Accepted proftpd-dfsg 1.3.5e-0+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2019 21:30:59 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5e-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: ProFTPD Maintainance Team Changed-By: Markus Koschany Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 923926 Changes: proftpd-dfsg (1.3.5e-0+deb8u1) jessie-security; urgency=high . * New upstream version 1.3.5e. This upstream release fixes several memory leaks when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service. (Closes: #923926). * Rebase odbc patch for new release. * Remove CVE security patches. They were applied by upstream. Checksums-Sha1: 5c1029cfbe36158b39de200c771c79c0b60ee753 2939 proftpd-dfsg_1.3.5e-0+deb8u1.dsc 44f940007798a7c1b3693cd282ad63841e3f30ef 29823478 proftpd-dfsg_1.3.5e.orig.tar.gz a796e98968d80c59732629f1afd9198dde7bb584 82660 proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 8bb561aeb3f98ff0aef9ebb869b2299d7c960759 2432872 proftpd-basic_1.3.5e-0+deb8u1_amd64.deb 28766eaa0d00087017c61d6d34f89ec94196ab2f 931634 proftpd-dev_1.3.5e-0+deb8u1_amd64.deb 66639d6549cfd15b1f0c8d96fba8c236d9a6a80a 447438 proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb 62f0f8fafb12577b38ce0b83c82402eda336b233 447004 proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb dacfb19c38ac88507ed05de78c34a159cf991b68 455186 proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 92878d529517afc42751ece79f3d68b3efe19010 448342 proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb 182a3a97c7cf94623f2a367e45c789549fe590f4 446716 proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb 2e1259ce67fb5af67e737de3450fd830c003ac15 448182 proftpd-mod-geoip_1.3.5e-0+deb8u1_amd64.deb 497467afd76e627d03142bb1e175f1a0ada9df01 1595052 proftpd-doc_1.3.5e-0+deb8u1_all.deb Checksums-Sha256: 765c75f38cb350e179b6c8846ed1f88a8c1c36309143c054c3ea8ff24bac5f3c 2939 proftpd-dfsg_1.3.5e-0+deb8u1.dsc e826b81213d7b1b86182169c46616cf6036f5edb5732331a6a3d3444a7e58f50 29823478 proftpd-dfsg_1.3.5e.orig.tar.gz f89bccffe228d89120e4d29155489519842445cd92c27afb76dcee548881e7ed 82660 proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 5b08f0684d96bef58bf19c08b5b13f00291cedbee067d6a0ba9da91942af13ee 2432872 proftpd-basic_1.3.5e-0+deb8u1_amd64.deb 7556fc1bf3307d42d18d6ce009070d0c31b8f5c13f429751d0b7d90f74f6baeb 931634 proftpd-dev_1.3.5e-0+deb8u1_amd64.deb dc7ec86b179ebe6e8cc0a9f77a18e01a53773238753d38811611d539d8e04e97 447438 proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb 420cc3df09503cdbb5d6c2fa47a8da14850e916392b441df7f333ee018fde094 447004 proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb 26a509e7546739151eb36f58adec6b883e6dc41bd7d236dccfe38244c2b585c6 455186 proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 390d11f9dd56819a299119af2f35927f69da3f4c2a7e314d142594265c694b82 448342 proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb 10bb9023957fb5fc62cd55f0d1a3b95c0195b7f4f19c6863ff57d8061ea2097e 446716 proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb d940b2cc78161cfafe4bc603b39f813a6ea8b57ec793010c86120304d1d94ec3 448182 proftpd-mod-geoip_1.3.5e-0+deb8u1_amd64.deb 6be0440e37d136758732057d225e87651aae207a13a9f039a587f2909240ef39 1595052 proftpd-doc_1.3.5e-0+deb8u1_all.deb Files: 65201f22fb639b4fefd48e95e6314f0b 2939 net optional proftpd-dfsg_1.3.5e-0+deb8u1.dsc f5ef490395432802b1bdb0a782da7854 29823478 net optional proftpd-dfsg_1.3.5e.orig.tar.gz 1e65e268d308beeef087f43df2bda564 82660 net optional proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 9f2bb6454b3173332de2339fc664efdb 2432872 net optional proftpd-basic_1.3.5e-0+deb8u1_amd64.deb d37b49876b2659709ba1c66652b3ffa3 931634 net optional proftpd-dev_1.3.5e-0+deb8u1_amd64.deb b732b0c1987347f23719db6f86a2f94f 447438 net optional proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb e954c7ab8a515bda62c2509adc8206e2 447004 net optional proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb 09b863a04da398b24bd1ee1cce84dcd4 455186 net optional proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 0eb38268abda1ba21a5d979c8384fdbd 448342 net optional proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb bfe71c70a2a6c7c5bd89122f39febe5c 446716 net optional proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb
Accepted poppler 0.26.5-2+deb8u9 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 08 Apr 2019 18:17:24 +0200 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u9 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u9) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-9631: cairo: Constrain number of cycles in rescale filter. Pass address of the first byte after end of the source buffer to downsample_row_box_filter() so that we can check that we don't run out of it. Checksums-Sha1: 96113c1018752a2b8820d4c6ec5d0affe42c42a8 3331 poppler_0.26.5-2+deb8u9.dsc 01eccb6409cccdae8f6493789400fcfd9bb046d5 44360 poppler_0.26.5-2+deb8u9.debian.tar.xz c87135acaf9e461641b94cb2edc6b6d36d83ad82 1213110 libpoppler46_0.26.5-2+deb8u9_amd64.deb 65087ebcff7029c5f35fced431fb7afe221e1c11 768780 libpoppler-dev_0.26.5-2+deb8u9_amd64.deb d9fe87266e24cf6ab2faf08ad2efd80762217c89 181016 libpoppler-private-dev_0.26.5-2+deb8u9_amd64.deb 3a229904ad114703a1604ef32e9bbb6500be5286 122824 libpoppler-glib8_0.26.5-2+deb8u9_amd64.deb 2da78e12002a55b724a29544e108c985728c15ea 164144 libpoppler-glib-dev_0.26.5-2+deb8u9_amd64.deb 2cced9a2602b9f0dafac03b5d293d0f6f5bb933a 86516 libpoppler-glib-doc_0.26.5-2+deb8u9_all.deb fb2691dc57c3e8baec2e32551142ce39464cb588 35002 gir1.2-poppler-0.18_0.26.5-2+deb8u9_amd64.deb 03ac0b631eedf8f493171db209de92b370f8c07c 128576 libpoppler-qt4-4_0.26.5-2+deb8u9_amd64.deb 8478424b86898b357cd426206ab9446a824aec74 159448 libpoppler-qt4-dev_0.26.5-2+deb8u9_amd64.deb 1b86d6cf71fd611ac10ea0d6336a64e78807c920 132734 libpoppler-qt5-1_0.26.5-2+deb8u9_amd64.deb c57c540a54f448377e09cf3888d5dd4906847fa6 166242 libpoppler-qt5-dev_0.26.5-2+deb8u9_amd64.deb f88ade7f70cbc95acf631c3bebcea9f963cfb0b9 45516 libpoppler-cpp0_0.26.5-2+deb8u9_amd64.deb c9350cfa9bab6a7dc06f1f78c647b54cbfad1a74 5 libpoppler-cpp-dev_0.26.5-2+deb8u9_amd64.deb a3459674dcc0101a957810770a76413eb6967f39 141936 poppler-utils_0.26.5-2+deb8u9_amd64.deb ffb9112ef3e0055ee6b6a7974d76d9a4897c4bd0 7684446 poppler-dbg_0.26.5-2+deb8u9_amd64.deb Checksums-Sha256: 2a4fd40e606744fdb23854cea1e61dfe3099812e6371211d1c0db00cdda093da 3331 poppler_0.26.5-2+deb8u9.dsc 1189b0f587f1051f0cd94d66bde43398e2bb45d463f08e00d4eca5184a5f7fb8 44360 poppler_0.26.5-2+deb8u9.debian.tar.xz 26bcae4f0f720c0c898059af6c01b319bf6ec829be55c3e6c3dac43d7af49183 1213110 libpoppler46_0.26.5-2+deb8u9_amd64.deb b4bbafc95876c690f179e32b74dd20cf53806678376b139d4948794e4434af47 768780 libpoppler-dev_0.26.5-2+deb8u9_amd64.deb 4d339d386ddcf991eeb7d6ee24b5142a383f3a142c576c5549cd48db20f9de9b 181016 libpoppler-private-dev_0.26.5-2+deb8u9_amd64.deb 3ab8f8bf9e295d6885da25afd61d5c3fcab20830ac06dcef62b4f6cbee1b82ec 122824 libpoppler-glib8_0.26.5-2+deb8u9_amd64.deb 035dd049bade90f117b4e52506676448e63587adf6abd1b232cc7a1d1cb90ab7 164144 libpoppler-glib-dev_0.26.5-2+deb8u9_amd64.deb e93fc344908fe8471c583276585d2325eeb2f06b9046744b21c9ab1a4cca6ab9 86516 libpoppler-glib-doc_0.26.5-2+deb8u9_all.deb 67509ec16b32908441a9f7b2ba3b15af7175965b525d88b34ea3ea1a1c118105 35002 gir1.2-poppler-0.18_0.26.5-2+deb8u9_amd64.deb d323bd36cbe73b4321c569c8fcc5104a93f20f4a360f8f63f06ee9a0ac0b42d4 128576 libpoppler-qt4-4_0.26.5-2+deb8u9_amd64.deb 162529c8fac093cd4a75a4c1bebee700d75071e6391b79cb3c5b945772e3f181 159448 libpoppler-qt4-dev_0.26.5-2+deb8u9_amd64.deb 52706b5fe4db2615e499d1d18b5518f3d71587fdba9d7a7be1fd0276bb7d5657 132734 libpoppler-qt5-1_0.26.5-2+deb8u9_amd64.deb 0f4547f16fa043a73ecbe02d085d9ced8df1f10c3e95cbda9efd2a911ea7430c 166242
Accepted suricata 2.0.7-2+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2019 13:17:04 +0200 Source: suricata Binary: suricata Architecture: source amd64 Version: 2.0.7-2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Pierre Chifflier Changed-By: Hugo Lefeuvre Description: suricata - Next Generation Intrusion Detection and Prevention Tool Changes: suricata (2.0.7-2+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-10243: heap-based buffer over-read in htp_parse_authorization_digest via an authorization digest header. * CVE-2018-10242: incorrect parsing of SSH banner (missing length check) resulting in oob read in parsing code. Checksums-Sha1: ca500d5d91cbc9e781b7d15c7eef77ca24523e91 1791 suricata_2.0.7-2+deb8u4.dsc 4dc527315280a0a15e71ffbc67f60a983f489e31 2953232 suricata_2.0.7.orig.tar.gz 4140a201c3ccca9c813a24d2c1525c8f3b73fff3 15372 suricata_2.0.7-2+deb8u4.debian.tar.xz 5f3175c86a3e41b374f1071393716f20ca7bbc00 774630 suricata_2.0.7-2+deb8u4_amd64.deb Checksums-Sha256: 518bbe0e703ee0a0330e4ced211b714d24580fd9c9be6fccc435300e83cc0145 1791 suricata_2.0.7-2+deb8u4.dsc 973e3311281cee5f776279f36eda7e37c266a8661a5f5746b3531c3ccd8af6a9 2953232 suricata_2.0.7.orig.tar.gz b48c648d4e2bebfb94c81972599e1934101f635d14e3c9648fe0d2448ce394e1 15372 suricata_2.0.7-2+deb8u4.debian.tar.xz 5014edf0643f66f8d933416c1685828748c687d4f74afdf079ee25dad2efd9ba 774630 suricata_2.0.7-2+deb8u4_amd64.deb Files: 192ea8a62efd2d02191c77a242eedb93 1791 net optional suricata_2.0.7-2+deb8u4.dsc 18651aac081c817cd8c67cbf11fdb8c6 2953232 net optional suricata_2.0.7.orig.tar.gz 857146f0135fc61b6296bb18e603dbd5 15372 net optional suricata_2.0.7-2+deb8u4.debian.tar.xz 9e9908de41bbf8aa22485ca689d84e8d 774630 net optional suricata_2.0.7-2+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlyrN7IACgkQZYVUZx9w 0DRlDAgAnZxp3alN51V0b7H+6OCOG3saPTPTcG55dZGLWBs4QZc7o01OX+9pMJrC pbwwIERrZ197LYCRgg0Elh3opLkIQqNAR29YfYGcSC7erX3Pe9DROFQrNTqkHTTn f7mn6y6i0QVHbGm0iQUv62n978JbdEmuGeZJhNiQWRpq0vSsUCRl3tSTIvQReX9N x6ZwHVV/0r1gn1bZy69pknbdzvYvpVsDvxv6pLn5x+D76MrsKBoN2wjKCHky0LZm Dr175NKN12JM6Nk5B4OMcY7HVDAD7eZj+iAgSuA9AymijWheYBKDUFZq6RAIzUmE CZLb+WG62c+3LjqWlZi+KPt3ve7A7A== =FNN1 -END PGP SIGNATURE-
