Accepted gthumb 3:3.3.1-2.1+deb8u2 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jan 2020 09:45:43 +0530 Source: gthumb Binary: gthumb gthumb-dbg gthumb-data gthumb-dev Architecture: source amd64 all Version: 3:3.3.1-2.1+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Jackson Doak Changed-By: Abhijith PA Description: gthumb - image viewer and browser gthumb-data - image viewer and browser - arch-independent files gthumb-dbg - image viewer and browser - debugging symbols gthumb-dev - image viewer and browser - development files Changes: gthumb (3:3.3.1-2.1+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2019-20326: heap-based buffer overflow can potentially execute arbitrary code via a crafted JPEG file. Checksums-Sha1: c6fad92b597dd45f86b575c360e9c1acf9e15333 2657 gthumb_3.3.1-2.1+deb8u2.dsc dc4d16b975933ce6ff8795275dea59d93e12d90b 28392 gthumb_3.3.1-2.1+deb8u2.debian.tar.xz 687770f5f696f019b62b8b8f4aa035d643fe2bd7 844682 gthumb_3.3.1-2.1+deb8u2_amd64.deb b0d3b2fd0dd386bc87a0786052aefe64370525a0 3301274 gthumb-dbg_3.3.1-2.1+deb8u2_amd64.deb a55066bd24e54f704ddcb02bd32ddae2545d4832 1691346 gthumb-data_3.3.1-2.1+deb8u2_all.deb b9dd3d2371344c8566cbeffb50ed251564b1d53a 560964 gthumb-dev_3.3.1-2.1+deb8u2_amd64.deb Checksums-Sha256: 6823f942f6476e184e4b1cdf6091e1bf296131156f806090363979bb8e8423ad 2657 gthumb_3.3.1-2.1+deb8u2.dsc f1c8f0038a4c3609df2f42e8d8b0e5206c9ea0e62935a0b2875de1bde37367d3 28392 gthumb_3.3.1-2.1+deb8u2.debian.tar.xz c3cae60f08f216747b9505317d590805666c252ce148a832001bcf3b535b5a24 844682 gthumb_3.3.1-2.1+deb8u2_amd64.deb 70a0a9bfb50f7634821d554f87986eaeb4c75c9818741ea878b4b12ae76bf1bb 3301274 gthumb-dbg_3.3.1-2.1+deb8u2_amd64.deb 9930a4d89cb6425a5b4deabb7c695c2aff3e5d3e4f466196fd5ac11178a2beae 1691346 gthumb-data_3.3.1-2.1+deb8u2_all.deb 18d66873b19a71f29ef74b7a9b2203a150ce387ad88bec0254948b36c13480cc 560964 gthumb-dev_3.3.1-2.1+deb8u2_amd64.deb Files: 8c367e66a1f74669ec6802b62c555249 2657 gnome optional gthumb_3.3.1-2.1+deb8u2.dsc b74b423c443b302a97e391ef919fb61c 28392 gnome optional gthumb_3.3.1-2.1+deb8u2.debian.tar.xz d085f0c19ce4ab68127baa1896f91344 844682 gnome optional gthumb_3.3.1-2.1+deb8u2_amd64.deb 5d92f4c6bcfc5ecbb8ffab1a9c37fa22 3301274 debug extra gthumb-dbg_3.3.1-2.1+deb8u2_amd64.deb 8ce9240397889e151eb1e62837caf8fb 1691346 gnome optional gthumb-data_3.3.1-2.1+deb8u2_all.deb 9ed238b600733b06aa35c3dc46f25a5f 560964 devel optional gthumb-dev_3.3.1-2.1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl4cCAIUHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO+s6w//Qy9EOWUKV9qBnoK/LQJer8+4/KVj AMG9LzfojM1MKLtt0Us9+7yQtUtotaXSytpz8FoIYJeCnBMxHF2pIiDl2d1tL4NX dSNWg0r4HSKeLNqK5aYl52V3+x6R29rXb89dQ7AXJerbHD6g+JdYYReyPCu+Qgzn 1nVzUUDrdjS4E1B+WrZPj3n/5xlVkAt8I7szirm/WLfR2BX589ulW4akJWeldOMf 4wwsVC160ReS1MCfVKtyFGsThxedsk9zSmRC40O7yM6NZmmCzd/c75Bpcer3yqfY mOtPoYW583/oXSWTUYV+uDvT0DAA0pNCcaL0xuAqz03w7rovhmfOpd9QZd81BQ3h +i495psaXVgKh18fa1u4XeH5s/I8gJvM5D4t3ZQBds5Kebr/2+4KYxtSL4j4rlIU I/RyGvamIZk5BNnQNu1z1Xkbld7VHVOTujYyiuHuMzgJnRm9ihXd6nbXXW2BEJuI XVpZFp69L87nKHRHZO+F1J6gAElcPqorGameSzV5RBdFmvlVb5RM3db/AE9wDKUq HlPzHknnNz7lDXT2Oy6XA8E9LMvvmyb5as/KZPUXX22iKX6iRaLiP2UsaCriKEik sbdM/0zqKQ/jHujXSsbDnPI2DpvVVdHtrebNgqFVd18sOLeurynxGMTvzB/g35tg 0MyIw+cfEDPLCx0= =pdaG -END PGP SIGNATURE-
Accepted apache-log4j1.2 1.2.17-5+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 12 Jan 2020 20:05:50 +0100 Source: apache-log4j1.2 Binary: liblog4j1.2-java liblog4j1.2-java-doc Architecture: source all Version: 1.2.17-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: liblog4j1.2-java - Logging library for java liblog4j1.2-java-doc - Documentation for liblog4j1.2-java Closes: 947124 Changes: apache-log4j1.2 (1.2.17-5+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2019-17571. (Closes: #947124) Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. Checksums-Sha1: b97d045743a2401bcb549ef52c2ea702f330a6f9 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc 4a988a8b03f4e907327a225b50c5f27f8600e287 552081 apache-log4j1.2_1.2.17.orig.tar.gz 5078f987537d527655a387ad70049280d2bc4265 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz b2b18ac5e4b840e58ed8e3518b901a3075a1698e 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 53b346cb9617c3c5888d8c3351cd42dfc85e1540 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb Checksums-Sha256: d1f87fec3dc512bbc9f21e5bf87a12e3b7f19aab787cbef2959fc6490b79a4fd 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f 552081 apache-log4j1.2_1.2.17.orig.tar.gz 260356e11185e61c4b5779b5ecddae1aa4c5711ac39dfe270840747bd353dcb2 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz 8b2ddea91c54bbf9572085f5ca0753a0c9aaef3036bbf618848a2cf43fa11769 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 143bca203cb0b967663fce58fb2687981566f525913e8f9332dd489c70f87886 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb Files: 1b3be4482bd1fc23e39fd46962416635 2485 java optional apache-log4j1.2_1.2.17-5+deb8u1.dsc 9a5f6f7ee471525673a647d86f311e22 552081 java optional apache-log4j1.2_1.2.17.orig.tar.gz b3194e47fc3407658b2079e4f926 9684 java optional apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz 58b38248d1d6f125aa804a0201b70211 387006 java optional liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 78f1988a9d038f59919c9c6c6a05bba1 260794 doc optional liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bcNZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkEMcP/imWIeii7O0tN6R7oAee0EdxLgDZvu7ZYGbi q3+uWMG11K4gjG821KJaiwzPn4U9DJW6lymlYMspLU7bQ2s7YJ+3KYbCqHs60F6E vy1VQXY1ZkWK0NPGCQUZ4fSqCVe0mSoS/4LD/obEbpl+AXvroNVK6PRLgT91vsyF oLtKMyHBcs30zDP5ld5EWhk87TqrHmARgVpnBkI9VTy4Cvi2jfgjqKsPYmEsID3T heY1f7PoL8qTHHo8/ug3CvuAv4b6vOtJPUy7eUNhZQa/ilk0CU0O/AlViV03BrTU WXwojWbm7bEYZbCrmqVHa1B+ORY4fqMu+aTmwUqW5Vx4WGUFQVcxV9PjtjUkiHc2 iGKSk7yLIbOr+7Db2RCFQPw9i6GetpZS1IA/Tj67vjpPn/oDkcqQsp7Q/DdPnS8T E2FDKySzZnod3QN2yMVOU6+Z7DWDg38ErDZtDIIR4i2PYnDvmj4uQyw6ZiPwYzno wVnhf34mj9W17dvdPmy5pk08Nzc7Jo4G0muC61aY2tgRTJOX7gToLmkkG4D0WFwV ZgHVi8zNmpKQU42ukTd0VqU3NM31VLwh8gQyXP82CaNLK6ZqYnRsANNJlz9baHzx fz9StTr8erYhr0gjFTlBkxMG7Pbm3ffpfu1Bi4ILhml9o7tp1M/5zyqlcXNvkMNb mlEfrpaL =03Yw -END PGP SIGNATURE-
