Accepted git 1:2.1.4-2.1+deb8u8 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jan 2020 22:10:30 -0500 Source: git Binary: git git-man git-core git-doc git-arch git-cvs git-svn git-mediawiki git-email git-daemon-run git-daemon-sysvinit git-gui gitk git-el gitweb git-all Architecture: source amd64 all Version: 1:2.1.4-2.1+deb8u8 Distribution: jessie-security Urgency: high Maintainer: Gerrit Pape Changed-By: Roberto C. Sanchez Description: git- fast, scalable, distributed revision control system git-all- fast, scalable, distributed revision control system (all subpacka git-arch - fast, scalable, distributed revision control system (arch interop git-core - fast, scalable, distributed revision control system (obsolete) git-cvs- fast, scalable, distributed revision control system (cvs interope git-daemon-run - fast, scalable, distributed revision control system (git-daemon s git-daemon-sysvinit - fast, scalable, distributed revision control system (git-daemon s git-doc- fast, scalable, distributed revision control system (documentatio git-el - fast, scalable, distributed revision control system (emacs suppor git-email - fast, scalable, distributed revision control system (email add-on git-gui- fast, scalable, distributed revision control system (GUI) git-man- fast, scalable, distributed revision control system (manual pages git-mediawiki - fast, scalable, distributed revision control system (MediaWiki in git-svn- fast, scalable, distributed revision control system (svn interope gitk - fast, scalable, distributed revision control system (revision tre gitweb - fast, scalable, distributed revision control system (web interfac Changes: git (1:2.1.4-2.1+deb8u8) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Apply patches addressing the security issues CVE-2019-1348, CVE-2019-1349, CVE-2019-1352, CVE-2019-1353, and CVE-2019-1387. . Credit for finding these vulnerabilities goes to Microsoft Security Response Center, in particular to Nicolas Joly. Fixes were provided by Jeff King and Johannes Schindelin with help from Garima Singh. Checksums-Sha1: 58c667819e44c0de7817a8758533774924447e0d 2817 git_2.1.4-2.1+deb8u8.dsc a4df0a91cfe9013bb6cb977e2c0327a2d74e37b0 525864 git_2.1.4-2.1+deb8u8.debian.tar.xz c8d7ab6c3cc57741d15a3b52901d479559c91dcc 3224834 git_2.1.4-2.1+deb8u8_amd64.deb 577cb3b51bd089a80de832885933e94ec4ea25ad 1416964 git-doc_2.1.4-2.1+deb8u8_all.deb 7538f40e1f5cd860282bcd2b4dfb1d17ce11485f 590672 git-arch_2.1.4-2.1+deb8u8_all.deb 3204f55509226423aa3648accbb65f512ca205b7 640316 git-cvs_2.1.4-2.1+deb8u8_all.deb bd03d5029d3760af830cd46a2066beeb9cf22b95 664296 git-svn_2.1.4-2.1+deb8u8_all.deb 21c9192201f38f999474d4e11689cbbd6fcf9bed 592934 git-mediawiki_2.1.4-2.1+deb8u8_all.deb 9875b55baa5b1fc2ef2e8aaf41915511af034c65 579028 git-daemon-run_2.1.4-2.1+deb8u8_all.deb 7f6f0c41d31b471060a3c3e7b2ed8c5add6abd83 580080 git-daemon-sysvinit_2.1.4-2.1+deb8u8_all.deb be8ec982ea18cf45b37d4775472c042d89c04e59 596940 git-email_2.1.4-2.1+deb8u8_all.deb 317687f0f0413f50daf6df3aa38cd69da5d87621 768226 git-gui_2.1.4-2.1+deb8u8_all.deb 34254a20ce4f663e32a52af0b4030bffe3e4e8fa 697228 gitk_2.1.4-2.1+deb8u8_all.deb c766a5121e75415ac19afc454b2f93be3d0a343c 581870 gitweb_2.1.4-2.1+deb8u8_all.deb b541a59d3a0f87db03e3aa5517ad645d27715fb1 577374 git-all_2.1.4-2.1+deb8u8_all.deb eb0674b8e49da579d893835e68db345e6897afa9 597128 git-el_2.1.4-2.1+deb8u8_all.deb 854632b5523fd48477f5ac11bd84563d8f4ec6c4 1270134 git-man_2.1.4-2.1+deb8u8_all.deb 2c4ab257b890a96e01ba493f13624db5e9d0c0ee 1494 git-core_2.1.4-2.1+deb8u8_all.deb Checksums-Sha256: 6166d5a5fca03f9be612c5fad2406f0b6a65f60cd1f04bb5600a0924be076a3b 2817 git_2.1.4-2.1+deb8u8.dsc cceceba83fc2106c2b75a5f979d04e700360df8a55628102fe2e08f3bc1c2982 525864 git_2.1.4-2.1+deb8u8.debian.tar.xz 073745ddd64c84fd57fec679198e06a4d7724758dadcb2d2b5f0884498f1c0b1 3224834 git_2.1.4-2.1+deb8u8_amd64.deb 9823cea9b41bd08acaf4dc8aa0aaf39c0a5838f019479e9942f997297e109cfc 1416964 git-doc_2.1.4-2.1+deb8u8_all.deb 729d83bcbb4e4b86c648c2e9f7ff8c38985c1979bfe7e5be1325489fc9768619 590672 git-arch_2.1.4-2.1+deb8u8_all.deb 736fd85e0918bf2b32b306adb37361bf4aec29ea24de6b25879701d358a70098 640316 git-cvs_2.1.4-2.1+deb8u8_all.deb 52cc13a8ef6a4890c2edb42b9760ec0e4c3facfa2bc29ef1230b66a39667cfbe 664296 git-svn_2.1.4-2.1+deb8u8_all.deb 13c978947bd4c836ac7ef3e64aaf04ed784c8a1c810aa818138d52bf6f8b21d5 592934 git-mediawiki_2.1.4-2.1+deb8u8_all.deb 1f5884f28914f49b543c2b2c3ec5821e7b69fc4cc7029607ca94de3f291e8ba1 579028 git-daemon-run_2.1.4-2.1+deb8u8_all.deb 2e4a6f806da0f11a5308d52f713ce78a71cedc0ae27669933a0ef4bd14a456e3 580080 git-daemon-sysvinit_2.1.4-2.1+deb8u8_all.deb f4d49e1488fadd1012d34eb0f6dba4c2e215d2c649f59b1f5a2155265ca1c8fb 596940 git-email_2.1.4-2.1+deb8u8_all.deb bebd438e527ddfeb882b6bae282672c3130b992ac7f619accfc47e5a716d5b47 768226 git-g
Accepted nss 2:3.26-1+debu8u10 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jan 2020 22:25:29 +0100 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu8u10 Distribution: jessie-security Urgency: high Maintainer: Maintainers of Mozilla-related packages Changed-By: Markus Koschany Description: libnss3- Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.26-1+debu8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-17006: It was found that certain cryptographic primitives in nss did not check the length of the input text. This could result in a potential heap-based buffer overflow. Checksums-Sha1: f5f7db1907dd28d9621cabdeeb38e42d8b067d74 2407 nss_3.26-1+debu8u10.dsc cec14d7a49fbe347dc73d8c37511622407754e75 44532 nss_3.26-1+debu8u10.debian.tar.xz f34dc204ee54075431232d523ffe4e16888e5440 1174614 libnss3_3.26-1+debu8u10_amd64.deb 9adcc86312a2ab1c051c08c73f44cb9af0f64565 19160 libnss3-1d_3.26-1+debu8u10_amd64.deb bc21870824f076e1e12dcfb6e790afc28ec06bcc 785230 libnss3-tools_3.26-1+debu8u10_amd64.deb e822ea9fab620910b7c53f5ca5917eb876dbe9e2 241930 libnss3-dev_3.26-1+debu8u10_amd64.deb c7ed449dc016fb1b6813f2990b1c8f358deb0578 8198842 libnss3-dbg_3.26-1+debu8u10_amd64.deb Checksums-Sha256: 976720de01e3f710b99116424d325c117f91f0c5bc1a7773f71893de705363a6 2407 nss_3.26-1+debu8u10.dsc 184920f181118ef397e4670a2c5324a9281ec2fe12449d2fc45423de457a996d 44532 nss_3.26-1+debu8u10.debian.tar.xz 6a3e4df1d3efaaf087e8399bc7c45c75bb98ce43ebf083b1819518ea4087f55a 1174614 libnss3_3.26-1+debu8u10_amd64.deb 59823a674ecabcea3d002c25b30a56006f337a36998928202c7ee507be076a9e 19160 libnss3-1d_3.26-1+debu8u10_amd64.deb aa7ca366538fb9e7cbf8596ae18da64182e0b1c8925b81b28cd40b22f215 785230 libnss3-tools_3.26-1+debu8u10_amd64.deb ec8af40d3b692dbb73553673844f75dbfc49ae10351039d3477db99ba1f1149b 241930 libnss3-dev_3.26-1+debu8u10_amd64.deb e5118472aaa17cd26e92d073834cdb4e919c68d8cbd6cd551374f08056335d5d 8198842 libnss3-dbg_3.26-1+debu8u10_amd64.deb Files: 8c4de8ecdda21c362929b49e93ceb7cc 2407 libs optional nss_3.26-1+debu8u10.dsc f69037fd2509f8f1f8beefee34cf750c 44532 libs optional nss_3.26-1+debu8u10.debian.tar.xz 90c6c8689c4d7c0f7a53afbaf243bce5 1174614 libs optional libnss3_3.26-1+debu8u10_amd64.deb 5a00b441760e1dd63a1c796fcb408855 19160 oldlibs extra libnss3-1d_3.26-1+debu8u10_amd64.deb 8933966fe03c515997d1d6a5b9675fc9 785230 admin optional libnss3-tools_3.26-1+debu8u10_amd64.deb 901d24ceb0337afb60244770c6feb3bc 241930 libdevel optional libnss3-dev_3.26-1+debu8u10_amd64.deb 7a9e39f8b4aa60d7c20e918c93e6bbf3 8198842 debug extra libnss3-dbg_3.26-1+debu8u10_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4Tt8FfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3KEP/0hq6oa5/mPdj22MSEh6ynP/1kBcEVH53eOg /MHxXZGB4+nGFtGGN2WSf4jp020StJg6rUqKmV3SThwsx3oqIUSqLZC8snnVfcgS V22LBIqhKtOsb4LEeTIuBRsb+KHgiOtgF0m9VSTh6J4Iqv+Wgn5rYeiW9IBRaIu8 EcKc/7us6p69FYr924M8LXk+d3kMLnubBb4vUVxOxX2DT4Jahb8wnjj+eb7/85zA uHCRs/MqIaZFZaoEUaPWzO6UFF1Bmsk+59j9GUqthdMFknUIlIO/cBP/Q6tBZ31o QvWdH1+wcjy4mu0B9y6AjBCLtjYfOhVg9OBPTfBV4NwlWcGOAeWYSpjVimCw/chw HsG3N6VpfHKrG6p3Si6N/LRAQglewsI+gVUOSwmigYfizsOwK7dpNOi8BLYKY1tJ /Gl5xZcJxqUTKERc58v8uyxl5ykSFxtYSy5ZCYBnL7oDqtfieMrNjQnsBQryEx3r q/Cq8uvAHEBexNXMnzwuVJCb37+Uh6udTInLfPP9zzot/fTCFTrHBsg1tCAkv+qF uoDFv0fuNUWRVQ9Nnjq5U8b75sQaVO/goF0hFWVMzxt+Xeml2uNQkqXf4Ywv3/2O BrcFtRpaVMiCNnFs57ip24nWNp8+WGQYngrqLlI3uhQGqxf1ubIiE1M1TA3mDCLz JVkIQnpJ =8p2j -END PGP SIGNATURE-
Accepted pillow 2.6.1-2+deb8u4 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 06 Jan 2020 16:31:19 + Source: pillow Binary: python-pil python-pil-dbg python-pil.imagetk python-pil.imagetk-dbg python-imaging-tk python-sane python-sane-dbg python3-pil python3-pil-dbg python3-pil.imagetk python3-pil.imagetk-dbg python3-sane python3-sane-dbg python-pil-doc python-imaging Architecture: source all amd64 Version: 2.6.1-2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Matthias Klose Changed-By: Chris Lamb Description: python-imaging - Python Imaging Library compatibility layer python-imaging-tk - transitional dummy package for smooth upgrades to python-pil.imag python-pil - Python Imaging Library (Pillow fork) python-pil-dbg - Python Imaging Library (debug extension) python-pil-doc - Examples for the Python Imaging Library python-pil.imagetk - Python Imaging Library - ImageTk Module (Pillow fork) python-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (debug extension) python-sane - Python Imaging Library - SANE interface (Pillow fork) python-sane-dbg - Python Imaging Library - SANE interface (debug extension) python3-pil - Python Imaging Library (Python3) python3-pil-dbg - Python Imaging Library (Python3 debug extension) python3-pil.imagetk - Python Imaging Library - ImageTk Module (Python3) python3-pil.imagetk-dbg - Python Imaging Library - ImageTk Module (Python3 debug extension) python3-sane - Python Imaging Library - SANE interface (Python3) python3-sane-dbg - Python Imaging Library - SANE interface (Python3 debug extension) Closes: 948224 Changes: pillow (2.6.1-2+deb8u4) jessie-security; urgency=high . * CVE-2019-19911: Prevent a denial-of-service vulnerability caused by FpxImagePlugin.py calling the range function on an unvalidated 32-bit integer if the number of bands is large. (Closes: #948224) * CVE-2020-5312: PCX "P mode" buffer overflow. (Closes: #948224) * CVE-2020-5313: FLI buffer overflow. (Closes: #948224) Checksums-Sha1: 8b8b925126a355a3656dc902ad981e66c4c6a3d4 3010 pillow_2.6.1-2+deb8u4.dsc 1f2d7e2a88cb59664fa61d3d360f4e1c624dc6ad 7299315 pillow_2.6.1.orig.tar.gz 572c38271baa77fe9b780ea2e95737cc58bff30e 218328 pillow_2.6.1-2+deb8u4.debian.tar.xz 0a2377ca7c070999179e5d2ede8151b82eabb580 8394 python-imaging-tk_2.6.1-2+deb8u4_all.deb 1f49b7874fd401e8dfe293abea00909b8e058f06 19830 python-pil-doc_2.6.1-2+deb8u4_all.deb 1c25fdf44f716a02476476728b29f1c48c653acb 10024 python-imaging_2.6.1-2+deb8u4_all.deb 8bc7c67c97dad8d6fd6455c790db43929e670dad 304916 python-pil_2.6.1-2+deb8u4_amd64.deb 9c7ec6714ae4615d62fa005b10ad42703b787908 437544 python-pil-dbg_2.6.1-2+deb8u4_amd64.deb 534b56a63df1a5d49afc99b904b78e2f003fe3f1 14004 python-pil.imagetk_2.6.1-2+deb8u4_amd64.deb ad59e30a1110679ecfa9ffc85fdd66e23c3fa820 13116 python-pil.imagetk-dbg_2.6.1-2+deb8u4_amd64.deb eb39901909c47f0837018d96fccf430d8b3b42d4 25198 python-sane_2.6.1-2+deb8u4_amd64.deb 8d401bc82cf21447b2a90b5afa2a5ac6929e325f 29802 python-sane-dbg_2.6.1-2+deb8u4_amd64.deb 8e02da70bf00b1af1b6327ee87b71de7160b1820 304994 python3-pil_2.6.1-2+deb8u4_amd64.deb d774576bf42683587822d6c971d5d9b005ac43fa 442838 python3-pil-dbg_2.6.1-2+deb8u4_amd64.deb 0d7ae0ba44b393a2868daccf74edc738f025b784 14070 python3-pil.imagetk_2.6.1-2+deb8u4_amd64.deb d5a9354a3678d36c03a0658a0a083a3d7848dce7 12996 python3-pil.imagetk-dbg_2.6.1-2+deb8u4_amd64.deb 0f1accd6fe3ce4334100d0e7b990d8537a149c28 20900 python3-sane_2.6.1-2+deb8u4_amd64.deb 6613481633bceb3e533b5894674bddaa2febf979 30890 python3-sane-dbg_2.6.1-2+deb8u4_amd64.deb Checksums-Sha256: e7bc51a8e1a1dd99fa605adb9c42fbb8b30f9c2a92aa01c90d7fac91274908b9 3010 pillow_2.6.1-2+deb8u4.dsc 78647bc8980c98f9d57659083c7a7e30d6a8bdd2c385f5b250f301e85a6acbad 7299315 pillow_2.6.1.orig.tar.gz 9be9f122f6bffce33e2fc001bf7e6f1e50c724b456acb5029d9a4b4f2fb98e80 218328 pillow_2.6.1-2+deb8u4.debian.tar.xz 939b5b09b4873aba5403a506f0af0ceef1691edf3ebcb0ea149e4abede6f1123 8394 python-imaging-tk_2.6.1-2+deb8u4_all.deb fcd53e656d27b8d58d3962158b2dfb9cac08de81a9cf7e2132a269cf98b055f8 19830 python-pil-doc_2.6.1-2+deb8u4_all.deb 49e3f41a719f157205c7a29c5242b3065c0f8483ad735a97f80de7043020 10024 python-imaging_2.6.1-2+deb8u4_all.deb 389ff116db58a40a467ad8a6f50c780bf418fc5d12b5cb6c42ca8ddb7e55ba57 304916 python-pil_2.6.1-2+deb8u4_amd64.deb 365faf39a3e4d259dc8e49032ac7bfbe61921b6a5a23261e40da0d75e7eca536 437544 python-pil-dbg_2.6.1-2+deb8u4_amd64.deb dad68e1a220dffe14e249e92f28eaeb75e0fa9339e94a9fbfbb23d7211fc3035 14004 python-pil.imagetk_2.6.1-2+deb8u4_amd64.deb 1e9e92d37318b6122da1a4e40ccdbc0023d1dfcd61470b4fec29252ef34d0b9e 13116 python-pil.imagetk-dbg_2.6.1-2+deb8u4_amd64.deb aba6df111208a5e50494849decec20424db5d2ec4eb65e28de0e9cdb7f520ed3 25198 python-sane_2.6.1-2+deb8u4_amd64.deb 97d7d3c43cb253415c8e843f804b527f1b61980d0e2bd7cc526fa2054b9f064a 29802 python-sane-dbg_2.6.1-2+deb8u4_amd64.deb f45552e380fbb1fc38e8b1d6fcf4c447