Accepted wpa 2.3-1+deb8u8 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 31 Jul 2019 22:44:37 +0200 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2.3-1+deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian wpasupplicant Maintainers Changed-By: Mike Gabriel Description: hostapd- IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Closes: 927463 Changes: wpa (2.3-1+deb8u8) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. . * CVE-2019-9495: only partial mitigation feasible for this wpa version + 2019-2/0001-OpenSSL-Use-constant-time-operations-for-private-big.patch + FIXME: too invasive to backport (or for someone with more time+expertise): [2019-2/0002-Add-helper-functions-for-constant-time-operations.patch] [2019-2/0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch] [2019-2/0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch] + For more details, see https://w1.fi/security/2019-2/. . * Upstream cherry-picks: + Pick 2019-4/0001-Add-crypto_ec_point_cmp.patch, required for applying 2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch [2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch] . * CVE-2019-9498 (partial): + 2019-4/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch * CVE-2019-9497: + 2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch * CVE-2019-9499 (partial): + 2019-4/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch * CVE-2019-9498 + CVE-2019-9499 (FIXME): + too invasive to backport (or for someone with more time+expertise): [2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch] . * CVE-2019-11555 (Closes: #927463): + 2019-5/0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch + 2019-5/0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch . * debian/rules: Forcefully enable compilation of the ECC code (NEED_ECC=y). Checksums-Sha1: 25a0c7541997367a59fa894ad6dc59666e0f47b8 2542 wpa_2.3-1+deb8u8.dsc f6fe1be17cabb673214554bce484210475ef1e9b 106176 wpa_2.3-1+deb8u8.debian.tar.xz 1f8a7e23d56849fe1883719ab5e90b6eef410c42 542120 hostapd_2.3-1+deb8u8_amd64.deb 2fd732a2d21b90ff2d5f6e5adc17012f09a1d5ee 346400 wpagui_2.3-1+deb8u8_amd64.deb 09bf8e319616cdc42d49c1d683a4a9d2f3b2cf8d 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb 46103186388df9e4d213f0fa89bde048ee4469e9 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb Checksums-Sha256: 97681591351f0202fef995ea99c8539005eef798af2800f020bae48020fb4c9b 2542 wpa_2.3-1+deb8u8.dsc 1b704d1b66bc0afbc557424f07da94e9933cbd5be86af3c44179d5be570ee956 106176 wpa_2.3-1+deb8u8.debian.tar.xz eb4cf6f99d14205c902d55f3aa85fa861a9020e11f0fc08b2eff68512066140b 542120 hostapd_2.3-1+deb8u8_amd64.deb b27cae3918e00b67bad81573808b2c95fce468956fb9f49edec69eacaea51733 346400 wpagui_2.3-1+deb8u8_amd64.deb ef607cedeeac2814473f7cc056776c4caa3e85c5e84b5af74289a0b566e4ffe2 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb 6b57333a77dd1a1c6ede53529959a7d3522f87fc8f13b54f632757eaae358535 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb Files: 1ca7cbac88e8eca578c5a3a87f1e309b 2542 net optional wpa_2.3-1+deb8u8.dsc 049d1770d947c77c0d982ae7cf8abaf7 106176 net optional wpa_2.3-1+deb8u8.debian.tar.xz 7d0d222090fc77e10a018a1e236446c0 542120 net optional hostapd_2.3-1+deb8u8_amd64.deb 455eed6db71e5798e538ef8efffb6fe9 346400 net optional wpagui_2.3-1+deb8u8_amd64.deb 1b6cfc7ff176f703de94ce419d56edf3 919484 net optional wpasupplicant_2.3-1+deb8u8_amd64.deb 0c8144990550efc5c1d44553c213c9b9 223632 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1CCncVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxgLoP/RjogEy+y022iSrQuJ965qP+SqQW GURQILqmHEbPNoqJXbvghg88tmwOUK4Kod9e3vQnYd5xuYlIKQr33S6Kt+0wQI0b kRPdZX7q7YOCJwW9UkeQxoF6+F9p5vFqwnoq+p9W2aBtqfJL5i+xURpY2By1lZ4Z 2ch4j7ajPLUXLouTtKLfjYXwcOq3FOoDB0pZtpvcSbp9Q84xRPyRqwXSIWJrMn9g Aqijx7000bqKamHETYi490O1QI7yWbPCGYDxjArsdj8y2F+jK3AFlET8zNsBFQEu aq7XSIOuh6pTW8RPdfWfAOpKZp++bc6t98vX3wmr7KNeGmbcyBy/btK9HvjO0BWz 1gOcWmieTWF2P4SDbImv4tWyQ10nZ5BDxeJCTMuBFq3GYV1mkLotE+tWrFQah/LD Xf0IupPkjHP5QpiIlfhayWTbwMBr60vGK4bKRYY5k4zjoy/bLhrtm8XzWvPqBrxH aEzuKVzpZvAcFxEZgBEYc4ldsWwICccwft5Z9eJ0WlnPqNuT2PPUL4QYnw1ylJrc dbQBb8ajXEsfVQECqjuBMcxVSGGvHkJ57msbmnJ7xnOeKXkWWQZKXqzvX6t+eH/d 4f66mg5zmk8iHgmQq/tkUIZNhiXaMZqtJRUh2Q/UWf9h+cpfUAj1XhA5IQJvchml Si/vjXoYbwHdTKJ3 =jY7m -END PGP SIGNATURE-
Accepted glib2.0 2.42.1-1+deb8u2 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jul 2019 21:33:27 +0200 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam libglib2.0-0-refdbg Architecture: source all amd64 Version: 2.42.1-1+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Mike Gabriel Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-0-refdbg - GLib library of C routines - refdbg library libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 931234 Changes: glib2.0 (2.42.1-1+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-16428: gmarkup: Fix crash in error handling path for closing elements. * CVE-2018-16429: gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths. * CVE-2019-13012: keyfile settings: Use tighter permissions. (Closes: #931234). Checksums-Sha1: af6a8f193794ecd9314a366b88a71629b058ffcf 3190 glib2.0_2.42.1-1+deb8u2.dsc 67f245dda369046c9830d58f8758e1c3f4453db2 70972 glib2.0_2.42.1-1+deb8u2.debian.tar.xz b3cc655624c5d44b5cd7028af9c5e6250c383571 2172070 libglib2.0-data_2.42.1-1+deb8u2_all.deb ed2d29e4c6da51b05c834ebdb47ac7f1a8cc3623 2658912 libglib2.0-doc_2.42.1-1+deb8u2_all.deb 8ed3fcb32e59b820de03538d1034d690b8854dc8 2399588 libglib2.0-0_2.42.1-1+deb8u2_amd64.deb 07d353538d852c15d0c4290b3cd208325671fd10 2248674 libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb f1022b994097b44312b26197607a3ecfd03f2c43 1846094 libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 1d050e589fa72eca304dca0fecec653b014a997c 1335314 libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb c8b091b1d27ad29768a28342c6ff0506f87ce0af 2642332 libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 176ac52f4ea4fb4d54cfaafd96cebd2b8f9d5a0c 6805606 libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb c6390fb8121e565fe9c6d6a14257e0031b6eb0fc 1674796 libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb Checksums-Sha256: eba7e0b10c9e4d40446a3def3099c070e939dd3fc05050503b163e075612e6e3 3190 glib2.0_2.42.1-1+deb8u2.dsc 8047bf3c7b701a873ec773cef551f44ccfc473aea7eae3004d09cd2bd1e4c09e 70972 glib2.0_2.42.1-1+deb8u2.debian.tar.xz 82f594a69a6407cc7682aabb4c4f882430e71d6a719739cbf2b65dcc002f60ef 2172070 libglib2.0-data_2.42.1-1+deb8u2_all.deb 6a8c59fdf5af021b78234acf71bc1ce690a7551c44341269cfe5f70eacf479ee 2658912 libglib2.0-doc_2.42.1-1+deb8u2_all.deb a220e615d5d59150444c4ee10d267f025b3561d3ae52619123c34232b97fd033 2399588 libglib2.0-0_2.42.1-1+deb8u2_amd64.deb c91c068c90c11a3cebd9c04b73d7409bb1481cfc9b5e5db2d6de65c35b305651 2248674 libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb 5a197f8b7460ebcd09b17dcc5630dc42edbbd0c477ab4d1d83a4e52225d0aeb2 1846094 libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 0f3f088e2a66ee7aaa38cb6fdf7709d8afe488c8ede963eb59bb031d5738f6ed 1335314 libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb 2af4533899482c826ba3d64ca5bdb5c4db03959cdcce3ec22146594cae8d99f5 2642332 libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 5570968f288b6ada75733252198bf49b4c5e7eb29e66115bfbec0b6bf00041e3 6805606 libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb bd3b1f096d4c52f37e7643580dd0d385143ab78093afb8f9269e17dc6d28dbe4 1674796 libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb Files: ea49ef7f98d5f20c0ae870eddd02ad63 3190 libs optional glib2.0_2.42.1-1+deb8u2.dsc 9a5ad4264ead70409426f31e99e95978 70972 libs optional glib2.0_2.42.1-1+deb8u2.debian.tar.xz aec1ce037f5435ab7329778f44047b01 2172070 libs optional libglib2.0-data_2.42.1-1+deb8u2_all.deb dc5bd9ccbba3f7baf10a42818be55dfe 2658912 doc optional libglib2.0-doc_2.42.1-1+deb8u2_all.deb 688cd5aaf7bc6d754d253a00b7e9769a 2399588 libs optional libglib2.0-0_2.42.1-1+deb8u2_amd64.deb 51bcc4d54cd5e4a2b8f828730a3d2e67 2248674 libs optional libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb aa898ba5869c2720828a8fa3187e4cad 1846094 debian-installer optional libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 35b3aa3fe85c9e1346947d1cd7417fdf 1335314 misc optional libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb 57c7bad5e856d2adeb52fa02194dfcba 2642332 libdevel optional libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 0e8582282735c862c151023bffebaa59 6805606 debug extra libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb d9f58734cfa2f90fa6c7ea9f1357eb1f 1674796 debug extra libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1BsTIVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxvhgP/ikSsvVvJPSREGmaV0Ry/YP40/mM e7gnWUPuAwMmttAoH
