Accepted graphicsmagick 1.3.20-3+deb8u7 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 19 May 2019 08:01:07 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.20-3+deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Hugo Lefeuvre Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.20-3+deb8u7) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2019-11506: missing error handling primitives causes heap-based buffer overflow in WriteMATLABImage (coders/mat.c) when processing crafted Matlab matrix data. * CVE-2019-11505: heap-based buffer overflow in WritePDBImage (coders/pdb.c) when processing crafted PDB images. * CVE-2019-11474: floating-point exception in coders/xwd.c when processing crafted XWD images. * CVE-2019-11473: out-of-bounds read in coders/xwd.c when processing crafted XWD images. * Fix GCC warnings introduced in CVE-2017-10799.patch and CVE-2019-11009.patch (previous upload). Checksums-Sha1: acb4fedf2c97b819e7f979ff760f589d693fa008 2489 graphicsmagick_1.3.20-3+deb8u7.dsc 73042eee48e17d074f68f6f70fc81b221481255a 5206616 graphicsmagick_1.3.20.orig.tar.xz baa53df5e7e78305b970d06642903b78ad9f72c6 217924 graphicsmagick_1.3.20-3+deb8u7.debian.tar.xz e386525cc2d84e464c14ce57e3bb078508a9913f 796812 graphicsmagick_1.3.20-3+deb8u7_amd64.deb eeff8d325341a308a8abdc9beeff5a9ce9b711dd 1107448 libgraphicsmagick3_1.3.20-3+deb8u7_amd64.deb aace3f998800275496d9ce03e2526a47533d6176 1293268 libgraphicsmagick1-dev_1.3.20-3+deb8u7_amd64.deb acaa7cea9c59b4c543db25fac776edef25e37486 120200 libgraphicsmagick++3_1.3.20-3+deb8u7_amd64.deb 2f52e0ecc8afeab22aa16541bdce2ce9148baeeb 301176 libgraphicsmagick++1-dev_1.3.20-3+deb8u7_amd64.deb 6a6fb988e787e05fc762f3d3cb3362c82926ef56 77794 libgraphics-magick-perl_1.3.20-3+deb8u7_amd64.deb 8136218704c57d03372d770858a72ae1ff7a22ba 2224868 graphicsmagick-dbg_1.3.20-3+deb8u7_amd64.deb 1cdb7f8a94c5acad9d57977ad7504191368da60e 29854 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u7_all.deb 1e5b2a31b47b40d5477dfbb7650920ed2ca8a2b7 33260 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u7_all.deb Checksums-Sha256: 41224f6bc6fdf2f94b0597b0002274c2aea4d4b96c08106aee56964259d4db6b 2489 graphicsmagick_1.3.20-3+deb8u7.dsc 35fa21da4c1479e08da8351c5b1e363adaca803a0064cfc83084363adce387c9 5206616 graphicsmagick_1.3.20.orig.tar.xz 7b004cc5f2ba0d78ca95170c2beaafbdb74729b44302045775c4a8c8f7091e33 217924 graphicsmagick_1.3.20-3+deb8u7.debian.tar.xz d0ee2db79ecd21a0209ccdb9512cf6d156166f2dbaad51046f2e178d49a5c9fe 796812 graphicsmagick_1.3.20-3+deb8u7_amd64.deb 45bbaf27c6d934150653e0a3fb25a3a84ad3e49c591f43e6831a8ac63cbc4991 1107448 libgraphicsmagick3_1.3.20-3+deb8u7_amd64.deb 933e8a542569ab2d959f3310edc9bb2a17f698ae2f89ea351efa6eea9fb380d6 1293268 libgraphicsmagick1-dev_1.3.20-3+deb8u7_amd64.deb de5775238c3237d3d213796d71b4c6c385251b9c06f8d3bad4c072809d9b6757 120200 libgraphicsmagick++3_1.3.20-3+deb8u7_amd64.deb 5b0f996a32fc2109d515d2cebf7fe9e63bc0f9ac385179eb639e0f8fe268fdb7 301176 libgraphicsmagick++1-dev_1.3.20-3+deb8u7_amd64.deb a54e7f29bdb1304b18207a64c21bf82271831368084ea904c9723f6134e93589 77794 libgraphics-magick-perl_1.3.20-3+deb8u7_amd64.deb c36b307f6436591ab00e91e291c8c739c8697dbd14111e678a3ba06e2a892a7c 2224868 graphicsmagick-dbg_1.3.20-3+deb8u7_amd64.deb 45461f62d52ac6f39b1b3695696aaba3d1e75923248fcf9735b63a6898631f37 29854 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u7_all.deb 240c08e7cd07c57a9f62de4dc373b5fa3f64ce9acb327492a034b558d53fbed0 33260 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u7_all.deb Files: a042fe17f2ec44202b97a8ea3fe3031c 2489 graphics optional graphicsmagick_1.3.20-3+deb8u7.dsc 5bb456e3466026ada6f12cc53c9776dc 5206616 graphics optional graphicsmagick_1.3.20.orig.tar.xz b7afe36bdfa1fa1a5cd3bc83c6a15f05 217924 graphics optional graphicsmagick_1.3.20-3+deb8u7.debian.tar.xz 213732a9b2ba713ec6df7077ca5c5881 796812 graphics optiona
Accepted jruby 1.5.6-9+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 17 May 2019 10:23:45 +0530 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-9+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Abhijith PA Description: jruby - 100% pure-Java implementation of Ruby Closes: 895778 925987 Changes: jruby (1.5.6-9+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Fix FTBFS. * Fix CVE-2018-174, CVE-2018-175, CVE-2018-176, CVE-2018-177, CVE-2018-178. (Closes: #895778) * Fix CVE-2019-8321, CVE-2019-8322, CVE-2019-8323, CVE-2019-8324, CVE-2019-8325. (Closes: #925987) Checksums-Sha1: d0740a88b52bd74056a8ea5226a95038593d78e6 2372 jruby_1.5.6-9+deb8u1.dsc c18bb2df632fad19bf14b17674eb1e73d0615acb 5447477 jruby_1.5.6.orig.tar.gz 8b6649ef683ed6af6187eed203dd547b4002e8dd 37116 jruby_1.5.6-9+deb8u1.debian.tar.xz ef97ff2234105d5f78ca47597bf5e5a295d1a510 7833570 jruby_1.5.6-9+deb8u1_all.deb Checksums-Sha256: c9bac6a0d7cf4da78f833dae4e8413448f0049c788fca2e8d86af5d63a445468 2372 jruby_1.5.6-9+deb8u1.dsc d101f8be5629f07909367b01deadcb87b6c338f96460ff9efd311ccfc0affb8f 5447477 jruby_1.5.6.orig.tar.gz 24e7fb18448e5cf2c6c94e771861b6fd7fe141fc9be9afe5856eb16636406be8 37116 jruby_1.5.6-9+deb8u1.debian.tar.xz 3bf30985f92c4dd799be6c942199b57f936ff54e6d579d6b0e0dc412505fe985 7833570 jruby_1.5.6-9+deb8u1_all.deb Files: 77838155772c813b6a8aab197cdae248 2372 ruby optional jruby_1.5.6-9+deb8u1.dsc 13175b01fd214cf56e8ea64c0dc05eae 5447477 ruby optional jruby_1.5.6.orig.tar.gz d83452a45282620cf8c3ee557577d85b 37116 ruby optional jruby_1.5.6-9+deb8u1.debian.tar.xz b3b3cd9df7b509c9ba2193bb9b98bdce 7833570 ruby optional jruby_1.5.6-9+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlzigx8UHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO+pVQ//bp5mUQN6rQiv7i5LVE/i3ip5XkCZ EEfHpDAHBvlBe7ig4FIoCVyhUD7V6A5SoM5IZRqlCbItSYd3wW0fRVB6DAisLMzg X67I39xTvtEfM3U2mXwGUBGnsWoql5Lptu+96j5sOA/VbKOCw3PfF5dOQgeC4pM1 VrrSs2DE8PMXFx0AZNRMy7DFmDWIkk11X4l73AKIkOnXGH0wTZoIGAzZZrN2EqBb a78luCIWNzhtbsIDWm1i+UPnTYuj1F1HLLCM/CmImtxXWEl0X7W9x5pS5H6SFzsY M3fdr8ZbQGqLZnQx7368OghWNSIEAK9zhibK3OOMquBXhh4E5KKwkKS+/fcsPoX2 iZSr1Uh2BvYHDEouPcNFN7IJXjVP/nNHFJV/tmhAthnkUCABKsn699y/S79Rpddh EeECZ16CkByG3BsObCQ2D8Y0oxGNeXA9bvR76RORgc7GtjtfP8vUIJdhwv/d2i8A VSp2umVhX/Xv5/wi4PB+MnIx6VEdzTrYW2IHCd5I6Y1hW9PjXArMpbeAW4Pj3ma+ MQygC6VqhejuIG4fER307Wk2YmYDTiQFnIlm2ZBZHkyI6PPQrQvmPF4Uu8Ds3JCF M5zFGcKeCj/QDM6TFlGobb3a19+RHdPPmvRbrOuPvrBCmt/OnRETRnXq7ZzQTyf3 rWk9xCDGGz2rBp0= =GtI/ -END PGP SIGNATURE-
Accepted drupal7 7.32-1+deb8u17 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 20 May 2019 12:05:42 +0200 Source: drupal7 Binary: drupal7 Architecture: source all Version: 7.32-1+deb8u17 Distribution: jessie-security Urgency: medium Maintainer: Luigi Gangitano Changed-By: Jonas Meurer Description: drupal7- fully-featured content management framework Closes: 927330 928688 Changes: drupal7 (7.32-1+deb8u17) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * SA-CORE-2019-006, CVE-2019-11358: Fix XSS vulnerability (Closes: #927330) * SA-CORE-2019-007, CVE-2019-11831: Fixes bundled library's insecure management of deserialization (Closes: #928688) Checksums-Sha1: 342eda96b51fe173d6dc52351ac6a55c12e26a8e 1888 drupal7_7.32-1+deb8u17.dsc 82e86c4fb60626fb9dbd02a8d579a3b1f81abb3e 229432 drupal7_7.32-1+deb8u17.debian.tar.xz a8cf9ff7b062e91d329a6bbfe8dcee73885a68a1 2503130 drupal7_7.32-1+deb8u17_all.deb Checksums-Sha256: 71ee368e48fa0735b20ded93aab324ee6a9e2602ffd317ff4bca0154f8673463 1888 drupal7_7.32-1+deb8u17.dsc 93152c900fcc01d39defb51bd8b82cec0d894abe26bf97c93eba337f7d98f400 229432 drupal7_7.32-1+deb8u17.debian.tar.xz b4f02d8dbb03cca2da4ac812b24af9f7e6e1d246b78bed283ce003873ebbad55 2503130 drupal7_7.32-1+deb8u17_all.deb Files: b7239e209f3d849eeb0dc24e09a7fe7c 1888 web extra drupal7_7.32-1+deb8u17.dsc 5aa321bf31440c92f2e7870b7d5ccd19 229432 web extra drupal7_7.32-1+deb8u17.debian.tar.xz 354219f64d3862ac3da9aa242186580f 2503130 web extra drupal7_7.32-1+deb8u17_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAlzirioACgkQUmLn/0kQ Sf7Suw//YKPauN0F70VaAt6Sfdq2EpUgQJusoYFyH+tM49TZ9Ybd11Q3NQJ1G/fW yasMxhDjcWP/Ui5O5ZlT+fVPNecpilanWF52qu3C+oaElpAr+Fj0OY2XlOMndBbF Hm/gR1SGy93soZiHU+0h1wkMEn461keRf7iXWpX8fFKsGi2EgLhD5ry5L2jYVV4y 3FMtnTxhmwNfLs9ilvcFRV8fu9vfD07RLemGpbqTUWT0G+sPn2fEzQNc00G45YWY 0HHgo9XFphe/iehvb13IYn6zoQq7Tzl8YIYesM+nf8FgZqgpR/p0RoBlfDii8qQu uXsg7WJW/meO80WlF9w5RPDht0SVLkX7LTFJZfeVarL2qOi78gSbEzOsdyG/kOFs L58pkUSEdyoIBT20RsJa3OJhXXkefqtK3zi+I+JLT3OkipZf0YAocRra2SNZn+r5 Z2u6I9osQmNsh8tA/HsyyJcL9v/INTUa+KsgaGQvrtFV7MPK0eEzoKhT6qQZ/Wpx 8uD4OaHI83xYBj7/5WXiupgEgnveZpa8Kds2fs70xrztWlFnM/BXIMmZyoDMRGPP Yq/qkicHS9+CNZFlf2Fu02sm9uyzF4+RGfq1neh9Yr5Z/nZpUaG7ozz+E78m2oTb 0dqee/uFiABkXjBtCSIrVE9PCodV+0QMKtUjyDaZPODhOC2IkGY= =VATM -END PGP SIGNATURE-
Accepted jackson-databind 2.4.2-2+deb8u6 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 20 May 2019 22:39:35 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12086: A Polymorphic Typing issue was discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. Checksums-Sha1: 8e465473f5f1fc5b2b2d91651c6f72b3056f383b 2691 jackson-databind_2.4.2-2+deb8u6.dsc a773ccd3155897ff4fb514c06775d7ffa0d52abb 10676 jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 4ea2f0830049bb5cf14205f30c204fb444e8d2bc 987274 libjackson2-databind-java_2.4.2-2+deb8u6_all.deb 6d05b3d963869cc142c43708e23036cb030be264 4742874 libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb Checksums-Sha256: b9257c0ed3f5f6efacfb3261e80ec8a75724afff653733b914b517aa96453c63 2691 jackson-databind_2.4.2-2+deb8u6.dsc a627aa6538c8c86330c8e96f8c1c11855645849a6cb6b23ef9c0eea958c880d5 10676 jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 3c7667955dc959d6f5bfe309887a5ce71f610df5814a133ef61ff745edb1624b 987274 libjackson2-databind-java_2.4.2-2+deb8u6_all.deb 223e48adf22d5ac982df84195c72ea67f5d472b62f11c106f93b129c16c04eb0 4742874 libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb Files: d8c47cd70ba0e6bc17c0eaaae6b57fb7 2691 java optional jackson-databind_2.4.2-2+deb8u6.dsc 6234306ae8d9d738a5a3c4402b9e16bc 10676 java optional jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 3940ca30540141e1ac2cd15e394da28d 987274 java optional libjackson2-databind-java_2.4.2-2+deb8u6_all.deb e980e826504d4005029d06fecb7dc833 4742874 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzjKidfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJ0gP/jH6aBlSayuf+KRp1P0goyXz/4Qhh7Fsp4AO hmUlQ9/uiHKhxnoWhcRx0X60uhg9nWaEFtr0uS3LyWt219FyeUO2maS8qYS8FZCQ c5l4/x+ije7HbY3EeQZ67jj+QQnz669J1ujemLceZw0DE90ESeCxVi/ktHcx6MWt 06RM8ve/UnYOvBJ5fzWUtGbuB9zT1GCiskx1jjTpzUuZ0U84coQeUSATg9sXvr+l tW9roD9/J5D09DKk7ACG8owHudUUXHvtgHsZshNqnmU5ahZOiLrhNU21ej3Wg/dI t6AvnnNKDaR0P3NqR/KDMN/bACwjzguo5sXXJK+HDL97Rw6tINM81Wv7RKdthuAf uWk7hFx0uXOAe8c9HWml6MxsUGkuRoaWJEJnEVgJ2Qz4xDucRs6s4DsGGP8s+yHX HbgTNYj55Mbd4nzr6D5MoemRm14gvGdkpaGGkUYaHCJVccrd/P4jV1/biRdBS0gU TJadHwmoON+vXL9fLMR7bo0juKwAfA+P+PoO6EuquyCboTLGEMFX4IQcHhyHiuuo /CoihREVxOpgdfPhl6SQATyLiXYIKunXGcvxwlxL1O4tM4Pz1IpbvG8UBuoDLkBc +gpsnXqtGL9shsY+EbhmDLM8td/RdQr+/f9fyKAvtF23EPkt+ts13J7Yn7/1SvRz FWQXa6O2 =vJoE -END PGP SIGNATURE-