Accepted libgd2 2.2.5-5.2+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Mar 2024 19:03:02 +0100 Source: libgd2 Architecture: source Version: 2.2.5-5.2+deb10u1 Distribution: buster-security Urgency: high Maintainer: GD Team Changed-By: Thorsten Alteholz Changes: libgd2 (2.2.5-5.2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-40812 fix for an out-of-bounds read due to lack of return value checks. * CVE-2021-38115 fix for remote attackers to cause a denial of service because of out-of-bounds read via a crafted TGA file * CVE-2018-14553 fix for a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence Checksums-Sha1: 4b0933155b11c7c031f9b18c029a55a1755272d8 2400 libgd2_2.2.5-5.2+deb10u1.dsc 281af8e7e9c798d368caf8758b983c4d8c24d9ec 3326856 libgd2_2.2.5.orig.tar.gz 969364ddba5f6dfce56f9332985e657665c94894 37380 libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 6bfcbd69413297f9791a4298d7124f9b831731b1 8542 libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo Checksums-Sha256: b32b49e7f53f48312d289ef5a509245590d744d8125a3be765494cf809950842 2400 libgd2_2.2.5-5.2+deb10u1.dsc 150e6952af874bbccb33cf0f87288b41a8fd54f0ce4cff914ef90a80ef9d0162 3326856 libgd2_2.2.5.orig.tar.gz d33f0b1ad7f40ff30f67e08e792be647b6d79e2942ad412d873ac7d9ab241b13 37380 libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 05f3f87fa57995912c53f7a8109f86780018de8dc0a370c42a98b89a33111387 8542 libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo Files: 5d250651b979523f7849e8d9a3eacb99 2400 graphics optional libgd2_2.2.5-5.2+deb10u1.dsc d851cf184ccb9272b728ccb938c25b25 3326856 graphics optional libgd2_2.2.5.orig.tar.gz 8d199b7cc455cb50bd321ddff6529776 37380 graphics optional libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 8513249e44d087bdcfd219f2f129213d 8542 graphics optional libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmYRCapfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR69AD/9A+AQBfqB+b2GPI7zSLRD8YnNZalhn n2tf8DKlVxBdS+xU8vvSUh+LRLHlVoAi3JPtKsf+W2ZAaimscFKPzgL6jyyxLBOP D+3cRnxJmh5bjtzdewffEnHxMfrPsHM9WjCDfoYqH3cLXFMG0nxxglLpRFMBg7rS Mh7W2nrM9cH85WXuHSCUGy/jltfy4ZItJtJEXLno+x7OAPLfFKRzdczyPhGMVj3E AMq1IxrFWMPZBNQwN0l9lK9cgCb9+TEoJHxVKLvGkwNpjYkR7luaQ1YxGXpPFnZY 6u4CeF9BGHAMZqBssQaDGDycTTRqoTfUYI0zbep4gDWdLPZRWB+VW2QC87XpcbCx VrFddmB7twBr2SqXuHKltcb4RhSuYm0Pu4Sf/o/dJzsH/XH6G44CA0zWRvUUUjgM shBbSyJVunPdDmsomnjJV//DA+XcBUQ1at6O70PeSIIyu7ztWjx+3qL0ULfFUMkx mC2juKOjsvZVlEzmYNFD3rKY/DuhtXpCnVZLqfa2ci88/R2mFQsOJH3cQxMlfLTG Id4rxRgGfw+GQfFNOUVFvAk/hQT1HwxjlEsuOdYTcBC2Zrst8HOGBKD+pNDcSe8L 7hEIG8iV0QWzdy+hl+Aw2pIijeHMHPb7QGAQ469rlFjEJ8JXJkBP0pNtX6S0Q9rH 1l3g55aF86FIyw== =zK5x -END PGP SIGNATURE- pgphGqm_vLcBo.pgp Description: PGP signature
Accepted expat 2.2.6-2+deb10u7 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2024 18:16:16 +0200 Source: expat Architecture: source Version: 2.2.6-2+deb10u7 Distribution: buster-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Tobias Frost Closes: 1063238 Changes: expat (2.2.6-2+deb10u7) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix test suite. * Backporting patch for CVE-2023-52425 - DoS (resource consumption) parsing really big tokens due to O(n²) complexity. Closes: #1063238) Checksums-Sha1: 9339e324dc600aa01630d878076c0986678f5dcc 1981 expat_2.2.6-2+deb10u7.dsc 99907f6d654007e3b26c221b7b1f696beb02c763 78596 expat_2.2.6-2+deb10u7.debian.tar.xz 5490885edce4d161b39a23b0485039ef268172ac 8508 expat_2.2.6-2+deb10u7_amd64.buildinfo Checksums-Sha256: d2544ddde86b80328d975ea7747f61670769e516c0ace034995a151ea3ad6659 1981 expat_2.2.6-2+deb10u7.dsc 92659584405905570ca3b5295e4a1106eff4eeae70795004276c801bbbed2490 78596 expat_2.2.6-2+deb10u7.debian.tar.xz 7f83e42774b51f5131a44b0d00d0d676cfd42ecfacc56630324d8afcfaef398f 8508 expat_2.2.6-2+deb10u7_amd64.buildinfo Files: b0ae8a37c637b9b49e02ec9de548fd45 1981 text optional expat_2.2.6-2+deb10u7.dsc 4a00d01efba2c6709d5f9b6104636e77 78596 text optional expat_2.2.6-2+deb10u7.debian.tar.xz 78b6796df025f4db76603ad8b03f9dd1 8508 text optional expat_2.2.6-2+deb10u7_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmYReHIACgkQkWT6HRe9 XTazig/+JSjFHjcPn56iM7RSo3xtJqcwVGCpCgMMA9AtCVpJ8OzZvkmfo8LbDuF6 MH3sTiTXivU8bV3n1jEn1mOYHRBCkSqgsW1HZY+kglMZ6GGPT8eMdfIXXAC6hYT7 zHfnmvjIWATy3HaUOYzcrW4JcUOIvYbSWXR4yxcvFQTDe8SxLF9ZFS6OZCuYxnO8 V/uL1oblM5p+MeIW/LZIrVrcFNsW+/j3fI9GZousdIt7ZLnj2BXhuOfsM+fr25dc lV6xsmLC9RpZHE0xK0shsc2Hqj+RRNXvGssZAwrU+nGb5cz6M6veOS38e63QCK6z 4812cmxTW9sCbUeoJDoUPL7tR97SPvT95M2lqZvM4UsO3F3jF2C99Byk/hj33HOp LAs3eCpEk4nt0SCMCpC4gUP8KZKnQd8jnOW177z303cDal7jnuxtwIbedac1uQmy j232VSf0Mi0+ZJeKG+VSllXR4zGqR5tNnewiWOq4I8TDlh4361x7StL+EEQpZvpp BgDiMFj0gjYfn7Nt/baE+nYwgYzlGFZNs3i0gAM5hHkGUK7FMlPRj1C0Pd+UzMZc y0Ccxp57VGdB/cJqKle+SI6GPh0oJsssO18iv5q6G+XSNossUrZdm3FTne2so8bW Dzz/ayKLtrQJjGW+g3ejeNBkK6AeLdQuQVNeyNDEc3EhhGWkbLM= =ghgr -END PGP SIGNATURE- pgpOpMAvfu_Gs.pgp Description: PGP signature
Accepted jetty9 9.4.50-4+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 6 Apr 2024 22:13:03 CEST Source: jetty9 Architecture: source Version: 9.4.50-4+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Checksums-Sha1: 815243cdbe3fe92e8dd56a6d2765612e0c2175ce 2779 jetty9_9.4.50-4+deb10u2.dsc 2dae548a95f1ac4ede45e399e3dcb57f08f6c7b0 82572 jetty9_9.4.50-4+deb10u2.debian.tar.xz 37baa282c7566b756d639c1d4c20787c8f5211be 17855 jetty9_9.4.50-4+deb10u2_amd64.buildinfo Checksums-Sha256: a833b6a931138831be2f20029dff842320c133f84c864dfa4afa019daa87fab9 2779 jetty9_9.4.50-4+deb10u2.dsc ad246bd073a526f6a45e6e8f5a7851ffba08dbd8c4887db3a1850ee7423f4338 82572 jetty9_9.4.50-4+deb10u2.debian.tar.xz b9deba9fc797e66d8a8d1be7f872b61804be25b6e67e1691691a0caf8736fd9b 17855 jetty9_9.4.50-4+deb10u2_amd64.buildinfo Changes: jetty9 (9.4.50-4+deb10u2) buster-security; urgency=high . * Team upload. * Fix CVE-2024-22201: It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. Files: fc2fac1c4055a6abb10ae70acd5e9579 2779 java optional jetty9_9.4.50-4+deb10u2.dsc 552a5ee435fb0e0b9135ac02d2f68c91 82572 java optional jetty9_9.4.50-4+deb10u2.debian.tar.xz cb685f8a295cad7a9871cac727cc59aa 17855 java optional jetty9_9.4.50-4+deb10u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYRrNhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPWMP/0YyA7ZKnlUAG9O4GCE9L7tak2Wwzp9E2h72 j8eSNbb/yZ0m0s/O/w5j3VSXoDcXNq0cQKOfpMdGlad17gSES1j2tR+6rphwFtyQ 3f27ujPT1158nP9O2hM1GN9A6GucbQYGyEQpFEP/oJsIwRpj3TGtBjDB/iLflRtT HfEhA6TFu6v5NoUrl+baQ4WDSrakxNpuWNhJc+iDjlpoWo6REChv7rL9mlS4FwJe EBKbO9exe4QanFfs0kRWx7XgZlnPnCEIY13RSFW6gw1z50utCpurkGIdA74DjPQB 2ZKafaE7O1EjVW6+sutHIXeanmdO71tR18sZQq5MSGUwC32YVzS1k1Xx4SL1Leac ukVATPcTvHPKq3Qtqa81UqIazwLG9EAJJ3eAv9Uj828nAnmEakne85cvYoPvyVwJ pWv8J/aGQzCUs9orPFQVhHNct9ehFuBnHvxQRq13Lhp0SzKTNrDPpnMNScA2Cx8H eYinRjAvYfBakv1Auqr2XueWZQSVwDE1nUNiZbUy6TE4KVbu/PigzsgTcAaTyEFd DyQTlxes0uZ0XgC/izrAi8By427UW38q8LIBUmbNru6ghG2eJRxHfGdo1gcoUoR2 Yur+2I1nLabpKzjRgY16hV1PzoGgtSv9Mojl3Ii9iYDqkeWK/ijg3c4qKpsqhtrL joKIiUto =iR7O -END PGP SIGNATURE- pgpqyhBJBRWz7.pgp Description: PGP signature
Accepted util-linux 2.33.1-0.1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Apr 2024 00:33:55 +0200 Source: util-linux Architecture: source Version: 2.33.1-0.1+deb10u1 Distribution: buster-security Urgency: high Maintainer: LaMont Jones Changed-By: Guilhem Moulin Closes: 826596 991619 1067849 Changes: util-linux (2.33.1-0.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2021-37600: Potential integer overflow in ipcutils.c. (Closes: #991619) * Fix CVE-2024-28085: Escape sequence injection in wall(1). (Closes: #1067849) * Prerequisite for the CVE-2024-28085 fix: Backport upstream changes to use fputs_careful() in order to handle UTF-8 characters. (Closes: #826596) * d/rules: Build with --disable-use-tty-group to avoid installing wall(1) setgid tty. Checksums-Sha1: 1ea17f1caf109d1cf1533132bf25280bb96a44e5 3995 util-linux_2.33.1-0.1+deb10u1.dsc f57232d9594d23e7c20b5728b24bf4e5d977accc 4650936 util-linux_2.33.1.orig.tar.xz 6b67806088771b8a5a7afe96bc903893293d9f82 87368 util-linux_2.33.1-0.1+deb10u1.debian.tar.xz df9b46e87434a28f0485d8507aa5c1c8e272bfc3 17216 util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo Checksums-Sha256: cb5ba81b8dfa3ddfe2995b640b2fbe6b35d9706b0185d8d03efe2e6238dcf361 3995 util-linux_2.33.1-0.1+deb10u1.dsc c14bd9f3b6e1792b90db87696e87ec643f9d63efa0a424f092a5a6b2f2dbef21 4650936 util-linux_2.33.1.orig.tar.xz a1f70741a39a31700a443f462a50c3a10b540256bdde1635e0afdb083507d0bf 87368 util-linux_2.33.1-0.1+deb10u1.debian.tar.xz 738d7b3b07894b8c4500bc61e2b9cee982debbdda6e9d3896e7a4db83a3f70af 17216 util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo Files: aa472fe037d9136de4b59110afb1a4d8 3995 base required util-linux_2.33.1-0.1+deb10u1.dsc 6fcfea2043b5ac188fd3eed56aeb5d90 4650936 base required util-linux_2.33.1.orig.tar.xz d796a74e57a26b03f1cda0cd71c718bf 87368 base required util-linux_2.33.1-0.1+deb10u1.debian.tar.xz 93e21c607cf5204e1947947105749ae1 17216 base required util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYR2HQACgkQ05pJnDwh pVLQ0hAAtbb5nHQZq2mNDAkMSngBZ+lUiFjAbiFFKW8SzkJs1sGLtDBX3v6MyDh2 DhMndmWv4ZUKV4apOEVLqUDhyojmpyOXhCbRIDYHMgXIoy+NMyMciKKk450QP9je 6l64AJqdkJ3Lnw/Bc4dHhCBqnOvdN9fSVNYalI6f5bqiBYQ6eTYzsFJiAHEAEE3+ lheOPM+S1dLAUV6dqZxr5kA8RXvHTpKrvmNE4ATQ+E4hsbn2kLJf7DNi3WBrBCUH U7QgUCIULOkjQXP/+Y2xo4FCMloR8ZxvDSlNBKcDGnXhS/FqR1CJl2s1Sd+YbAWp tPnsusvfVI4LcOchbBZDmYHr5HOtrMgufQIWaVtfUGjEEwQpWNhnqCxfAkz8Z8Ri jDFCK4/VYV4FSKe7zORd3cljVMuWVEDpVQm1cH07zFiY+9uSFQP4THlU3MJ6rW2c +iQC7KJM1nTYDkJ27SSObxYXG4uRpHUz44lPSLS39e6K5k5ZwSXzSY+3R1zsPMtU JSmerwzEj5t/C47unM+aNl0nbSaZ/Hl6/YKmzqGOMF8TP4kvIyxjDkSHxb06pZ5o mDrTJtNRm8za985Agh5NUsmAhRH7dQ0STJtm7ZAABg3BxZRbFw3eBTmzH9GzKm+w hwhmW7ixjw7BBdbdYUAsdD4JbGy9QkcIGVQwg5EVGDFtrS4O8hA= =dV9N -END PGP SIGNATURE- pgpEtgvbhnaXs.pgp Description: PGP signature
