Accepted apache2 2.4.10-10+deb8u15 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 28 Aug 2019 15:01:48 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.10-10+deb8u15 Distribution: jessie-security Urgency: high Maintainer: Debian Apache Maintainers Changed-By: Markus Koschany Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin apache2.2-common - Transitional package for apache2 libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Changes: apache2 (2.4.10-10+deb8u15) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-10092: Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page. * Fix CVE-2019-10098: Yukitsugu Sasaki reported a potential open redirect vulnerability in the mod_rewrite module. Checksums-Sha1: eddda6e3b62e63fdf82f71244b4807a2baf838df 3432 apache2_2.4.10-10+deb8u15.dsc 66da4aecac639ac9f6af9e1264a7e0209a6df3e5 570580 apache2_2.4.10-10+deb8u15.debian.tar.xz 31c0202d289a619b4cd57847a9018bd2c47b543f 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u15_amd64.deb 75cc4af610f1183a6364ea254a6ba329cc9eab1f 1142 libapache2-mod-macro_2.4.10-10+deb8u15_amd64.deb 3342551cc5eab2928542b183b6ef2ec0da0d4e6a 209044 apache2_2.4.10-10+deb8u15_amd64.deb 5bfdb616634c4aca35c38f6621fcbdc140840e17 162564 apache2-data_2.4.10-10+deb8u15_all.deb 118e6b0a289258994d68ded3ad1e6b746cc0f307 1040362 apache2-bin_2.4.10-10+deb8u15_amd64.deb 5105a5d5b6aeefe1d06a3108ed1280971157c018 1518 apache2-mpm-worker_2.4.10-10+deb8u15_amd64.deb b9b7a8ca77ae3835919d55a70af8d81f08df2d49 1520 apache2-mpm-prefork_2.4.10-10+deb8u15_amd64.deb b87f9f2f69fa050cea63f198c57b962c24e25d27 1522 apache2-mpm-event_2.4.10-10+deb8u15_amd64.deb 7bca32dc4ccf448611ed88a855e106d6357c8c00 1516 apache2-mpm-itk_2.4.10-10+deb8u15_amd64.deb bd80850a35bbd053b349eb72dbea8df5e2734c80 1704 apache2.2-bin_2.4.10-10+deb8u15_amd64.deb 92f3695c9f8e27685b8f2feeb837eadb86b4a402 126122 apache2.2-common_2.4.10-10+deb8u15_amd64.deb 22c5d16ffa532fc6819ffcbaa6fad6cab1a0 196446 apache2-utils_2.4.10-10+deb8u15_amd64.deb ac2f739c3c7ef8dc05fb4d2a6360dddcc98d9762 1656 apache2-suexec_2.4.10-10+deb8u15_amd64.deb 9ea95e1a7c6095ee08f3f9ad1fecd7adb50eb870 131234 apache2-suexec-pristine_2.4.10-10+deb8u15_amd64.deb 4541228726933d757931c3d67fcc269373891cc5 132866 apache2-suexec-custom_2.4.10-10+deb8u15_amd64.deb 13bf97d8cb519d7fcb2df4870865e44a065afcfd 2722672 apache2-doc_2.4.10-10+deb8u15_all.deb 7de4255917f44de3668196e345c0e6188c47a581 283498 apache2-dev_2.4.10-10+deb8u15_amd64.deb 63e9fcdc5c1ab4780773552f3eb72264b0ff5f62 1709908 apache2-dbg_2.4.10-10+deb8u15_amd64.deb Checksums-Sha256: 4d2ad1ec10cb0dd9d04545a90d25d981b55a13e4044196e0aa808cbfdb303a47 3432 apache2_2.4.10-10+deb8u15.dsc 9a1fc3f547ac4d0336ee1fc23cc58d29e84e81075e1b4985e34f54b0882554b7 570580 apache2_2.4.10-10+deb8u15.debian.tar.xz 1544aa138c423f26773605b592bc2b0f4e3ff1f5edcbeab7427c0ae4ed5a143a 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u15_amd64.deb 6b7ef0237b6737c829c3d2d45723ecee66f2354b3f26750c37557a34372910e3 1142 libapache2-mod-macro_2.4.10-10+deb8u15_amd64.deb 4cf9c423d535842e9e3e007f3d8e9d8e18454f80fdbe9b7e8a91a54634936af6 209044 apache2_2.4.10-10+deb8u15_amd64.deb e2408cefb9d69064e716095477a2b359c488d026ab78582d9a35367e0f0c 162564 apache2-data_2.4.10-10+deb8u15_all.deb 451d91133e883af18e105cac2eb72a66027859f9b5e5cc37cf971df2d649c9bf 1040362 apache2-bin_2.4.10-10+deb8u15_amd64.deb 972db8cd3b73b1f780cee11c7618f7967aba7e14bb2356a0e2176201b5192642 1518 apache2-mpm-worker_2.4.10-10+deb8u15_amd64.deb ffb73f28ba41d41337267f8448a44f9f252b38c7d53d00a15c1c4036217a2a28 1520
Accepted faad2 2.7-8+deb8u3 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 26 Aug 2019 09:01:01 -0400 Source: faad2 Binary: libfaad-dev libfaad2 faad2-dbg faad Architecture: source amd64 Version: 2.7-8+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Hugo Lefeuvre Description: faad - freeware Advanced Audio Decoder player faad2-dbg - freeware Advanced Audio Decoder - debugging symbols libfaad-dev - freeware Advanced Audio Decoder - development files libfaad2 - freeware Advanced Audio Decoder - runtime files Closes: 914641 Changes: faad2 (2.7-8+deb8u3) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * CVE-2019-6956: Buffer over read in the function ps_mix_phase() (libfaad/ps_dec.c). * CVE-2018-19502: Heap buffer overflow in the function excluded_channels() (libfaad/syntax.c) (Closes: #914641). * CVE-2018-20196: Stack buffer overflow in the function calculate_gain (libfaad/sbr_hfadj.c). * CVE-2018-20199, CVE-2018-20360: NULL pointer dereference in the function ifilter_bank (libfaad/filtbank.c). * CVE-2019-15296: Buffer overflow in the function faad_resetbits() (libfaad/bits.c). Checksums-Sha1: a177bb049a6d076866a6aad7dffd3022be785f9c 2066 faad2_2.7-8+deb8u3.dsc f07f93911b65ccc665a11af98ee2d13b2842f224 23680 faad2_2.7-8+deb8u3.debian.tar.xz 29e3e3fb0447eebc086068133599c0ab4ba52529 159568 libfaad-dev_2.7-8+deb8u3_amd64.deb d5e9a447d90c512dab9186e40399b72325985b5a 147164 libfaad2_2.7-8+deb8u3_amd64.deb 37657da3c7041b31be0c38a19da80235ace477b0 274982 faad2-dbg_2.7-8+deb8u3_amd64.deb b4026279de78b86f8f3b5639570e692186221665 37038 faad_2.7-8+deb8u3_amd64.deb Checksums-Sha256: a84b321c5547f404badc79707c5401fba19a31981f0fe8d4dc80b7e7f165030e 2066 faad2_2.7-8+deb8u3.dsc 4ffc7d885c2ce7575ae05ec9c0f998d2fd4f659382a36db2d8e63f05c7438dfb 23680 faad2_2.7-8+deb8u3.debian.tar.xz f992d762e8610d9a043bc1ddab800720729becac389c84daae72aeab5966f3ac 159568 libfaad-dev_2.7-8+deb8u3_amd64.deb b96bbde9df6acc08f9deec30c64b9cd2bfd6cc0fd84d1cbdb8b3fcf35a2159e6 147164 libfaad2_2.7-8+deb8u3_amd64.deb 3bc121adc002860f229a7433614e9cc7b20afa5023f0b2abd166c16a6d5995bb 274982 faad2-dbg_2.7-8+deb8u3_amd64.deb a0422f71088179754a64989144982b20e177beda6ce19906fc3b9ba684799596 37038 faad_2.7-8+deb8u3_amd64.deb Files: 10abfc40fcfd1d526ad7b4269c3579c8 2066 libs optional faad2_2.7-8+deb8u3.dsc 744da67fd3111c4cfe115e6a0f1d45e6 23680 libs optional faad2_2.7-8+deb8u3.debian.tar.xz c668663c6d5d75ee6ba45d9de70420fc 159568 libdevel optional libfaad-dev_2.7-8+deb8u3_amd64.deb 0bf8dd590de8bb1d40192224c8ada78e 147164 libs optional libfaad2_2.7-8+deb8u3_amd64.deb a9274d294d9c41e5d085227e2825bbd1 274982 debug extra faad2-dbg_2.7-8+deb8u3_amd64.deb 26fe3a07d4e0ddad00c86bc3fcfc9d88 37038 sound optional faad_2.7-8+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQHDBAEBCgAtFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl1mptsPHGhsZUBkZWJp YW4ub3JnAAoJEBHjBY5eRBpCM4YL/2j7+LKNuDgrbPtGftN2TryUSxbPtbyLsy8+ FRy4lVeRkbawhE2+KqLcX/+1Ckz09R4w2xC8VqTHlJ35qPFCGX4+E0zmdVjhd9Yn AXQKK4ascwh033kQHny602ccx9+5BSVjbW8rq9E8ehF6HzmwnWdlJSKG1zZGOIdr uGlQHpM1Fh7zxAepau3uJ0svE50NN0MQdJ8rR63cfNLsuFb3Lt+DoDN9KKHmiGFY ywwTG908jpLkFWkH1lbeY6EZlU12L5zlYhuqOwe9ij4BVt8KIay5F3HIsYERQN3k TxxHuQK5+wCz8Z54enSX3wvBIlEpPW9FuDOwbINn8/MIyrcj1J9ciwgQ14WU8U6u KeL3O5WT2rhHduW/O1xvpFtYVBYSkdK09vvqDr0NzJWR4GIMwVD2h0dNDMoPbpFK EcVjTx2r37AIQOBYaC3wUgX1+ZZ5hDqZ908wpArCOkNbYcB44qUP8jPf7F+AR7fS Fu61U6YK2ObRyo2yhKdkRXSiG9eXVQ== =Dwgm -END PGP SIGNATURE-