Accepted python-urllib3 1.9.1-3+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jun 2019 23:46:03 -0400 Source: python-urllib3 Binary: python-urllib3 python3-urllib3 python-urllib3-whl Architecture: source all Version: 1.9.1-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Roberto C. Sanchez Description: python-urllib3 - HTTP library with thread-safe connection pooling for Python python-urllib3-whl - HTTP library with thread-safe connection pooling python3-urllib3 - HTTP library with thread-safe connection pooling for Python3 Closes: 927172 Changes: python-urllib3 (1.9.1-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2019-11236: CRLF injection is possible if the attacker controls the request parameter. (Closes: #927172) Checksums-Sha1: 9fdcdf4a78fa8793e6a8dd72b6a4317e6eeefafd 2432 python-urllib3_1.9.1-3+deb8u1.dsc 8802c6f569aef365f816a67f2590607efa45f03f 171086 python-urllib3_1.9.1.orig.tar.gz 19384ff1417d157bb4296eef36b92b9a82d76e7a 9164 python-urllib3_1.9.1-3+deb8u1.debian.tar.xz abfda061c5ad9d011ac47e400e4b0cebc04aee3e 55708 python-urllib3_1.9.1-3+deb8u1_all.deb 1731c4320f53751cd89466b5f2fd59afcf4fdf91 55854 python3-urllib3_1.9.1-3+deb8u1_all.deb 606d63adaf49d71c1934933b5091992e56e0c247 77208 python-urllib3-whl_1.9.1-3+deb8u1_all.deb Checksums-Sha256: f460a9799f9721c31aae20dfba1d7e0c903cb3d439afacefaf670be0bd4a1faf 2432 python-urllib3_1.9.1-3+deb8u1.dsc d858379ef5988d4534bb8909432d697422100aaff272299d661339836b6dae9b 171086 python-urllib3_1.9.1.orig.tar.gz 56c8c87e3277b60da672979baf448fa49613a855e3d9faf39ff4e3143340222c 9164 python-urllib3_1.9.1-3+deb8u1.debian.tar.xz e27d99ad5c0b5e5299b8868e00a6cacaa6adbbb532874e95e893c27d36f2a25f 55708 python-urllib3_1.9.1-3+deb8u1_all.deb 592c657f62d9d06e15d1f378f7fd3fc942827875558de9d15db4be14c4510d58 55854 python3-urllib3_1.9.1-3+deb8u1_all.deb 594ca7efb35bf7c758bd47e9e9e00b803542031723303b76eb1e6627b59a2842 77208 python-urllib3-whl_1.9.1-3+deb8u1_all.deb Files: 608683851bc717e689b6c04d48ac3529 2432 python optional python-urllib3_1.9.1-3+deb8u1.dsc c9358c5a85dd6aa3942f5121efed064d 171086 python optional python-urllib3_1.9.1.orig.tar.gz 06d02ef8d5751c0a74e4562fb85e7d45 9164 python optional python-urllib3_1.9.1-3+deb8u1.debian.tar.xz 897db5703e814b71168f8fa70a4984e1 55708 python optional python-urllib3_1.9.1-3+deb8u1_all.deb d0f6a4b60ca7f5397ff5246999364745 55854 python optional python3-urllib3_1.9.1-3+deb8u1_all.deb 41ab631b9392717dfa5e35094414c235 77208 python optional python-urllib3-whl_1.9.1-3+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl0LApkACgkQLNd4Xt2n sg/gnw//TdQ7UvF57Cp+FIOJ8yQrEtW/1c4larbVeRfRp+RV/PorOrmGTMTcxhFI xldU6qX3ccV4LIXneu8I2rdzTqDoowI1VVoNLHM62WNP50pc8Dp/xNmuyn1dkXKH ZTXHcVbTDMwwKjo44ByqLQZ250QC8HiL50bXV7t46bC5yjL3tKRufBMPmKnZmAv0 e/W0Hb1uhglvAUX93lHWgie7nIiQvEFCET5vlGVBMXGKf+0snXcS2J4P7YzjrA9N 7G/DKEvCd4j7bDt60ZqGIIyXiKvHkafakLWN2yzTsWBSo4PA9GP4tkjyJ2ITYhCD VMPgemh08tB4yTSnoT1IObflHgpOufe2y+rR6LQXNXWDQr29GBNhAC1Oc9IY9gYu G/q3YBRatL/CUqnPayaRJgNphu5gusLSEDoTQLaikFKFZLkLpo+8TFq8SNIIRfmB oMfXhrwQqBgalwTsHfrSJClV/pXL12tcQEZpjoUv1Ed7EQYMNQc051fQxcS/X+yv Sfgn10dGwjwQ5DP0CGJ/BX3NX7zUKNNE+KbWJYRp8soAxG7crY6pRrTWgqjLtE75 uNQSMQq/BVZaParN+pddN8qk2nPIzHkCzxSAZjiTjXfir8ho+n4L7zfJbSS98NiF 7Btp7mKIKyiCng0dbnDVv2T4haZHmjsTDqXRb6+vNanUOIhpSN0= =EeTt -END PGP SIGNATURE-
Accepted intel-microcode 3.20190618.1~deb8u1 (amd64 i386 source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jun 2019 09:47:43 -0300 Binary: intel-microcode Source: intel-microcode Architecture: amd64 i386 source Version: 3.20190618.1~deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Henrique de Moraes Holschuh Changed-By: Henrique de Moraes Holschuh Description: intel-microcode - Processor microcode firmware for Intel CPUs Changes: intel-microcode (3.20190618.1~deb8u1) jessie-security; urgency=medium . * Rebuild for jessie-lts (no changes) * Refer to DLA 1789-1 for details . intel-microcode (3.20190618.1) unstable; urgency=medium . * New upstream microcode datafile 20190618 + SECURITY UPDATE Implements MDS mitigation (RIDL, Fallout, Zombieload), INTEL-SA-00223 CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 for Sandybridge server and Core-X processors + Updated Microcodes: sig 0x000206d6, pf_mask 0x6d, 2019-05-21, rev 0x061f, size 18432 sig 0x000206d7, pf_mask 0x6d, 2019-05-21, rev 0x0718, size 19456 * Add some missing (minor) changelog entries to 3.20190514.1 * Reformat 3.20190514.1 changelog entry to match rest of changelog Checksums-Sha1: 97ffbee2784c614b02c717bf0d6b40dd875f0d48 1817 intel-microcode_3.20190618.1~deb8u1.dsc 6bc31df92d064088e5eef6b9c43285a311ca6063 2617272 intel-microcode_3.20190618.1~deb8u1.tar.xz 12a16f066efd49c81f7380d15b302693430b0b92 1941996 intel-microcode_3.20190618.1~deb8u1_amd64.deb a890d0aa2632d4c45df054e7f1d4dd87ff481f3a 2082652 intel-microcode_3.20190618.1~deb8u1_i386.deb Checksums-Sha256: d734fd125b8a7f32501b3ee592a40d7aec9b2f1cf7419f012b7ea299806ccc83 1817 intel-microcode_3.20190618.1~deb8u1.dsc 554749ebe392c52e1f58420e45e542e6e1669128a10d81544666df6e9ed144b1 2617272 intel-microcode_3.20190618.1~deb8u1.tar.xz 477d7430d39f7891db3efc568695965e5079c612cfb073999e7feb62008d21ca 1941996 intel-microcode_3.20190618.1~deb8u1_amd64.deb 0f71ab5c1676d54a9737b36ba22700480498f131fb2c301c549075c125229467 2082652 intel-microcode_3.20190618.1~deb8u1_i386.deb Files: c1165e83781ce3af31bf5d68a1a342b3 1817 non-free/admin standard intel-microcode_3.20190618.1~deb8u1.dsc 39a8635bb11e2b83de9aa88c4f3f95eb 2617272 non-free/admin standard intel-microcode_3.20190618.1~deb8u1.tar.xz c6bc498998d37823160ad9aec4805ded 1941996 non-free/admin standard intel-microcode_3.20190618.1~deb8u1_amd64.deb a81bec36d7855c654cee91760869cbc1 2082652 non-free/admin standard intel-microcode_3.20190618.1~deb8u1_i386.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEMr8sdJFqJgkTTH+qsZwaZk2P+bEFAl0KyKIACgkQsZwaZk2P +bE70A/8DrLa416gSAL9xY5tLOGjg9j2iAti0jJDxS5+zvq47aBeRljg6tgh+Nky H2o9xyZW82y0amUWCMpfP5z8SH0ddhcH/Sxez9Et1XLKHJhW8EjUmfQyDjVF3fXR OL5UogBYPj6MYE4I9uViwzM8xw+caa9P8PjzZTh37kif3ZNiZsA0PGMS2VFCGOhq ty8qdiquxyNcWqW+XtvJEHA/q/MOTZPtl6mCiNuKFp2GHHOciBlhVMEM4HOnj5M6 hMssNXa7U217jwZEHeTfmpepF96AmErIlokfkFwIlT9UvqSUVPvvogEKyic27WJ2 dRSe2PtKW8WUsEcwruuLSkelkkGrLO9UUxcU7AC3z2c0vp/0IbrnS6q7YoLvnp/T ncv+DGyfZrwXeGCQLhhtMLiFPUJmtMqssqw4KAnsI9dxyIG0zq4EOmlSZsOixs84 X5lxQ1tnVQzHDbqNDzpnr2PXMEFB2KPCp/cYJ2HHR6E9/7a/v9yLRSezCnHZ+Ze+ 6asfq8NpFt0Odt/1GvuKbPXo5odSQvlRiv+/kXXyyl/pvgrp3sNupFjzq0vKrmtr gMOJmVDzGJ6sskP8idNnqlSwA2aU+pTIODXMi8ekJWOBWKCrIHQF7F6onDw+Gc/z pZiKCaCcwAp6RuzFbKPjMQ7ESJkrBaC68X3IDOUS+JKH65XtmdY= =wbAQ -END PGP SIGNATURE-
Accepted gvfs 1.22.2-1+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jun 2019 18:07:45 +0200 Source: gvfs Binary: gvfs gvfs-daemons gvfs-libs gvfs-common gvfs-fuse gvfs-backends gvfs-bin gvfs-dbg Architecture: source all amd64 Version: 1.22.2-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian GNOME Maintainers Changed-By: Markus Koschany Description: gvfs - userspace virtual filesystem - GIO module gvfs-backends - userspace virtual filesystem - backends gvfs-bin - userspace virtual filesystem - binaries gvfs-common - userspace virtual filesystem - common data files gvfs-daemons - userspace virtual filesystem - servers gvfs-dbg - userspace virtual filesystem - debugging information gvfs-fuse - userspace virtual filesystem - fuse server gvfs-libs - userspace virtual filesystem - private libraries Changes: gvfs (1.22.2-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12795: daemon/gvfsdaemon.c in gvfsd from GNOME gvfs opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) * Add only-accept-external-authentication.patch for additional hardening. Checksums-Sha1: 17f2a0846f199aabb692ab548f0db1a559fabcfa 3442 gvfs_1.22.2-1+deb8u1.dsc 73ed1a3249afe0218d2606105ff1d12690218941 1585720 gvfs_1.22.2.orig.tar.xz 553a56ffac0c4d016c35bfbde758f55906cbcc0f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz dfac64f23b07f970ca243bb0b51308b9bff32d72 737576 gvfs-common_1.22.2-1+deb8u1_all.deb 4342bdfbb2cee3e6328e6a62f73f131c224b789c 334254 gvfs_1.22.2-1+deb8u1_amd64.deb 8854679c1c33647a4eb2c53ee767f129fc0806d3 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 67ae88bc37e3b05a368dccecd6b7ea43c0935aaf 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb 71586bf0c187dbab2ebab591e50d553199133e4a 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb 605a7c2baa6edb71b969a2c6870e86a9cd1e8d78 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb 9952ccace0a3907f2e00e4b08f0312ebb204f8d9 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb 24898a9e5e24296b6421ca2792fb8ef333584aa6 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb Checksums-Sha256: 1dcde902c6a35b26e3a6ba16d9eb3105d32fe9f00ec7186291900eee348a3225 3442 gvfs_1.22.2-1+deb8u1.dsc 8d08c4927b6c20d990498c23280017e7033b31a386f09b4c3ce5bedd20316250 1585720 gvfs_1.22.2.orig.tar.xz b42ac53f76d8531b3d00717dec03daae53f02b32521f4afa622db2fe0d4ca17f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz 7fa0daf949148a50dd45e2fb9d12646e3fecc117f63fa9c65dd536f4ac1b341a 737576 gvfs-common_1.22.2-1+deb8u1_all.deb d9cf1f707b455174663c7241d278d22142f37233ac1b0ef5f2fd32e5c2dcd74e 334254 gvfs_1.22.2-1+deb8u1_amd64.deb ee6b145f3816fef7d082070179edad3e9fb3493a976659e3147084a51c81cdb1 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 29ac82d0d917208a73b06d8b5dcf12ed09793e3f8ad1ae3d2d0d43ed6d8662bb 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb 635cfae979743d71f16c8ac03a84f7c4e53859e133630adb4227aec1cc6248a4 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb acabe80b304d54f731d351b1f4f69bc0f7009d7353acc44c96025c82180d7c42 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb b98a5868d301143482999c2952946ac3ea847f73a8fa4e0ef13cda5f5445212e 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb fb38659946ce9c1c572903178d5f76bee162c036ed01e869ba3935397b90e960 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb Files: 406a1561939eb950b99cb40934726bbc 3442 gnome optional gvfs_1.22.2-1+deb8u1.dsc 6b00ec682a6851bcdad7814dd799e228 1585720 gnome optional gvfs_1.22.2.orig.tar.xz 8a8b6296a38f2b4f432cdab91afe0033 19764 gnome optional gvfs_1.22.2-1+deb8u1.debian.tar.xz a919375ed5a8399ee8905315e9624da1 737576 libs optional gvfs-common_1.22.2-1+deb8u1_all.deb 3650a1619b29c7a87f9932b5eb549f64 334254 libs optional gvfs_1.22.2-1+deb8u1_amd64.deb 01222b41abc7415845c66125d6c19d21 354120 libs optional gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 8cbcc9620a58d8e6743f7fe696339d1c 333734 libs optional gvfs-libs_1.22.2-1+deb8u1_amd64.deb 44c6db056cad3f06d38da02a0ffc3daa 255284 gnome optional gvfs-fuse_1.22.2-1+deb8u1_amd64.deb 03d308befe77b382f0605cf235a36a3a 535298 gnome optional gvfs-backends_1.22.2-1+deb8u1_amd64.deb 870d6c7e203154fdc411f6a7cd42962d 276170 gnome optional gvfs-bin_1.22.2-1+deb8u1_amd64.deb a7290672c2bc140afd8f72a54dadc482 1839700 debug extra gvfs-dbg_1.22.2-1+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0KbcdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkkVkQALFV7CK7q0hUwaXrIsrtlg4LVmHhzvg075Za kEIIZJiwU60M6q2IGqkwmDmSIHEoLQcjjsJ3dlcNUjYKQaStC55t1NQmlzps2wEl zqJhQS9hZX2gv6R3RgToKdn1RUP2IPRG3iGK7lO4ZPr9
