Accepted linux 3.16.70-1 (all source) into oldoldstable, oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Jul 2019 22:26:07 +0100 Binary: linux-doc-3.16 linux-manual-3.16 linux-source-3.16 linux-support-3.16.0-10 Source: linux Architecture: all source Version: 3.16.70-1 Distribution: jessie-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Closes: 931307 Description: linux-doc-3.16 - Linux kernel specific documentation for version 3.16 linux-manual-3.16 - Linux kernel API manual pages for version 3.16 linux-source-3.16 - Linux kernel source for version 3.16 with Debian patches linux-support-3.16.0-10 - Support files for Linux 3.16 Changes: linux (3.16.70-1) jessie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.69 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.70 - staging: iio: adt7316: fix register and bit definitions - staging: iio: adt7316: invert the logic of the check for an ldac pin - staging: iio: adt7316: allow adt751x to use internal vref for all dacs - [armhf] clk: highbank: fix refcount leak in hb_clk_init() - [armhf] clk: socfpga: fix refcount leak - [armhf] clk: samsung: exynos4: fix refcount leak in exynos4_get_xom() - [armhf] clk: imx6q: fix refcount leak in imx6q_clocks_init() - [armhf] clk: armada-370: fix refcount leak in a370_clk_init() - [armel] clk: kirkwood: fix refcount leak in kirkwood_clk_init() - [armhf] clk: armada-xp: fix refcount leak in axp_clk_init() - drm: Fix error handling in drm_legacy_addctx - RDMA/ocrdma: Fix out of bounds index check in query pkey - selinux: avoid silent denials in permissive mode under RCU walk - crypto: pcbc - remove bogus memcpy()s with src == dest - media: v4l2: i2c: ov7670: Fix PLL bypass register values - crypto: hash - set CRYPTO_TFM_NEED_KEY if ->setkey() fails - crypto: tgr192 - fix unaligned memory access - [armhf] ASoC: imx-sgtl5000: put of nodes if finding codec fails - hpet: Fix missing '=' character in the __setup() code of hpet_mmap_enable - [x86] applicom: Fix potential Spectre v1 vulnerabilities - rcu: Do RCU GP kthread self-wakeup from softirq and interrupt - tty: ipwireless: Fix potential NULL pointer dereference - ext2: Fix underflow in ext2_max_size() - devres: always use dev_name() in devm_ioremap_resource() - crypto: testmgr - skip crc32c context test for ahash algorithms - splice: don't merge into linked buffers - scsi: target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock - USB: serial: cp210x: add ID for Ingenico 3070 - media: uvcvideo: Avoid NULL pointer dereference at the end of streaming - crypto: ahash - fix another early termination in hash walk - bcache: never writeback a discard operation - bcache: treat stale && dirty keys as bad keys - jbd2: clear dirty flag when revoking a buffer from an older transaction - ext4: fix check of inode in swap_inode_boot_loader - ext4: update quota information while swapping boot loader inode - ext4: add mask of ext4 flags to swap - parport_pc: fix find_superio io compare code, should use equal test. - ext4: fix crash during online resizing - [x86] iscsi_ibft: Fix missing break in switch statement - [x86] tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete - [x86] tpm: Fix off-by-one when reading binary_bios_measurements - serial: 8250_pci: Fix number of ports for ACCES serial cards - serial: 8250_pci: Have ACCES cards that use the four port Pericom PI7C9X7954 chip use the pci_pericom_setup() - USB: serial: ftdi_sio: add ID for Hjelmslund Electronics USB485 - cdc-wdm: pass return value of recover_from_urb_loss - libertas_tf: don't set URB_ZERO_PACKET on IN USB transfer - drm/radeon/evergreen_cs: fix missing break in switch statement - [x86] KVM: mmu: Do not cache MMIO accesses while memslots are in flux - fs/nfs: Fix nfs_parse_devname to not modify it's argument - [armhf] clocksource/drivers/exynos_mct: Fix error path in timer resources initialization - [armhf] mmc: omap: fix the maximum timeout setting - btrfs: init csum_list before possible free - ALSA: bebob: use more identical mod_alias for Saffire Pro 10 I/O against Liquid Saffire 56 - Btrfs: fix corruption reading shared and compressed extents after hole punching - NFSv4.1: Reinitialise sequence results before retransmitting a request - 9p: use inode->i_lock to protect i_size_write() under 32-bit - net-sysfs: Fix mem leak in netdev_register_kobject - ip6mr: Do not call __IP6_INC_STATS() from preemptible context - CIFS: Do not reset lease state to NONE on lease break - nfsd: fix memory corruption caused by readdir - CIFS: Fix read after write for files with read caching -
Accepted libsdl2-image 2.0.0+dfsg-3+deb8u2 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jul 2019 16:05:46 -0300 Source: libsdl2-image Binary: libsdl2-image-2.0-0 libsdl2-image-dbg libsdl2-image-dev Architecture: source amd64 Version: 2.0.0+dfsg-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian SDL packages maintainers Changed-By: Hugo Lefeuvre Description: libsdl2-image-2.0-0 - Image loading library for Simple DirectMedia Layer 2, libraries libsdl2-image-dbg - Image loading library for Simple DirectMedia Layer 2, debugging s libsdl2-image-dev - Image loading library for Simple DirectMedia Layer 2, development Changes: libsdl2-image (2.0.0+dfsg-3+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2018-3977: buffer overflow in do_layer_surface (IMG_xcf.c). * CVE-2019-5052: integer overflow and subsequent buffer overflow in IMG_pcx.c. * CVE-2019-7635: heap buffer overflow in Blit1to4 (IMG_bmp.c). * CVE-2019-12216, CVE-2019-12217, CVE-2019-12218, CVE-2019-12219, CVE-2019-12220, CVE-2019-12221, CVE-2019-1: OOB R/W in IMG_LoadPCX_RW (IMG_pcx.c). Checksums-Sha1: 1b248c08e24f66dfb3365ba42487a4077019403d 2185 libsdl2-image_2.0.0+dfsg-3+deb8u2.dsc 8dd4f7a28d4ad5f29adc857c80e24797753f8451 10856 libsdl2-image_2.0.0+dfsg-3+deb8u2.debian.tar.xz ceba00cd143d7e66e8c2b7944940c5fd6d936903 45702 libsdl2-image-2.0-0_2.0.0+dfsg-3+deb8u2_amd64.deb 33e41059fc6dc91de7f28e2fe840b781596ec84f 90926 libsdl2-image-dbg_2.0.0+dfsg-3+deb8u2_amd64.deb f346c39deb0f98a2016bb4fa521abb573cd94950 49582 libsdl2-image-dev_2.0.0+dfsg-3+deb8u2_amd64.deb Checksums-Sha256: 2a1a852aa36ef28cc634fd4d2b3c224eb3aea20add50abbebfe225ac0bebd8fe 2185 libsdl2-image_2.0.0+dfsg-3+deb8u2.dsc 74759f093dd07bc301704b2b0a9e1ce6e9c0f392f05bc799bdf5c984a1fbcda0 10856 libsdl2-image_2.0.0+dfsg-3+deb8u2.debian.tar.xz f2b363e9acf6158ef9bc3a83373b1ad17950bef7d4ef98d71349c6e7219308b1 45702 libsdl2-image-2.0-0_2.0.0+dfsg-3+deb8u2_amd64.deb 0fdfcd28c9ace70d1e7fb695cd1a9b1109b480e99d0046a9197710bd4c05d8bf 90926 libsdl2-image-dbg_2.0.0+dfsg-3+deb8u2_amd64.deb ab5d82f83e3937c098f221a7e7f3fb8d8f6828dc5935265dd9f52d944a89516e 49582 libsdl2-image-dev_2.0.0+dfsg-3+deb8u2_amd64.deb Files: f375838402c670c5300bb5fce95d8270 2185 libs optional libsdl2-image_2.0.0+dfsg-3+deb8u2.dsc 4201fd9d0e002e7aafd87638670d36cf 10856 libs optional libsdl2-image_2.0.0+dfsg-3+deb8u2.debian.tar.xz c466fe7d88e4fc5074b0993f0bd3d344 45702 libs optional libsdl2-image-2.0-0_2.0.0+dfsg-3+deb8u2_amd64.deb 04c0525b5974079e7229f5c7e7c9518f 90926 debug extra libsdl2-image-dbg_2.0.0+dfsg-3+deb8u2_amd64.deb 3a43b62e4972adc7ee3d5e6f844805ac 49582 libdevel optional libsdl2-image-dev_2.0.0+dfsg-3+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl018AYACgkQEeMFjl5E GkJxlwwAl8YInhXT5kw0dQW4967FkB4oqHMOI1volEQDk4VveNMco8Gfvn3RMuvl VU8Xrf1XqauCFSac3EGVYGtXiUNhHIe4o85GIXSg6XgbeN+L6zd+7UY41Vhkb2pG YEnrJ9Q0ZkBz/e02s/w9mhVBHYIsODmeHsc0xuY8mBQJy72XydAVqJcia5kDHaQs v0OSv8Bi2vGJWWoQ1Pw88QCjnbpzK4f9+KVWUXfVgydf8BpFOCZoQksTIOfQiF5w akVsQeBGXrzxbOvnXxrx2zPEy1QP678MsAjzwHeJTK0up3EWToSLyvqxNdx2D16Z pGagXeREgFWeFJ8efFbJ6uIBiIiMzY1izkk5NRYGEfvQgLNUH5nBqLHdIJcbRv/O f4DUQ35aEe5x5zdhvF0Oed8sJPXr2eLpEwes1kQyj1jyVN4yHIQecfdbOeU9+h2C QfH0ibEx5E7KyV3SR5259lZHcwP0UZ7DLRIZFtb07pUXIf34J9sbVB+tlBOQvjEi cbOB3322 =VCHZ -END PGP SIGNATURE-
Accepted libxslt 1.1.28-2+deb8u5 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Jul 2019 14:28:55 +0200 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.28-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group Changed-By: Markus Koschany Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-4610: Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2016-4609: Out-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2019-13117: An xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. * Fix CVE-2019-13118: A type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Checksums-Sha1: aa5240d20fc7fdfbccdb19ae503fedd3ff38909c 2554 libxslt_1.1.28-2+deb8u5.dsc 5d9ffef4479418f254545dbd59648e6ec4efaf89 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz 2888e99c3af44d7cc916bb588f5f9ad6d99d1ce2 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 4997eb9da7f12c1eab754a7ecfa1226b9719abe4 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb c70e6e9f9ba4a742f77e7da0ca8325b86dfac79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 1aaca9459be4d495fc749be484f46455d9ae9402 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb bc8edafe4cf996128dc07c5c1b52277ecfe4f373 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb a1a33e3b8a3b52920de69e830fa6f70bde6aa56b 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Checksums-Sha256: 07e3b5c407fe8b16a149016c644564f8fd8f5e028d23c0908b8342aeb29dc8ec 2554 libxslt_1.1.28-2+deb8u5.dsc b16233b1c69d3d46b0c5354e50e1bde721101ebd5af8b36797a076f4b60aa095 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz b8725bbac6039f3d3349ef9ce0b2d605a94d96e6c113b72136d986dbcf6dd1ed 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 2aaee466be04abdaeb2505bccafc5cc1ef45e27f26e2bc3e47cf17544d854c92 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb 3a0ac8cffde48a68e1c7d81337a02395b48abe86f3050739e7ee5ed56cb1f79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb aef7168c6243d5376457c01dec1b226f1527e2bec342afd1a99deaac48ce69a9 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb 16a9620dba9f4d9e267b5ef4fd6af5a58d746f7b5a34c1d1ffb6e9882df6ec9e 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb 0c99004aa2f250cc94519831260075857de76dd7233071c9222f96c6c0f5da3f 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Files: 8f5410d80471a408a166e90286a3fb2a 2554 text optional libxslt_1.1.28-2+deb8u5.dsc a71ce544bd4154da94c7a97beb5daf40 40992 text optional libxslt_1.1.28-2+deb8u5.debian.tar.xz fc9cabc797e42428784a010424ae3c7b 232996 libs optional libxslt1.1_1.1.28-2+deb8u5_amd64.deb df5e523058d21b2eec8e0e1ec958c0fe 513812 libdevel optional libxslt1-dev_1.1.28-2+deb8u5_amd64.deb df538b575fcbfccadf6a7ab2022dec4b 480192 debug extra libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 42a50d14da380f4fc48f715d58c93646 119062 text optional xsltproc_1.1.28-2+deb8u5_amd64.deb 0c0673ce58b900533946818465112c8d 139576 python optional python-libxslt1_1.1.28-2+deb8u5_amd64.deb 559f25ab7eca07a1152fbac3f0aa4d8e 222380 debug extra python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl01uQtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqQkQAKohZX21KCGorNfYkCfPsjEvUptkxBlp0gEQ Y8JrYr6MTVaAd27Db2/Lgz6gf0KpO1fMKJ4KA0O6+r2fU3vGzMIcIWxZ8926ndT6 R+CJQL7clBgq27EY/cSpAhbxvKyzUuqpm758nNdRQbmfk4k8acx6fhMyM0AOVxMu HX8GgNl8vUi17XWEVPpBYwdzFMR4EQ6AhIo681UWaL+Ms2NX9C71f3I6QK6BVqib WaxXvCs+Ry/+o+oJ1stlc8t+V5/FxwhQpwQG5eb4M/5zj3W598Qv9VP7aiqqRMsL DUltiWNpHQVoAHLvfehYO9BzCx6qri8onPk8aqaovCSPO4+crwtgCtpLPZgX2tSA Ey9bWSRgZfQ80L0oWq7ScY41YcH+jPHl4/5/J2MJGwQlj1Odt5I1jDDcXDoK2dmz 3CLw6GOxNYdb4mHsziY4YoieSScLdC0Bbn5xzbLIY2EgRejCkHRVZlzNtwoPAwbM