765fdec77acc 34380 mail optional mlock_2007f~dfsg-4+deb8u1_amd64.deb e045d9c2c13460197f8fd43f2ec57730 57302 mail optional uw-mailutils_2007f~dfsg-4+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlx5LhsACgkQLNd4Xt2n sg8+zA/8ClwcnKwXA4evEvoYuyxk25BpnpAD9XdLKY6HHL32Sn30appLLj5/Kaz3 8bBcA9pfxEqfWzUsixyD2hV/R1+3deta6yue8GNMyYNSrc3dct/eVWrLMGR5yawZ K30/7qqXv7z3lkhGg2W2BdIiAz67xqAUgmNIasiqKKgmVkneI92QSr3rsHRz2/Ja 5boYYwacddHDaabu/3SeoFkr5pU1P6KEjQwOer69jGPlNdVVqfkXIrdz4U4QFPIG W4EXbAKN8km6y5lkq/pnAWN07tIdnirHp8OogV8rmfseZN3llQHcTGto4y09PgXi zpkXHai2cWSDJkyBdmHvdcpBsdunFdqGq+CJac+DMmHuDaj7Gdgrj7mREgB2cbSE goMzCFUjzL3K4hwXZWfxbBtCmfz1lGUHB4FrA58fFsGJ/aHO/osYq2qDU2AyZB1T uXk27v/iRHtgNxCyTO10RioBkOmtRQFI1m7PH4xyZgvgZSetGpCQMFwEcSSADZul tCGplkx4BzYGsFzhqt9fSf11T7Iz5rijK4+7WtYOEuw/c5zPnNhhSAnA3h2jZ0BE 5zX8nwCM/NcTpLzMkx8ePeUN02M2kX3PQ3UR7pMwUKpj6FEZda5EpRI5nr34LOOE kIYi/32WspouR0XrNVPbImVNoahhdIKfFwUtMGvD3d//v2P/93g= =WcIE -END PGP SIGNATURE-
Accepted ceph 0.80.7-2+deb8u3 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Feb 2019 13:13:22 +0100 Source: ceph Binary: ceph ceph-dbg ceph-common ceph-common-dbg ceph-mds ceph-mds-dbg ceph-fuse ceph-fuse-dbg rbd-fuse rbd-fuse-dbg ceph-fs-common ceph-fs-common-dbg ceph-resource-agents librados2 librados2-dbg librados-dev librbd1 librbd1-dbg librbd-dev libcephfs1 libcephfs1-dbg libcephfs-dev radosgw radosgw-dbg rest-bench rest-bench-dbg ceph-test ceph-test-dbg python-ceph libcephfs-java libcephfs-jni libcephfs-jni-dbg Architecture: source amd64 all Version: 0.80.7-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Ceph Maintainers Changed-By: Markus Koschany Description: ceph - distributed storage and file system ceph-common - common utilities to mount and interact with a ceph storage cluste ceph-common-dbg - debugging symbols for ceph-common ceph-dbg - debugging symbols for ceph ceph-fs-common - common utilities to mount and interact with a ceph file system ceph-fs-common-dbg - debugging symbols for ceph-fs-common ceph-fuse - FUSE-based client for the Ceph distributed file system ceph-fuse-dbg - debugging symbols for ceph-fuse ceph-mds - metadata server for the ceph distributed file system ceph-mds-dbg - debugging symbols for ceph-mds ceph-resource-agents - OCF-compliant resource agents for Ceph ceph-test - Ceph test and benchmarking tools ceph-test-dbg - debugging symbols for ceph-test libcephfs-dev - Ceph distributed file system client library (development files) libcephfs-java - Java library for the Ceph File System libcephfs-jni - Java Native Interface library for CephFS Java bindings libcephfs-jni-dbg - debugging symbols for libcephfs-jni libcephfs1 - Ceph distributed file system client library libcephfs1-dbg - debugging symbols for libcephfs1 librados-dev - RADOS distributed object store client library (development files) librados2 - RADOS distributed object store client library librados2-dbg - debugging symbols for librados2 librbd-dev - RADOS block device client library (development files) librbd1- RADOS block device client library librbd1-dbg - debugging symbols for librbd1 python-ceph - Python libraries for the Ceph distributed filesystem radosgw- REST gateway for RADOS distributed object store radosgw-dbg - debugging symbols for radosgw rbd-fuse - FUSE-based rbd client for the Ceph distributed file system rbd-fuse-dbg - debugging symbols for rbd-fuse rest-bench - RESTful bencher that can be used to benchmark radosgw performance rest-bench-dbg - debugging symbols for rest-bench Changes: ceph (0.80.7-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-14662: It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. * Fix CVE-2018-16846: It was found that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Checksums-Sha1: cf71ee1fb70cbe7262c62e548349089dba0afaf7 4562 ceph_0.80.7-2+deb8u3.dsc 3db33986291c8fc8fb572099ec2915690d88512b 4036009 ceph_0.80.7.orig.tar.bz2 9c32d277a2a9cd9e86afeaab2b71b2e58af76246 50616 ceph_0.80.7-2+deb8u3.debian.tar.xz af1380315bb12ff3b239bb2daba69a2d6b19ed87 5349724 ceph_0.80.7-2+deb8u3_amd64.deb 97398579eea48606e33a63e9796ae9d64e6f2747 95202298 ceph-dbg_0.80.7-2+deb8u3_amd64.deb 90557755096687bb3e8d1ba9485a56811f75 4355010 ceph-common_0.80.7-2+deb8u3_amd64.deb 6ddc03fcc7c76b614d54febbbe0b810ae4ca096d 69646874 ceph-common-dbg_0.80.7-2+deb8u3_amd64.deb b42066621d08a0a610d3711f86c0c1c766771c42 2214046 ceph-mds_0.80.7-2+deb8u3_amd64.deb 6b7bb37c0cacaf3dac8f038cfffe46714534133d 34724826 ceph-mds-dbg_0.80.7-2+deb8u3_amd64.deb 21ca2a170d1d8ae698d7817379c2946df68ad909 1406026 ceph-fuse_0.80.7-2+deb8u3_amd64.deb bfd309751e32253831744510ded577dc63281931 18333000 ceph-fuse-dbg_0.80.7-2+deb8u3_amd64.deb 3ccca9c62de155793965c8ed778ca2f634219c79 26278 rbd-fuse_0.80.7-2+deb8u3_amd64.deb dc58098b6d1d69888ea85e9bd2188925f54b5621 33910 rbd-fuse-dbg_0.80.7-2+deb8u3_amd64.deb 291d9fcaf134e36882203febd129f880d060e4f0 38994 ceph-fs-common_0.80.7-2+deb8u3_amd64.deb 76483a07044bfa82ca5e6b3cc8cecd40d412e15b 82534 ceph-fs-common-dbg_0.80.7-2+deb8u3_amd64.deb 6e3846643bb0efc073e1de5782842ef026a5911b 21428 ceph-resource-agents_0.80.7-2+deb8u3_all.deb 49a0a87f83a7625969f20a2a31b397cee896ca1d 1598710 librados2_0.80.7-2+deb8u3_amd64.deb 9119d60f59729e59bb9873da008e43f161731d16 20684386 librados2-dbg_0.80.7-2+deb8u3_amd64.deb c9a27a8cefdd102e34a69247248855994ca158d2 1846876 librados-dev_0.80.7-2+deb8u3_amd64.deb 62007526a8458b4bda117050d260c6e3bd9da07f 361918 librbd1_0.80.7-2+deb8u3_amd64.deb 0f86c529971be0ce1e1eab07b2f0edeaeca8e96f 4733802 librbd1-dbg_0.80.7-2+deb8u3_amd64.deb 464d2dc4e7f6a32f3a0ccab5d1c10aa72d27c0e0 5294712 librbd-dev_0.80.7-2+deb8u3_amd64.deb f3c2b7017e710012564926f
Accepted openssl 1.0.1t-1+deb8u11 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2019 16:25:39 +0100 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1t-1+deb8u11 Distribution: jessie-security Urgency: high Maintainer: Debian OpenSSL Team Changed-By: Markus Koschany Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information openssl- Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1t-1+deb8u11) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-1559: Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. . In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). AEAD ciphersuites are not impacted. Checksums-Sha1: 59d63557a4494f2db518991bb738fc2740ae6fbf 2427 openssl_1.0.1t-1+deb8u11.dsc 82bbf327e569a70c93c0e85e24cb1ad035905e83 116008 openssl_1.0.1t-1+deb8u11.debian.tar.xz 949e0d12c79dbac67d8b5372b880916213057fa3 1168000 libssl-doc_1.0.1t-1+deb8u11_all.deb 427ae9aecffd26b0b07092278413d89e1234b9e5 664632 openssl_1.0.1t-1+deb8u11_amd64.deb 97c268ee6d8b3abf24cbe01da4d80074d1887510 1046796 libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb c4e389464eedf035e9807b5f02141975b6f1c365 643474 libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb c4d6ec45ec2dd649c2648cfd73aa08dd053833c4 1284940 libssl-dev_1.0.1t-1+deb8u11_amd64.deb 504b2d0ba2f9d81d64a432e815b4a96df682e491 2819836 libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Checksums-Sha256: 1b2ea8314ab20895989a9ca0c1f6a3244baf6e889f9e9563245083ab8525e710 2427 openssl_1.0.1t-1+deb8u11.dsc deaab80273c0a2928a3184576856cbaa37993130a1a938a22dca6d341ffc3deb 116008 openssl_1.0.1t-1+deb8u11.debian.tar.xz ee1d4cdfc57678ed2ba484b2975e28695fdd20c0a0144b2c1f4702978601c79d 1168000 libssl-doc_1.0.1t-1+deb8u11_all.deb c5424c87b93594ce2fdf19ae60eb955a3ed1b2f5518e98706460315e8e38a1c8 664632 openssl_1.0.1t-1+deb8u11_amd64.deb 793926fb2d9bd152cdf72551d9a36c83090e0f574dbe0063de1528465bf46479 1046796 libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb e049b747a8f73584f61b0a971f970b87cdf79ecd9aad8c6869a6283fe3d9bd08 643474 libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb 5c16fd8e8d300ade9456df6ed0e2dda33a0665550bc29dc7da4f22fc12686ea2 1284940 libssl-dev_1.0.1t-1+deb8u11_amd64.deb d666e920683fcd868fd45fcb595b0ce31afa5fd0fa398a2c71ce226aa7ac984c 2819836 libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Files: e04299c1bd9b6c4db50bce0fbfc2af23 2427 utils optional openssl_1.0.1t-1+deb8u11.dsc 1f1c0a5cb858701b9da3983469b10eff 116008 utils optional openssl_1.0.1t-1+deb8u11.debian.tar.xz db028d465a4961addb74f220b8a03d6e 1168000 doc optional libssl-doc_1.0.1t-1+deb8u11_all.deb a865663fe2049f75c50117b33c6210e3 664632 utils optional openssl_1.0.1t-1+deb8u11_amd64.deb 988393d399c0c8776e0e05a505e68fe0 1046796 libs important libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb 4a93fdc96133b55b1bf4b73bebdf355e 643474 debian-installer optional libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb 83442579b3ec3e01116b8b8b574d1487 1284940 libdevel optional libssl-dev_1.0.1t-1+deb8u11_amd64.deb 6dc81e92c0a1ef8e8693f6bd5407b7dd 2819836 debug extra libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx5m2NfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkVU8QAMZ/AeA8wo89PQ8wL30Exrl8miDfwX9PPUOI Rqz3+5atE24Z74ktecnv+C9PDDj67hDRsyYCM7BTDtRzfnzNdjMJQVh3PNclbx8J GnV0FpCgE2wDhiBZQogBf4/Z8tA4QBB3WQvyg7Qox0rGLdwqU0UgJPuK+IiPNrzc WXgNvnpcnL68o72fZPv0Re1EhWORCfP9GWPvqGZA/lm4Ux9/otgj3oYfzKH8Pip9 5yIlqr5Ww5n4bzA5cBrhWdyaRy/WN6yOKGmvj8S1ZabeUWF6+ld9OUOMLmyxurlw 8Nx6rVRZ1LunDI0lNgaD1rmHbxmqAX+iLNP0d86jNzUPNKWQYgfYNXcJ
