Accepted tomcat7 7.0.56-3+really7.0.99-1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 27 Jan 2020 22:21:41 +0100 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.56-3+really7.0.99-1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7- Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.56-3+really7.0.99-1) jessie-security; urgency=high . * New upstream version 7.0.56-3+really7.0.99. * Fix CVE-2019-12418: When Apache Tomcat is configured with the JMX Remote Lifecycle Listener, a local attacker without access to the Tomcat process or configuration files is able to manipulate the RMI registry to perform a man-in-the-middle attack to capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and gain complete control over the Tomcat instance. * Fix CVE-2019-17563: When using FORM authentication with Apache Tomcat there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability. Checksums-Sha1: a39575d42ea0dd1abe404fe7a9ef78cbf619a910 3026 tomcat7_7.0.56-3+really7.0.99-1.dsc 0c613d062542231072bc2518e1f2ecd1772e1519 3411108 tomcat7_7.0.56-3+really7.0.99.orig.tar.xz cf3521b55e4320937334c64b82402d6504fb19fe 53224 tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz 543f3db2bcbef7313186ef98e68414af73a8cab6 299412 tomcat7-common_7.0.56-3+really7.0.99-1_all.deb 3cec0b2d210b25a2365880c5bbffce1f94221fd0 55902 tomcat7_7.0.56-3+really7.0.99-1_all.deb 321339e313b7af2e5587d362189004c4e593cd53 43452 tomcat7-user_7.0.56-3+really7.0.99-1_all.deb 15442d76831712bde1ce9808be286c260805c748 4006902 libtomcat7-java_7.0.56-3+really7.0.99-1_all.deb cbb98d1760f34e3699d83714967998c6f0b5d51b 319076 libservlet3.0-java_7.0.56-3+really7.0.99-1_all.deb 9e599050617604e66b3fc4ea3592bb69cf68ce5b 211470 libservlet3.0-java-doc_7.0.56-3+really7.0.99-1_all.deb 0af36e53cea7e3118a4cce63c19382dcb5e8a430 39544 tomcat7-admin_7.0.56-3+really7.0.99-1_all.deb ba30b50eb5cbc5df3f9e6d1c0a8bef275a64cc1e 202708 tomcat7-examples_7.0.56-3+really7.0.99-1_all.deb a507cfa5e22d48b4007b16d730703ecce3d7e94d 700348 tomcat7-docs_7.0.56-3+really7.0.99-1_all.deb Checksums-Sha256: f220438ba6eb6ece3c460c24369049860aa44b4c6ae918d4f2031abeda389560 3026 tomcat7_7.0.56-3+really7.0.99-1.dsc 76f07d2278b00d38384a45d56e70f7276dc9bd31a82985ad5f36372dce9c7c2c 3411108 tomcat7_7.0.56-3+really7.0.99.orig.tar.xz 87d4b9cd25a045f48a58ce38a87cef1e3a0ae7a90d78515c0225313c5090bbd1 53224 tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz 0fcf5fc5e6c25837cb77e4a9a5dcf6738075a0058a73bec0311aafd59d3c7f13 299412 tomcat7-common_7.0.56-3+really7.0.99-1_all.deb 92c503a1eb4bda45a8ae4a5164bfac01fd753d4c9a49f52c175c2d2f5895fbc0 55902 tomcat7_7.0.56-3+really7.0.99-1_all.deb 7ba60960f6135a0934f5a5c901f1012c8a737aec3a30ed66635bef8ebfae8305 43452 tomcat7-user_7.0.56-3+really7.0.99-1_all.deb e36242308a6e1bfc57c2b387751fcbe679240b738555b60ea5f3af3a2e207d9a 4006902 libtomcat7-java_7.0.56-3+really7.0.99-1_all.deb 234a73fc1411453a6e52d15a9154b6ddd89303b29f87dd9fa3970fa145cb1bbd 319076 libservlet3.0-java_7.0.56-3+really7.0.99-1_all.deb 75189fda91f8acf840dc9a1be3612f06080c2f0f3e0805a3497818cc266fa1ca 211470 libservlet3.0-java-doc_7.0.56-3+really7.0.99-1_all.deb 3d5d5d9d891928ac2bdaeeefb7889138f4d9e0c324a7b3e8bb596d2305ad49e4 39544 tomcat7-admin_7.0.56-3+really7.0.99-1_all.deb 59bd765d2001238ef2ea7ce2620f8585ea538475f027ed78ad6ff52e15902672 202708 tomcat7-examples_7.0.56-3+really7.0.99-1_all.deb 784c9007623a29cad5ad25cac198c0c9dc769d0b859c8c28f68a90fa71691d16 700348 tomcat7-docs_7.0.56-3+really7.0.99-1_all.deb Files: 899bac355468d7a5cd0c4eae9d8ffd3d 3026 java optional tomcat7_7.0.56-3+really7.0.99-1.dsc 337af8a8290f67e0d438ae922db4e0f9 3411108 java optional tomcat7_7.0.56-3+really7.0.99.orig.tar.xz 726f2bc69c34ddebdc86b8f376282437 53224 java optional tomcat7_7.0.56-3+really7.0.99-1.debian.tar.xz f22869b32b4914318f18a23646879a94 299412 java optional tomcat7-common_7.0.56-3+really7.0.99-1_all.deb f2c7b90c2b3d23773dfb86c460f1d85d 55902
Accepted apache-log4j1.2 1.2.17-5+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 12 Jan 2020 20:05:50 +0100 Source: apache-log4j1.2 Binary: liblog4j1.2-java liblog4j1.2-java-doc Architecture: source all Version: 1.2.17-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: liblog4j1.2-java - Logging library for java liblog4j1.2-java-doc - Documentation for liblog4j1.2-java Closes: 947124 Changes: apache-log4j1.2 (1.2.17-5+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2019-17571. (Closes: #947124) Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. Checksums-Sha1: b97d045743a2401bcb549ef52c2ea702f330a6f9 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc 4a988a8b03f4e907327a225b50c5f27f8600e287 552081 apache-log4j1.2_1.2.17.orig.tar.gz 5078f987537d527655a387ad70049280d2bc4265 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz b2b18ac5e4b840e58ed8e3518b901a3075a1698e 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 53b346cb9617c3c5888d8c3351cd42dfc85e1540 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb Checksums-Sha256: d1f87fec3dc512bbc9f21e5bf87a12e3b7f19aab787cbef2959fc6490b79a4fd 2485 apache-log4j1.2_1.2.17-5+deb8u1.dsc f293c2b8cb5a68c43b8c83a41891d3ef667841c2abc4dcfb172292a49eb5336f 552081 apache-log4j1.2_1.2.17.orig.tar.gz 260356e11185e61c4b5779b5ecddae1aa4c5711ac39dfe270840747bd353dcb2 9684 apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz 8b2ddea91c54bbf9572085f5ca0753a0c9aaef3036bbf618848a2cf43fa11769 387006 liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 143bca203cb0b967663fce58fb2687981566f525913e8f9332dd489c70f87886 260794 liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb Files: 1b3be4482bd1fc23e39fd46962416635 2485 java optional apache-log4j1.2_1.2.17-5+deb8u1.dsc 9a5f6f7ee471525673a647d86f311e22 552081 java optional apache-log4j1.2_1.2.17.orig.tar.gz b3194e47fc3407658b2079e4f926 9684 java optional apache-log4j1.2_1.2.17-5+deb8u1.debian.tar.xz 58b38248d1d6f125aa804a0201b70211 387006 java optional liblog4j1.2-java_1.2.17-5+deb8u1_all.deb 78f1988a9d038f59919c9c6c6a05bba1 260794 doc optional liblog4j1.2-java-doc_1.2.17-5+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4bcNZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkEMcP/imWIeii7O0tN6R7oAee0EdxLgDZvu7ZYGbi q3+uWMG11K4gjG821KJaiwzPn4U9DJW6lymlYMspLU7bQ2s7YJ+3KYbCqHs60F6E vy1VQXY1ZkWK0NPGCQUZ4fSqCVe0mSoS/4LD/obEbpl+AXvroNVK6PRLgT91vsyF oLtKMyHBcs30zDP5ld5EWhk87TqrHmARgVpnBkI9VTy4Cvi2jfgjqKsPYmEsID3T heY1f7PoL8qTHHo8/ug3CvuAv4b6vOtJPUy7eUNhZQa/ilk0CU0O/AlViV03BrTU WXwojWbm7bEYZbCrmqVHa1B+ORY4fqMu+aTmwUqW5Vx4WGUFQVcxV9PjtjUkiHc2 iGKSk7yLIbOr+7Db2RCFQPw9i6GetpZS1IA/Tj67vjpPn/oDkcqQsp7Q/DdPnS8T E2FDKySzZnod3QN2yMVOU6+Z7DWDg38ErDZtDIIR4i2PYnDvmj4uQyw6ZiPwYzno wVnhf34mj9W17dvdPmy5pk08Nzc7Jo4G0muC61aY2tgRTJOX7gToLmkkG4D0WFwV ZgHVi8zNmpKQU42ukTd0VqU3NM31VLwh8gQyXP82CaNLK6ZqYnRsANNJlz9baHzx fz9StTr8erYhr0gjFTlBkxMG7Pbm3ffpfu1Bi4ILhml9o7tp1M/5zyqlcXNvkMNb mlEfrpaL =03Yw -END PGP SIGNATURE-
Accepted sa-exim 4.2.1-14+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 09 Jan 2020 13:39:06 +0100 Source: sa-exim Binary: sa-exim Architecture: source amd64 Version: 4.2.1-14+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Magnus Holmgren Changed-By: Markus Koschany Description: sa-exim- SpamAssassin filter for Exim Changes: sa-exim (4.2.1-14+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-19920: It was found that sa-exim allows attackers to execute arbitrary code if users are allowed to run custom rules. A similar issue was fixed in spamassassin, CVE-2018-11805, which caused a functional regression in sa-exim. This update restores the compatibility between spamassasin and sa-exim. The security implications of sa-exim's greylisting function are documented in /usr/share/doc/sa-exim/README.greylisting.gz. Checksums-Sha1: 6c89fdc778bb1c959c73f41428ff44381e901a7b 1999 sa-exim_4.2.1-14+deb8u1.dsc fc353ddf7a35876bd807182fa50a6786edfa494f 66884 sa-exim_4.2.1.orig.tar.gz 8cdcd3a224ba24b9641162f3c833520cd992c728 25380 sa-exim_4.2.1-14+deb8u1.debian.tar.xz 03dd44686ae60656fc23b918935a5603d9687c0e 71424 sa-exim_4.2.1-14+deb8u1_amd64.deb Checksums-Sha256: a6bd84e48ab753bdc2a01d5a9a5fbc2ed99e3d2fb5b7e86538bf69b6ab342c8a 1999 sa-exim_4.2.1-14+deb8u1.dsc 8cf52133eb2e97cf8e5dca4d4b318e641c7cebdaf92eecdf65d5562f004e4aab 66884 sa-exim_4.2.1.orig.tar.gz 3693e4d633069d64bb9403afe91e3ad533a2ebee2e87c6837001d8ee9c685d69 25380 sa-exim_4.2.1-14+deb8u1.debian.tar.xz a7e7b6009a1edaacbf1deb3178f0d50c3b70b3353cc2219641bc4df5c2ef6f1b 71424 sa-exim_4.2.1-14+deb8u1_amd64.deb Files: 1c0210b14b235686bbab6bbbcb36aaa1 1999 mail optional sa-exim_4.2.1-14+deb8u1.dsc 5fc371b5daeed7653b5abf904503f459 66884 mail optional sa-exim_4.2.1.orig.tar.gz 5337a38a1577971c4e4454d7d26bc2fa 25380 mail optional sa-exim_4.2.1-14+deb8u1.debian.tar.xz 42eea508006f63619df5738aa911b6a8 71424 mail optional sa-exim_4.2.1-14+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4XU5ZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk8IQP/0pkC5YVE9tZbYi9a/ZKj+KsH+hsYWt2Fxi3 vVlcD8sXFJM3xM3qt1vPb2yjjSwXeeobWbE8z5T3yQN9hRwrAYwvP1nrLviAdrU1 f3QPRcYP/KLbeRCw4zjwV6COXEPsPrCmz4BjKykmEwHr0anXQlc44u1bYX1IHvSN oHESFvac2XbmuGUoxJnHe6/iWhQE1Mj7T/rYYW9WDxa8m98DfWR5LVBQq/9NVqpY ZdcWqCBsgmRQKDD70mTTPKIcO9rvF7LBW5osU8xkEzTlvo1x5Yp7Z0Wt1CB3r8/O qOHSer9DGZFDhunNrHIGBtVZelwOvsuRKglYjLfojpNbphNMVt9bRC3jMwOephkr Kp0cIt+mSH3R0XOHBaQ52HGkerRIVZeISSTQinvqYNF/Buh7xNPt/OaDD/lQEIWa 1UvOnf74GjkeI5ahAJErBdA7m0l7E6VMNtX0i+ywE4Yc7DvFGb1uACnc1VKbZJ2M lWUXTCRi6WXaonpjgagUr5coufUaSkiHVtqHnUYIM747Jzh0SyK3j7s4Eo4ev/P3 fQ1ailBvipmPcoaMNV4OTu099rJ8Dj/1XjGBPehK3S7ngcukQU3ewxxFx2OR2c4J 1KicrLHUxd+4C38qoXPF549Wzu8xe6Iygxfg7ZqmlMxXVx4yWT6DpIubG/xdW6yV 6F6NLQhf =UmyS -END PGP SIGNATURE-
Accepted nss 2:3.26-1+debu8u10 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 Jan 2020 22:25:29 +0100 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu8u10 Distribution: jessie-security Urgency: high Maintainer: Maintainers of Mozilla-related packages Changed-By: Markus Koschany Description: libnss3- Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.26-1+debu8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-17006: It was found that certain cryptographic primitives in nss did not check the length of the input text. This could result in a potential heap-based buffer overflow. Checksums-Sha1: f5f7db1907dd28d9621cabdeeb38e42d8b067d74 2407 nss_3.26-1+debu8u10.dsc cec14d7a49fbe347dc73d8c37511622407754e75 44532 nss_3.26-1+debu8u10.debian.tar.xz f34dc204ee54075431232d523ffe4e16888e5440 1174614 libnss3_3.26-1+debu8u10_amd64.deb 9adcc86312a2ab1c051c08c73f44cb9af0f64565 19160 libnss3-1d_3.26-1+debu8u10_amd64.deb bc21870824f076e1e12dcfb6e790afc28ec06bcc 785230 libnss3-tools_3.26-1+debu8u10_amd64.deb e822ea9fab620910b7c53f5ca5917eb876dbe9e2 241930 libnss3-dev_3.26-1+debu8u10_amd64.deb c7ed449dc016fb1b6813f2990b1c8f358deb0578 8198842 libnss3-dbg_3.26-1+debu8u10_amd64.deb Checksums-Sha256: 976720de01e3f710b99116424d325c117f91f0c5bc1a7773f71893de705363a6 2407 nss_3.26-1+debu8u10.dsc 184920f181118ef397e4670a2c5324a9281ec2fe12449d2fc45423de457a996d 44532 nss_3.26-1+debu8u10.debian.tar.xz 6a3e4df1d3efaaf087e8399bc7c45c75bb98ce43ebf083b1819518ea4087f55a 1174614 libnss3_3.26-1+debu8u10_amd64.deb 59823a674ecabcea3d002c25b30a56006f337a36998928202c7ee507be076a9e 19160 libnss3-1d_3.26-1+debu8u10_amd64.deb aa7ca366538fb9e7cbf8596ae18da64182e0b1c8925b81b28cd40b22f215 785230 libnss3-tools_3.26-1+debu8u10_amd64.deb ec8af40d3b692dbb73553673844f75dbfc49ae10351039d3477db99ba1f1149b 241930 libnss3-dev_3.26-1+debu8u10_amd64.deb e5118472aaa17cd26e92d073834cdb4e919c68d8cbd6cd551374f08056335d5d 8198842 libnss3-dbg_3.26-1+debu8u10_amd64.deb Files: 8c4de8ecdda21c362929b49e93ceb7cc 2407 libs optional nss_3.26-1+debu8u10.dsc f69037fd2509f8f1f8beefee34cf750c 44532 libs optional nss_3.26-1+debu8u10.debian.tar.xz 90c6c8689c4d7c0f7a53afbaf243bce5 1174614 libs optional libnss3_3.26-1+debu8u10_amd64.deb 5a00b441760e1dd63a1c796fcb408855 19160 oldlibs extra libnss3-1d_3.26-1+debu8u10_amd64.deb 8933966fe03c515997d1d6a5b9675fc9 785230 admin optional libnss3-tools_3.26-1+debu8u10_amd64.deb 901d24ceb0337afb60244770c6feb3bc 241930 libdevel optional libnss3-dev_3.26-1+debu8u10_amd64.deb 7a9e39f8b4aa60d7c20e918c93e6bbf3 8198842 debug extra libnss3-dbg_3.26-1+debu8u10_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4Tt8FfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3KEP/0hq6oa5/mPdj22MSEh6ynP/1kBcEVH53eOg /MHxXZGB4+nGFtGGN2WSf4jp020StJg6rUqKmV3SThwsx3oqIUSqLZC8snnVfcgS V22LBIqhKtOsb4LEeTIuBRsb+KHgiOtgF0m9VSTh6J4Iqv+Wgn5rYeiW9IBRaIu8 EcKc/7us6p69FYr924M8LXk+d3kMLnubBb4vUVxOxX2DT4Jahb8wnjj+eb7/85zA uHCRs/MqIaZFZaoEUaPWzO6UFF1Bmsk+59j9GUqthdMFknUIlIO/cBP/Q6tBZ31o QvWdH1+wcjy4mu0B9y6AjBCLtjYfOhVg9OBPTfBV4NwlWcGOAeWYSpjVimCw/chw HsG3N6VpfHKrG6p3Si6N/LRAQglewsI+gVUOSwmigYfizsOwK7dpNOi8BLYKY1tJ /Gl5xZcJxqUTKERc58v8uyxl5ykSFxtYSy5ZCYBnL7oDqtfieMrNjQnsBQryEx3r q/Cq8uvAHEBexNXMnzwuVJCb37+Uh6udTInLfPP9zzot/fTCFTrHBsg1tCAkv+qF uoDFv0fuNUWRVQ9Nnjq5U8b75sQaVO/goF0hFWVMzxt+Xeml2uNQkqXf4Ywv3/2O BrcFtRpaVMiCNnFs57ip24nWNp8+WGQYngrqLlI3uhQGqxf1ubIiE1M1TA3mDCLz JVkIQnpJ =8p2j -END PGP SIGNATURE-
Accepted intel-microcode 3.20191115.2~deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Dec 2019 21:02:28 +0100 Source: intel-microcode Binary: intel-microcode Architecture: source amd64 Version: 3.20191115.2~deb8u1 Distribution: jessie-security Urgency: high Maintainer: Henrique de Moraes Holschuh Changed-By: Markus Koschany Description: intel-microcode - Processor microcode firmware for Intel CPUs Changes: intel-microcode (3.20191115.2~deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Rebuild for jessie-security (no changes). * Fix CVE-2019-11135 and CVE-2019-11139. - This update ships updated CPU microcode for some types of Intel CPUs. In particular it provides mitigations for the TAA (TSX Asynchronous Abort) vulnerability. For affected CPUs, to fully mitigate the vulnerability it is also necessary to update the Linux kernel packages as released in DLA 1989-1. Checksums-Sha1: f8cf44032b14844ef9a0db0929d7f35efb4199fc 1968 intel-microcode_3.20191115.2~deb8u1.dsc fdc7fad1c994fbc66b41cfe0a8504674f308d640 3163272 intel-microcode_3.20191115.2~deb8u1.tar.xz 2a504408bda9aec9be145c9d918f352d5f302a1d 2429600 intel-microcode_3.20191115.2~deb8u1_amd64.deb Checksums-Sha256: b692ea7158d00b758c3d9ac1d13942a3e5d2e5e904065a66ba5c6da888914150 1968 intel-microcode_3.20191115.2~deb8u1.dsc 831e1820a260b22e3155c9975593c98c9e18dd0c063b0e0acbac6df1bcc8d494 3163272 intel-microcode_3.20191115.2~deb8u1.tar.xz 3d8e090137470d5bae329bf6051fd34e7fb64d4dfd784526d6d940bf9d079029 2429600 intel-microcode_3.20191115.2~deb8u1_amd64.deb Files: 8354d9bd9cc9c5909e70bea5c4610441 1968 non-free/admin standard intel-microcode_3.20191115.2~deb8u1.dsc 8a4a7c7619a507bb68892a18055ec218 3163272 non-free/admin standard intel-microcode_3.20191115.2~deb8u1.tar.xz f24fc64a3db7af367b86db13d2c0ebf6 2429600 non-free/admin standard intel-microcode_3.20191115.2~deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl4KZ3VfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqgoP/05f+kp7jyGzGGmneUuRK6p5T8SA2xoKh447 grynwiYD32Skf9x9XQ4d6Viqhi7VNT8tiudKqNSjDR3vb9Aj3hzrxxG1nMwOkZM+ /FRJ9cGzK+DcCGrQ4Lj3Qk4KWN7nOzBMSg2RYkSu9xs/f3E0REYMHivyuMBD1+tb K77snf+2uH9sDpQShDRiVgEs9PDspAXFbZpaxxJ/Y+QPbiSPTZcUWqDZftt37idY RvtL2w7BQ3NLz0PbDIH1kyC5A7nPLKs4Y5e2rsYAlphOKyYA6MDJ7xn5BIp/1OZJ 4GM9nZuCD8acf9KDuNmpFzbT4Nr883aIgkRwwiHcYu/tTmnEMnRHVQVaKyN+KC2h o0QZMOr6YuHfTicBvZ2K2f4YCVT3IcVRG9IbnSn9wZsmouzOXK652kDT1CM6ECUn y78m9kOmcfEzAEfATmtYtzP1PMkvbtYBMmc/eGCECMYaUQxWIzHeSCbcrAFSnY8U zap3Ciaz/vnbwlYHl3hahGc6GdZwwv7OmJN7OjNQlLdWTLRXx/AjR9a9jD9Q8C62 CpnKjM3gFWr8IzMXMfsb0ZkOYN4iOaTotQfF1l1y61o3BpHWge2x+FwL+oSSfY3o NXW8TCkGbaGtsB/RiwErV/aUxjhVZdp40rERqeHjM99N0R23Pn09aaLSd/X6x/9G WajkJsTl =fUn1 -END PGP SIGNATURE-
Accepted jackson-databind 2.4.2-2+deb8u10 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 10 Dec 2019 17:15:09 +0100 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-17267 and CVE-2019-17531. More deserialization flaws were discovered in jackson-databind relating to the classes in net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup and org.apache.log4j.receivers.db which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. Checksums-Sha1: 6b5435eb39768a9d7c10ea20ca155a4092574e4a 2695 jackson-databind_2.4.2-2+deb8u10.dsc 4deebdba2384fe219cf9130e0bf30fa1e4e99d8c 12312 jackson-databind_2.4.2-2+deb8u10.debian.tar.xz c5da2f5668ece4fb2eff90fb7431c44c93039ace 987906 libjackson2-databind-java_2.4.2-2+deb8u10_all.deb 5c5eeedf108d2a7a4fc759ad9a960772c2748d07 4738920 libjackson2-databind-java-doc_2.4.2-2+deb8u10_all.deb Checksums-Sha256: 19ad8b64ff5096a0d0fd7a1392a48bd00c81b71a0ba43d379304ee65f013449b 2695 jackson-databind_2.4.2-2+deb8u10.dsc dd7a6aa0fc83c364e1923435f30753e857c97e09f1aff35bba0367977243c0be 12312 jackson-databind_2.4.2-2+deb8u10.debian.tar.xz 43bb7a895bed5308aa8dc170ef47ae075b74194b91c95df222aa05e569b8b62f 987906 libjackson2-databind-java_2.4.2-2+deb8u10_all.deb 0b9718fc182221b95d27e06553c829e84097a021a38f6567cb446dc184ecd7c6 4738920 libjackson2-databind-java-doc_2.4.2-2+deb8u10_all.deb Files: 63a030178c3a376bcb179b1dc9aa8088 2695 java optional jackson-databind_2.4.2-2+deb8u10.dsc c899724e6c5623c831a8c8c48c13277b 12312 java optional jackson-databind_2.4.2-2+deb8u10.debian.tar.xz ecf9e7c28188db7c05ef59d3c1b4546d 987906 java optional libjackson2-databind-java_2.4.2-2+deb8u10_all.deb 47c3069a716700fd5e7adbca0a1c2d78 4738920 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u10_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3vzxRfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkTHQQAJTvKyOjvX8glPBSAbVS4NLUdiEeY1bD3f/f LON0t9QUNaDoA2lAdhCRQ0dSSkAqPGUEImywvPGQDg5bxm7+4BDt4ck6a7fuO91h 3dGt4xvlCIcqlqCzJzoiXbFMGZMqSjuVo5dCsXCPJT3vXVrUQDDT3LXxGfxzD+WR rtX/kd5QgbNg1p6hOwPDIfsAGkaBFxzjSnz3aqFwzOpAbqkKK3Px8b+EFiqmLuWq HvucGNTZq1I9wpInrgbw4ncfSFzdlRK+neNacgFjjxlsxdZmg7vKALeU5ssaf8ij RR0lXO16MSM25HnZJKrzf7CBmmOLwk1FjK5Hg1L8FpLTm/gTjlFNNokmlgL0uPV6 f99S/CGI8WImUFe6wu3fCjQnCXjj+oHISFvqfMKcij4OMIbCpS/q1O4UbXKavxvK QPUHvHo2620KeDNneebYlJEZutToAt5OvEXRkaqZEAeISgeZqfGJTxnsh/LgijBL YJVYZyjsxni+cuFepVCUpO0Xmq16abm31ygDwZ/rhnjAMnW/xzkElfVwv2BhNmnI uSp3ByjtOEApOFi4c3SzLohzJVxSTBer+23svZDwB0AyeBmIcvXz3a8z6s6Pto5h JaTWLPm9DUKEZq1Z57cyQutIz8r83T9sEV56wxkcuASeIfGBKG6iasSOKpftguOw U3qLdd/d =p/Pe -END PGP SIGNATURE-
Accepted squid3 3.4.8-6+deb8u9 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 10 Dec 2019 13:03:24 +0100 Source: squid3 Binary: squid3 squid3-dbg squid3-common squidclient squid-cgi squid-purge Architecture: source all amd64 Version: 3.4.8-6+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Luigi Gangitano Changed-By: Markus Koschany Description: squid-cgi - Full featured Web Proxy cache (HTTP proxy) - control CGI squid-purge - Full featured Web Proxy cache (HTTP proxy) - control utility squid3 - Full featured Web Proxy cache (HTTP proxy) squid3-common - Full featured Web Proxy cache (HTTP proxy) - common files squid3-dbg - Full featured Web Proxy cache (HTTP proxy) - Debug symbols squidclient - Full featured Web Proxy cache (HTTP proxy) - control utility Changes: squid3 (3.4.8-6+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12526: URN response handling in Squid suffers from a heap-based buffer overflow. When receiving data from a remote server in response to an URN request, Squid fails to ensure that the response can fit within the buffer. This leads to attacker controlled data overflowing in the heap. * Fix CVE-2019-18677: When the append_domain setting is used (because the appended characters do not properly interact with hostname length restrictions), it can inappropriately redirect traffic to origins it should not be delivered to. This happens because of incorrect message processing. * Fix CVE-2019-18678: A programming error allows attackers to smuggle HTTP requests through frontend software to a Squid instance that splits the HTTP Request pipeline differently. The resulting Response messages corrupt caches (between a client and Squid) with attacker-controlled content at arbitrary URLs. Effects are isolated to software between the attacker client and Squid. There are no effects on Squid itself, nor on any upstream servers. The issue is related to a request header containing whitespace between a header name and a colon. * Fix CVE-2019-18679: Due to incorrect data management, Squid is vulnerable to information disclosure when processing HTTP Digest Authentication. Nonce tokens contain the raw byte value of a pointer that sits within heap memory allocation. This information reduces ASLR protections and may aid attackers isolating memory areas to target for remote code execution attacks. Checksums-Sha1: e411d340ec335fc79f3ffcbeaf1a32b5fb1383aa 2497 squid3_3.4.8-6+deb8u9.dsc c465ecd9c366f835c52f0be7c4c5a386532cc489 50524 squid3_3.4.8-6+deb8u9.debian.tar.xz a8fe7c80f877aa7bc1f4abcb75867922480100b5 260284 squid3-common_3.4.8-6+deb8u9_all.deb 2798b47a50cb2b189ba0281c0dc0eaeffbb203f5 2073760 squid3_3.4.8-6+deb8u9_amd64.deb aa3091f8e853f3258f55f371018d322279ee4405 8680006 squid3-dbg_3.4.8-6+deb8u9_amd64.deb 254f52f2bab5a44ec6e8f4a877f58a02d930b70d 142606 squidclient_3.4.8-6+deb8u9_amd64.deb 27699e0d3f212201f0f3463f0e47d90c301b6c20 147818 squid-cgi_3.4.8-6+deb8u9_amd64.deb cbf4ab33cb73a0dcb0128287bfe5e06357b05baa 140402 squid-purge_3.4.8-6+deb8u9_amd64.deb Checksums-Sha256: 56e5ce055bb515d40af1a5de5fbd66566243a3fc5514eebe046123979335ecd5 2497 squid3_3.4.8-6+deb8u9.dsc fd0897c60e42d7f029b80c9281a05b74b3eddfa5469d8494cf800abf0cc54471 50524 squid3_3.4.8-6+deb8u9.debian.tar.xz cb117616f37d1503cc9f8a5a578bc57ff59134cebd994902b5a5b3b6c53de42c 260284 squid3-common_3.4.8-6+deb8u9_all.deb a690b736626b8980086ed4304347178997bc27c8e025929786cdf0104fefe23c 2073760 squid3_3.4.8-6+deb8u9_amd64.deb 9c25c2f2998c446984452fe55854664a8fd12e724cff5ea0833686e511099560 8680006 squid3-dbg_3.4.8-6+deb8u9_amd64.deb e0db492acbb8c5d71d03c71dae15511ff935e94560bcca139a4613b4eefad6d2 142606 squidclient_3.4.8-6+deb8u9_amd64.deb e5178ce400ed9823409037938f8c7e1d6fbf6cf14aea51e7a89e7e8c908229f7 147818 squid-cgi_3.4.8-6+deb8u9_amd64.deb 86d5e490179f62d6436bdfab6f5300de9024f81634e33ed2f3392f5ea45e93ad 140402 squid-purge_3.4.8-6+deb8u9_amd64.deb Files: 153f1b07756345ae94005e017680f7fd 2497 web optional squid3_3.4.8-6+deb8u9.dsc c7bd56f3bdb8f7627adf1d3f50fe8dce 50524 web optional squid3_3.4.8-6+deb8u9.debian.tar.xz edf0cdf1762de623aceb84d5d28278c4 260284 web optional squid3-common_3.4.8-6+deb8u9_all.deb c08020a806d9a99e02eff68784a12d3e 2073760 web optional squid3_3.4.8-6+deb8u9_amd64.deb 31fdee2fa13219c30e90b04e050ba4f3 8680006 debug extra squid3-dbg_3.4.8-6+deb8u9_amd64.deb fce7a2c89bb01d10464d4cc85ac469d4 142606 web optional squidclient_3.4.8-6+deb8u9_amd64.deb 81af5554c1a5a5ef6f8b1eb5b7ecc0cf 147818 web optional squid-cgi_3.4.8-6+deb8u9_amd64.deb bbbf221f7c1d63d4609133d5cb9bb965 140402 web optional squid-purge_3.4.8-6+deb8u9_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3vjkBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
Accepted jruby 1.5.6-9+deb8u2 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 09 Dec 2019 21:33:31 +0100 Source: jruby Binary: jruby Architecture: source all Version: 1.5.6-9+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: jruby - 100% pure-Java implementation of Ruby Changes: jruby (1.5.6-9+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-16201, CVE-2019-16254, CVE-2019-16255 and CVE-2017-17742. Several security vulnerabilities were found in Ruby that also affected Debian's JRuby package, a pure-Java implementation of Ruby. Attackers were able to call arbitrary Ruby methods, cause a denial-of-service or inject input into HTTP response headers when using the WEBrick module. Checksums-Sha1: 57f8042f7515e23d0498bf22acd178f941609e67 2494 jruby_1.5.6-9+deb8u2.dsc 5acc12215e0d46b075e89fba1d810060a4203674 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz 8937bf1b1d92e0736a2ef4797784aec27e2fb7b9 7829904 jruby_1.5.6-9+deb8u2_all.deb Checksums-Sha256: b68453839d5687d709708b539a0c0e93b2e5d2d41fb336f33c00a722c5b01f1b 2494 jruby_1.5.6-9+deb8u2.dsc f59bf5705ddd67ae5dcf237febf6f8d7524d65863198fed7aad76b5a4f70f60f 39092 jruby_1.5.6-9+deb8u2.debian.tar.xz ed29fbfe9f79431d571c9f29510006b364e892c2bb3f90624017a1dc57ed9b12 7829904 jruby_1.5.6-9+deb8u2_all.deb Files: 83c22a6ec0eec64d303e1ab0d837d241 2494 ruby optional jruby_1.5.6-9+deb8u2.dsc 3957020d914ea2a96ddc4a43d4a79cbe 39092 ruby optional jruby_1.5.6-9+deb8u2.debian.tar.xz b238a60ff32d5f8e161b63b8e2edf2ed 7829904 ruby optional jruby_1.5.6-9+deb8u2_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3viIhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkMFIP/2iuk7IF+PXW+l7eL7+ebBHL2W49QdGWcPsh gwAf9IBvYBR0XyNm4+GwoD541bPF3P2rgQBkf+Ia6bja3AkjOcdWI21Z55LxRkze uWaD+YqG+z5tMDH9gpfCHntegWpm7j3S7FXvVADTAUtKbg7wvVzhSEtvHmC0xqED ryC89WYUoiASfg/DY+CImMes6SpRS1PCF3tC3WWKONS8fjBVw2ovT/7jPK+P9I0K wC/r3WF03wA9LGkhaH175ZNMrIu1Rp6h55oTCpNYNcWPWnRY7YdmqlenzbdreSkn zL941G81RmGJ0TmYrgeYd5FoiqdGziLtVZTFG3871rigxN0YdOJdwoU5c+0xeQiL nN905SCrzeyrbnotOSkqCj7c6gqBGEu9K60kuokzVrCIur3HRzz9LreLqtMIwFzK c2GDOgL0GtZvKVVHjv5QyBa+NYJ5Igiy28LkC5MF9TI9CH2Jk0EGrj5HstOTlARf LGpJl3VM7hR1TWgpouF6ZQeWgIcmdFqn1hI5z46+E8T4A27BFmWanSIxkG+5msBc Pd4mYedXtRxWegvLfC7bae5PqusNvKyR+qsdUxMPMtZe2+eA4pKdj2jGOjTjMPjX 76QTNjcXjoe1U3J7Lu2TfO+lOGtM1I8CjmN82w4HxZqG0rLQs70LVfR+k3nSPMOS khHyMp7e =OkFS -END PGP SIGNATURE-
Accepted openjdk-7 7u241-2.6.20-1~deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sat, 07 Dec 2019 20:36:34 +0100
Source: openjdk-7
Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib
openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-jamvm
openjdk-7-jre-zero
Architecture: source amd64 all
Version: 7u241-2.6.20-1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: OpenJDK Team
Changed-By: Markus Koschany
Description:
icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-7-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-7-doc - OpenJDK Development Kit (JDK) documentation
openjdk-7-jdk - OpenJDK Development Kit (JDK)
openjdk-7-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-7-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-7-source - OpenJDK Development Kit (JDK) source files
Changes:
openjdk-7 (7u241-2.6.20-1~deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* IcedTea release 2.6.20 (based on 7u241).
* Security fixes
- S8167646: Better invalid FilePermission
- S8213429, CVE-2019-2933: Windows file handling redux
- S8218573, CVE-2019-2945: Better socket support
- S8218877: Help transform transformers
- S8220186: Improve use of font temporary files
- S8220302, CVE-2019-2949: Better Kerberos ccache handling
- S8221497: Optional Panes in Swing
- S8221858, CVE-2019-2958: Build Better Processes
- S8222684, CVE-2019-2964: Better support for patterns
- S8222690, CVE-2019-2962: Better Glyph Images
- S8223163: Better pattern recognition
- S8223505, CVE-2019-2973: Better pattern compilation
- S8223892, CVE-2019-2978: Improved handling of jar files
- S8224532, CVE-2019-2981: Better Path supports
- S8224915, CVE-2019-2983: Better serial attributes
- S8225286, CVE-2019-2987: Better rendering of native glyphs
- S8225292, CVE-2019-2988: Better Graphics2D drawing
- S8225298, CVE-2019-2989: Improve TLS connection support
- S8225597, CVE-2019-2992: Enhance font glyph mapping
- S8226765, CVE-2019-2999: Commentary on Javadoc comments
- S8227129: Better ligature for subtables
- S8227601: Better collection of references
- S8228825, CVE-2019-2894: Enhance ECDSA operations
Checksums-Sha1:
b8cdf6eb28bf4117f3708b552756b5f5adbaf96b 4836
openjdk-7_7u241-2.6.20-1~deb8u1.dsc
b9771861833eb7e5eec1fa20c50b65f4afe49af2 54819280
openjdk-7_7u241-2.6.20.orig.tar.gz
e47c3aba02fe6073e1d6b5ab1165ee8df834221a 174532
openjdk-7_7u241-2.6.20-1~deb8u1.debian.tar.xz
d15817599b41f4f97618ac94454aaebe29da7c60 15960638
openjdk-7-jdk_7u241-2.6.20-1~deb8u1_amd64.deb
330c8d6293dc0deb3952098fed1ce5c22379c941 40152776
openjdk-7-jre-headless_7u241-2.6.20-1~deb8u1_amd64.deb
b04478276dfe4cf78046e81d4b9defd7f7b77e3a 176648
openjdk-7-jre_7u241-2.6.20-1~deb8u1_amd64.deb
24233a427a7cebafb9b1edac9928382e2821622e 1887856
openjdk-7-demo_7u241-2.6.20-1~deb8u1_amd64.deb
99cc6d077eff00cd51956afa5c82e20b3c5f391c 178192268
openjdk-7-dbg_7u241-2.6.20-1~deb8u1_amd64.deb
38bc1f3b756a7050e5bcf3e526c92da094fb9d1a 724128
icedtea-7-jre-jamvm_7u241-2.6.20-1~deb8u1_amd64.deb
898fe4e777af15d03549090cc71f3e605ddb0786 1739526
openjdk-7-jre-zero_7u241-2.6.20-1~deb8u1_amd64.deb
4d7b6057220b2fc14b2a42746560eddf20fedf30 316076
openjdk-7-jre-lib_7u241-2.6.20-1~deb8u1_all.deb
e127c1e86d7cdab10b3f155664c3e0f0ef061ca2 40384166
openjdk-7-source_7u241-2.6.20-1~deb8u1_all.deb
da16384dfbe32d3a99b700b7bf5afdda822995c0 11204470
openjdk-7-doc_7u241-2.6.20-1~deb8u1_all.deb
Checksums-Sha256:
8c79472b58041dfa8778c5987615fca994201e3cda8e0480e36a195a3d338c81 4836
openjdk-7_7u241-2.6.20-1~deb8u1.dsc
fe12e145a88201b1d18f6b8d15b90e1c66fb73490877dca5a4de32361138519a 54819280
openjdk-7_7u241-2.6.20.orig.tar.gz
b9d9612207f630ce020a95ef11380f1686a212ac378d912121d0db05e84df15c 174532
openjdk-7_7u241-2.6.20-1~deb8u1.debian.tar.xz
5918ed8b546941732cf1c041a7b368550f093b6ee41db4dd814e384c117fac4d 15960638
openjdk-7-jdk_7u241-2.6.20-1~deb8u1_amd64.deb
6817e657115a9a53643511d9f309cc2d4cbb8f97cd1c22a0d7342d62d030727c 40152776
openjdk-7-jre-headless_7u241-2.6.20-1~deb8u1_amd64.deb
5350b97ea0b3ce4d97ed6f6b79de062c5d166fb8ff653d49937fc9ffcd9aeabe 176648
openjdk-7-jre_7u241-2.6.20-1~deb8u1_amd64.deb
7ba25621b7b12e3c3ab6532a6094f84f3e66f4409286882da1ef1e7aece0a700 1887856
openjdk-7-demo_7u241-2.6.20-1~deb8u1_amd64.deb
d6412be13f17d216688551c04af52efa431d875fe382098878c1fe0789715d41 178192268
openjdk-7-dbg_7u241-2.6.20-1~deb8u1_amd64.deb
fe613d0c796cf2ce2dfad75e0f6694e4d73d3c83fd00988741ef5de5f2234aea 724128
icedtea-7-jre-jamvm_7u241-2.6.20-1~deb8u1_amd64
Accepted libapache2-mod-auth-openidc 1.6.0-1+deb8u2 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 18 Nov 2019 14:40:00 +0100 Source: libapache2-mod-auth-openidc Binary: libapache2-mod-auth-openidc Architecture: source amd64 Version: 1.6.0-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Hans Zandbelt Changed-By: Markus Koschany Description: libapache2-mod-auth-openidc - OpenID Connect authentication module for Apache Changes: libapache2-mod-auth-openidc (1.6.0-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14857: A security vulnerability was found in libapache2-mod-auth-openidc, the OpenID Connect authentication module for the Apache HTTP server. Insufficient validatation of URLs leads to an Open Redirect vulnerability. An attacker may trick a victim into providing credentials for an OpenID provider by forwarding the request to an illegitimate website. Checksums-Sha1: 268d70f47668001f7351cce1c9d82c378d24d421 2169 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 453169ffd1f8310b0f021a08931f2ca41a93f251 5976 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 860b211e97bbef363cabf2838771324b47f66ac8 88600 libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb Checksums-Sha256: b08209d41dd19c5cffc26f24c0ccfd3363b5c0ee161e316cb80bd1fadc5cbe05 2169 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 83edbec34cec31770ce3bea666b6f369dd8d42ba7942fa34fd711097db77c4ab 5976 libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 4faea8405a6f8559a3c23f0509545d945229ae9af67eb723007223b7e9c49b55 88600 libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb Files: 522c3b999b373e103b0043e1d71aae80 2169 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2.dsc 005304d4d77041f3d3df976d3e680d44 5976 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2.debian.tar.xz 4fa41d0414141c6e6dc238f615f37348 88600 web extra libapache2-mod-auth-openidc_1.6.0-1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl3SoB5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkhzEP/3qANhRMDybhZIUoMT+aerDNdi72DJ7gXG5B OTKUTbDxd24NL8rsKWPxUwFMi23XH+vMxS/MPl1uiCNwaBEP7vHn5qN7AnCLIp/E IOM5zHTIYA8SjYNiBL9zllLsoYiKugozDhNR1J3Tw67ALbHwV89kCfp/Io0Hhx+l YnEaULxa1Y21SrqK9oyV/YXfavGTZrthKtGWjbQ4ZNqhz73XKt2aUY2jbA5R1NV0 BUOtJA7R1aCPYUNORoKGWpPZrXGsExjtqrXWhwu5vfDZ3E9cVkG0ssb6pQxLNNT6 zjN+27F7vpPXviuzdnQZlX50grd8e1E3nm2WBB3fUliYRW9iz9APT1HrNyTUzbCZ m37a8ulMMYClFsWYUyaQO3HybFS38b8SxD1MINThgvBTCBgIUDPrTjCoETWRDl0h +FmAMupL/5JBng4Dos84wiHaE5lFvbXl4voJ/BT7AWVGBQMFFtpScBsXzYc5s3cA Xig1jIMpK2/mWMs4D9UA0MMi5b3pkcRFzX8hG29a6JVZoT2bv8KunIiY2BXkpGJ9 lUTDIc+TT+40RlnDvEsWv08xd8BM87MTCNwC7tFma9B+kFxmuqN162fk5K9wetOW nlCyMR4ltnMsitTiei/087h/0uPiB7tX6BK0l3JNJU5j0D0vEbYNZAPr+9BOhD2a HsbJzhAA =ocab -END PGP SIGNATURE-
Accepted openafs 1.6.9-2+deb8u9 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 05 Nov 2019 17:11:32 +0100 Source: openafs Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver openafs-dbg Architecture: source amd64 all Version: 1.6.9-2+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Benjamin Kaduk Changed-By: Markus Koschany Description: libafsauthent1 - AFS distributed file system runtime library (authentication) libafsrpc1 - AFS distributed file system runtime library (RPC layer) libkopenafs1 - AFS distributed file system runtime library (PAGs) libopenafs-dev - AFS distributed filesystem development libraries libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module openafs-client - AFS distributed filesystem client support openafs-dbg - AFS distributed filesystem debugging information openafs-dbserver - AFS distributed filesystem database server openafs-doc - AFS distributed filesystem documentation openafs-fileserver - AFS distributed filesystem file server openafs-fuse - AFS distributed file system experimental FUSE client openafs-kpasswd - AFS distributed filesystem old password changing openafs-krb5 - AFS distributed filesystem Kerberos 5 integration openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source openafs-modules-source - AFS distributed filesystem kernel module source Changes: openafs (1.6.9-2+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-18601: OpenAFS is prone to denial of service from unserialized data access because remote attackers can make a series of VOTE_Debug RPC calls to crash a database server within the SVOTE_Debug RPC handler. * Fix CVE-2019-18602: OpenAFS is prone to an information disclosure vulnerability because uninitialized scalars are sent over the network to a peer. * Fix CVE-2019-18603: OpenAFS is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer. Checksums-Sha1: 98d7800b6252422a89cfb36354fc4c836f77c54c 4139 openafs_1.6.9-2+deb8u9.dsc ecff87c05d695ed27766b5e3df8b7b5c266f4af9 163708 openafs_1.6.9-2+deb8u9.debian.tar.xz 245798f2bf32e08c03d9afe48c656279fc40f6cf 1974614 openafs-client_1.6.9-2+deb8u9_amd64.deb d605f42061618928e6fc1090049548b6e6b4bca2 286130 openafs-fuse_1.6.9-2+deb8u9_amd64.deb ba5e20e39bf9a056bce7f43eab03f3369fb8cee6 200260 openafs-kpasswd_1.6.9-2+deb8u9_amd64.deb 0b9edc118155f5a9e7c82913e43d63480eabffc6 1310510 openafs-fileserver_1.6.9-2+deb8u9_amd64.deb 74462b97965e606bdd751b1782b75faac62d7bca 454012 openafs-dbserver_1.6.9-2+deb8u9_amd64.deb 98609b5c02e5dffbf6e381d9794ca4e6dfb1fad7 4001394 openafs-doc_1.6.9-2+deb8u9_all.deb f155102b926042bddd7ce3fe6ee8d5bae84c5113 259080 openafs-krb5_1.6.9-2+deb8u9_amd64.deb 3ae9b6a9de0cbc67a82403df650787ca6d0c66b1 91490 libkopenafs1_1.6.9-2+deb8u9_amd64.deb 8a5a8f86debf57517409b97ae44ef2317de6a4d8 214738 libafsauthent1_1.6.9-2+deb8u9_amd64.deb 738077472d2ffa9f5da8d44fbf6e5a0f473d24d9 199824 libafsrpc1_1.6.9-2+deb8u9_amd64.deb 9b7c34b03fe07b89bcc9062f9b840cd96e1bb667 1289796 libopenafs-dev_1.6.9-2+deb8u9_amd64.deb 46d7c350baf0ec4ea3e1c6be4c269246393643da 1159602 openafs-modules-source_1.6.9-2+deb8u9_all.deb aadcf39f2fcb3a64902bac5fe7dfbb3503cf8311 940888 openafs-modules-dkms_1.6.9-2+deb8u9_all.deb d260a52df95aea5b8a4fc22b6bb7b609ee69efdf 188110 libpam-openafs-kaserver_1.6.9-2+deb8u9_amd64.deb 353680d5378004a119b68f73783b3f90d2c2c177 21964230 openafs-dbg_1.6.9-2+deb8u9_amd64.deb Checksums-Sha256: 200158c9496b24ba56076371b28d29c3a3b17d5330517c25c6039963a956afaa 4139 openafs_1.6.9-2+deb8u9.dsc 5e1921526d7087304f5b252600fea522b3e8733c1028d8fa3cc1c29230fc770b 163708 openafs_1.6.9-2+deb8u9.debian.tar.xz 1521131efceb8c4082389023fa4e47b669b75319a968996d30814d7b24c368e4 1974614 openafs-client_1.6.9-2+deb8u9_amd64.deb 72f884f8878e845a8e735cf3291842df67008ab29237cec8ea9ed330ee319330 286130 openafs-fuse_1.6.9-2+deb8u9_amd64.deb 8ef47c259db0a331c7bc295cfc05ca23945e974f7483a4c79b91e18e5b2e9b22 200260 openafs-kpasswd_1.6.9-2+deb8u9_amd64.deb 6d33f17481a395ae76d9a599136902faecc9aa89e78889c9bde223fc51c60b10 1310510 openafs-fileserver_1.6.9-2+deb8u9_amd64.deb 72e57379de2c5b27a42111585fbd5b3a5dfb9bea4362d4ade548799687c6c0cb 454012 openafs-dbserver_1.6.9-2+deb8u9_amd64.deb 04d6437844fe370b4b7b9d340f357f3465ecb85bfda58dae10502c2f1ff3b447 4001394 openafs-doc_1.6.9-2+deb8u9_all.deb c06df4e719b3c41e2c6240ba582cd9b382febc490c2fde2ea15cf356fe63f286 259080 openafs-krb5_1.6.9-2+deb8u9_amd64.deb d7789cd56a5e96a0917b6fb2cdeb62f4748ca9ffaeb2d3213a7616fff76217f6 91490 libkopenafs1_1.6.9-2+deb8u9_amd64.deb b6515d657a50f6d92a16fce92b9aed57694f611856a514fdeae1d5ed22337c54
Accepted python-ecdsa 0.11-1+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 30 Oct 2019 16:45:11 +0100 Source: python-ecdsa Binary: python-ecdsa python3-ecdsa Architecture: source all Version: 0.11-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Markus Koschany Description: python-ecdsa - ECDSA cryptographic signature library (Python 2) python3-ecdsa - ECDSA cryptographic signature library (Python 3) Changes: python-ecdsa (0.11-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14859 and CVE-2019-14853: DER encoding is not being verified in signatures. Checksums-Sha1: 5a45df05c0c1cbd9a200e24d887adb2c5849a5be 2347 python-ecdsa_0.11-1+deb8u1.dsc f732f8cdb064bbe47aa830cc2654688da95b78f0 45689 python-ecdsa_0.11.orig.tar.gz 52cc3e3dd34e7e61efbe5f5ecf7111289b4aa70d 9008 python-ecdsa_0.11-1+deb8u1.debian.tar.xz 7b6a5883f0974c253dea3f4473e57ee869c72791 37136 python-ecdsa_0.11-1+deb8u1_all.deb 4e65cd21a68cb7e914671e941c6f4e6451411b53 37244 python3-ecdsa_0.11-1+deb8u1_all.deb Checksums-Sha256: 8928c9a311c76624d46c0509451bf8b2f86da8f26e537258fb9622dbf2a57e47 2347 python-ecdsa_0.11-1+deb8u1.dsc 8e3b6c193f91dc94b2f3b0261e3eabbdc604f78ff99fdad324a56fdd0b5e958c 45689 python-ecdsa_0.11.orig.tar.gz 53e4454c6b930704cec96a1ee13b6f04feb3cfda22ea0d875783a70bab89dc1c 9008 python-ecdsa_0.11-1+deb8u1.debian.tar.xz 3f2c28a10eaadb5d19d897b8e62566edbcfc01b2df5925a2e1e96d3d9924425e 37136 python-ecdsa_0.11-1+deb8u1_all.deb 828505ca4fc27f981a0fdae9334202b88be7df98e48c2ec3c9478868c7db9d31 37244 python3-ecdsa_0.11-1+deb8u1_all.deb Files: c9dbf6947678988cde56d1828e1b2c36 2347 python optional python-ecdsa_0.11-1+deb8u1.dsc 8ef586fe4dbb156697d756900cb41d7c 45689 python optional python-ecdsa_0.11.orig.tar.gz 5e45835a58413261c8da900e5fba8dc8 9008 python optional python-ecdsa_0.11-1+deb8u1.debian.tar.xz 19c94d67e2dc9d4f8cbe6206bea7251e 37136 python optional python-ecdsa_0.11-1+deb8u1_all.deb e62920034632d1cdde746e03a737f9d4 37244 python optional python3-ecdsa_0.11-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl25sSFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkYk4P/RURYuTcxi3KOVwiekHDoBzdPjmKSL1RZl3n 3X2KgNuowEAgqsEDcDiEn6kmd28KKfzHcuko4HJ2bslseKBbWWC9zRAkqHs/EbI4 Pfg9AoeCK2eCJP+Yr7joahAL4JLfXj4c9TNjB9NEgveQv5m6cKgYyc2RDwm4iNW4 j5XfF57uUZVbCLUsDbGrwFxqAQKx4sBoUDPHzy1porgrnqnjpeEZk6bhwFrEY/hd 5TH/fzBmR2GxoDVxTXkwn3aas+cMMLT91AjL88S0vE8R2RgpsWnAohV27UBGCAsL 6Ide4klpbUWR2YVbkYC5YuG8NCgB/xECIB0rfAxVSBBNt4Wgzkv+lBF5DUMYWlUi HV2z/pe3gJI25Y94GcVrdNLzRcBNUjYKvnN3IvnSqjmEnxjuCWvOfOl8cv8Y0EeE vameWRFddIA3EN++3QOKvA4JXe85tbMUbhBNvkMAGdRSVu2CtWiFkY2Cb5PdrSsY jGl7uHV++IOQql52XllyN/ro4NwW8vhiViLY0w74Uq7ZRS5WotyI/dsMqUZB9LNl bfyNEkZTJ7q2cD/27UffniTBEE/dnNHGPVGJn8cavCISPtoT/gD9+CSyOjw3EEQx gth1uf2ADzypOa7IiDjlNREQYcFkRTt9nEgeOwsKIV/edegVN1AnINnhsVehpN/R iW04AcYe =VyTP -END PGP SIGNATURE-
Accepted libxslt 1.1.28-2+deb8u6 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 27 Oct 2019 17:44:26 +0100 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.28-2+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group Changed-By: Markus Koschany Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-18197: In xsltCopyText in transform.c, a pointer variable is not reset under certain circumstances. If the relevant memory area happened to be freed and reused in a certain way, a bounds check could fail and memory outside a buffer could be written to, or uninitialized data could be disclosed. Checksums-Sha1: 27736ef618a2034bf2d340688c86a01e8b9b5049 2554 libxslt_1.1.28-2+deb8u6.dsc a1de958ba0919012bdf478ee7acc1f837499a375 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz c6f15f7860b041925e8be0c6c1ba53e66b79795d 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb ee2bcfad75a1237204d15787c333c243cc1040ea 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb 659451ea317913741efe0e60fa6abf7ebe9544e3 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 285a252b0eec60346360d7ce2349781aacaa4360 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb 0c110158a0b05b699a0f2bf2a01c8acdd1360f02 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb 58f27c0eb646aaefdc11949ca1ce0e2b22a6c9f9 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb Checksums-Sha256: ff3073e4ee00c3b3a43867e65c69886c104ce71cd02d0960610345a00f974e66 2554 libxslt_1.1.28-2+deb8u6.dsc 43c944cc8671b1ba89b34d385629baa276cf5d58d48d5c70403ec4b95e564658 41288 libxslt_1.1.28-2+deb8u6.debian.tar.xz a284c91b5b876b35fe7152353df107bba126673d156d709659cfd15b907bf990 233156 libxslt1.1_1.1.28-2+deb8u6_amd64.deb 041a1958f91625d0ae71dd7934338a974875be72c8a984a10697f1c3cb4b919b 514292 libxslt1-dev_1.1.28-2+deb8u6_amd64.deb 2ab2ca73479f03c3c572a830563d4e45db694516a236ba7b287e8559fd62348c 480752 libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 126d4902b9f5622954375e908f529c584eada5d10ed8d1a1b9c5d25bb7b9468e 119342 xsltproc_1.1.28-2+deb8u6_amd64.deb ddf0e756c751addc4f8de2a5f3346941ca70f4fb9af43f2d8dc224705719b72d 139478 python-libxslt1_1.1.28-2+deb8u6_amd64.deb b9a6d0d15acbc4a02dedb3d26036a6f0c51bb758d073cab9d533f6cd306828a8 222864 python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb Files: 4d2741b8d87e42b59094e44bc1a83f46 2554 text optional libxslt_1.1.28-2+deb8u6.dsc cc37248dea1a862092ddd36c7ca73cc5 41288 text optional libxslt_1.1.28-2+deb8u6.debian.tar.xz 6e21e70fbe49d4753aa86444bcd3f725 233156 libs optional libxslt1.1_1.1.28-2+deb8u6_amd64.deb fd6cc2b93fa155a7d938de6f192f8596 514292 libdevel optional libxslt1-dev_1.1.28-2+deb8u6_amd64.deb f620d248360640944af89b6ac450377a 480752 debug extra libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb 34e4abf0dc8cd46c9fd5d78dae487807 119342 text optional xsltproc_1.1.28-2+deb8u6_amd64.deb 65a56c7dba6349e357813deebc632e6b 139478 python optional python-libxslt1_1.1.28-2+deb8u6_amd64.deb f24ea6c31c82238a292ef6f03feafaeb 222864 debug extra python-libxslt1-dbg_1.1.28-2+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl21y5NfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRhcQAJS6K4y95uri0gkviF0Nxhe3U9FI9TZKG84Y KbJkMrHE4dsBXVQ0xIiTpJq4spZrM18WUuT/EbaR80DGIbrxOHqPS5gQDAP2T3AF 7ZOPuLIi0eOlLYkUBaS6VNpIxFW+Uc+5KGddX8AnDSz/kwU6miRM7fujXi0MSyc0 4p4YmGHdsez46ImHUzca466Ygc96vTqgm+4Ny0vz9SsTljry61qT3++ZV0BNfFu0 9q6mJTqsfYOtxtBveNr/xgm99bqhovaY+UrB1D+JL1S9iUEvQpbFNyKM2MDFWwEf BHQj8EVKAwTkUsFNaaYoL9Pvock+Y8rmgpj9DuaV08Z89JA/OpAjxmcnxJoNrFkk wMDEIgQb33pJS7hOyem9rf9HSly9B0SziBahGkvGAuItdD7/XVYZqWt7uIcChZ5A M1WftDBAmohqOGMtzkBTc6jS4d0HO6EcSyyTe/VR6l5mI1waz5BGbMQRBJzS/Qcv Fatl5RE6uBU5ykFkxpS9rBH0X+PsqwWLf2RKuePcKYrd+lNkiSN5BlPlBUorMDG+ 11CFTDYy2ecMJtRW0KAl7PU5ZVueHRXJdyhUrlnymUNAus3p5bupQF32ffpRNOVg 6MGktZ8J3qKhtOcCIhrX1u2K3YxHg0DVnx6KX1GL7oXNofXroR+KmjzXCWxV1EUa pe1msKdr =MC3e -END PGP SIGNATURE-
Accepted aspell 0.60.7~20110707-1.3+deb8u1 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 19 Oct 2019 19:06:33 +0200 Source: aspell Binary: aspell aspell-doc libaspell15 libaspell-dev libpspell-dev Architecture: source all amd64 Version: 0.60.7~20110707-1.3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Brian Nelson Changed-By: Markus Koschany Description: aspell - GNU Aspell spell-checker aspell-doc - Documentation for GNU Aspell spell-checker libaspell-dev - Development files for applications with GNU Aspell support libaspell15 - GNU Aspell spell-checker runtime library libpspell-dev - Development files for applications with pspell support Changes: aspell (0.60.7~20110707-1.3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-17544: It was discovered that Aspell incorrectly handled certain inputs which leads to a stack-based buffer over-read. An attacker could potentially access sensitive information. Checksums-Sha1: 86721b3c61d310edcf58db802f6cb73b2810a8ef 2393 aspell_0.60.7~20110707-1.3+deb8u1.dsc b5a41b92d70740efe7785baaefe1616c69c34637 1876992 aspell_0.60.7~20110707.orig.tar.gz 4ff3698e10196836c038d71fe7026da89c5b0e17 121868 aspell_0.60.7~20110707-1.3+deb8u1.debian.tar.xz cc49243eee50a539203903c818581fea12d00ba8 260720 aspell-doc_0.60.7~20110707-1.3+deb8u1_all.deb 0dd8fc63c66fbf5c5052f48283a1c4e2237c74ab 229856 aspell_0.60.7~20110707-1.3+deb8u1_amd64.deb 034cf6c4241ac3239c40b8ef880640b0e4af756a 358532 libaspell15_0.60.7~20110707-1.3+deb8u1_amd64.deb 39b9df4769603c1703f1f6be2f01ff730ba18b67 40052 libaspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb ea27ecee7c476be874688fdcfe4e62ee1685972f 37156 libpspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb Checksums-Sha256: e690806db82932021292dbe25185e1d49f1d8993c7e5fd71d14898cbf3738d9c 2393 aspell_0.60.7~20110707-1.3+deb8u1.dsc 71a41224e224af08a0051a9048fc0b4a912acee997d4870cfd68bd7327c45b61 1876992 aspell_0.60.7~20110707.orig.tar.gz 0e7073dd5a460dc49175941836373f9e8eeb7f3b2e7fca9b7986f2278b904500 121868 aspell_0.60.7~20110707-1.3+deb8u1.debian.tar.xz a2742110ea724f474a702f8343430dee17aa04a8b6abb879443dcf1ed86e707f 260720 aspell-doc_0.60.7~20110707-1.3+deb8u1_all.deb 4c1659856dd0b3f08ce6a40544fea9f381924e60e98e31d2953870c254edd78e 229856 aspell_0.60.7~20110707-1.3+deb8u1_amd64.deb 261a45e8ea433eb3d2e2006cc0d7e121e70c44fba86ac90157532bcd39c11650 358532 libaspell15_0.60.7~20110707-1.3+deb8u1_amd64.deb c4026de784e5c7c4e5a6da8bbd4e0b96de94f7447cdf589dd79d4957249ba642 40052 libaspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb 7551835b73a115d3322f651c0860fc1e67ec9ce539d3f958f886d242ae442114 37156 libpspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb Files: 0e14f8448aba48c61cf98e016f9e5ea8 2393 text optional aspell_0.60.7~20110707-1.3+deb8u1.dsc 9a80faddad3222b88c544e93d2ab9579 1876992 text optional aspell_0.60.7~20110707.orig.tar.gz 8839c1c349fa97a4acf627401debf5f0 121868 text optional aspell_0.60.7~20110707-1.3+deb8u1.debian.tar.xz a076cdab1b090972fdd21ccf917e8c07 260720 doc optional aspell-doc_0.60.7~20110707-1.3+deb8u1_all.deb 53dd4e49ba937c6b0e67a00d6537df8b 229856 text optional aspell_0.60.7~20110707-1.3+deb8u1_amd64.deb 76b22211789c1fca02a56e3cfe4bd370 358532 libs optional libaspell15_0.60.7~20110707-1.3+deb8u1_amd64.deb 634ddc4dd0bf75008b94f73192d6a8fa 40052 libdevel optional libaspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb 579aa398a6d49cb8073ce5a9d4ca735a 37156 libdevel optional libpspell-dev_0.60.7~20110707-1.3+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2rSZ5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkw2MP/1rY6wsjfqpJx2AdHHgGwTaqIjUonLK2zsNg BU1ZdvyBdPqWr23OUYHMyHbSgLe5548OeQNoW4aSSwlH+KhbdeHz8+MB4fKKxi0d aL/TIBi6JoeexcySNG+yBhDlmUATqEYBpK9kbyXNetxeC00FAo5YSblCXmlob4xc 9ZbJ+wP4cfiNnDPliXaAS823vUu6EHgls5nRFjvlzC53ZpQM7EnH4vWvQzk8EK6o 6J0zrqo1JOaWu3WwVrN3MK3ewPpSTURYB1wiZBPVP0wnynVGkKCGAGEW5nd4FEsF xtZBu2Fn04nq3+rt8WplqdtaBWddV054+Gr/78JR0KBDUKdZhUtzDmPo9YIiheYb 6nmxJ+AKpg3fHniXauunp+diaJQTrDPRXK+UZaWE7qC31nzjVpafEqDpJqw/QNKc NSbO7IUgAxaMdSjC4dcz2p4AygO7ZTGhnQRBt25Yp2bFO780tuyzW2z6HSeQvZ6O 6srMjNfePkDNMQIgCI7n2YAtwk/XmzOJzzGX/cHg/PCoO/tZSGA/p29RLTLEWCU1 lLOVbVNTGQeAKbJ4Xb9319f1+WFNRIzd0Zj8fEATCvwjOuENpfbceo6glixNeiCk 4J3Did/7ezpv15s9dsRUf23jRJcoOtP/dkcyeOmTkJfQ/msbqbODUrqAV+imeEbp 0/MSadnT =M/KM -END PGP SIGNATURE-
Accepted wordpress 4.1.27+dfsg-0+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 16 Oct 2019 17:27:09 +0200 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1.27+dfsg-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Craig Small Changed-By: Markus Koschany Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Changes: wordpress (4.1.27+dfsg-0+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * New upstream version 4.1.27+dfsg. * Fix CVE-2019-16217, CVE-2019-16218, CVE-2019-16219, CVE-2019-16220, CVE-2019-16221, CVE-2019-16222, CVE-2019-16223. Several cross-site scripting (XSS) vulnerabilities were discovered in Wordpress, a popular content management framework. An attacker can use these flaws to send malicious scripts to an unsuspecting user. Checksums-Sha1: ad33c0b4cf8d97daaf1d85ebfc37906c60391512 2719 wordpress_4.1.27+dfsg-0+deb8u1.dsc 2c5c7879aa7d60d45b926ef3e35d3609d77ea1c1 4655716 wordpress_4.1.27+dfsg.orig.tar.xz 97bdb687d8736a51020e36392a57355b109278cf 6004220 wordpress_4.1.27+dfsg-0+deb8u1.debian.tar.xz fabf3372f4ef3cfe2387a965c2986da13d8965c9 3070800 wordpress_4.1.27+dfsg-0+deb8u1_all.deb e2843c6862a6b789994c6b58fa814da52b3783f1 4271518 wordpress-l10n_4.1.27+dfsg-0+deb8u1_all.deb 5dda88ac633db0e2f7c871114cc74cbf8807a6fd 504996 wordpress-theme-twentyfifteen_4.1.27+dfsg-0+deb8u1_all.deb 5863ff7226f696adca6f9fadba712c719e5958c9 804244 wordpress-theme-twentyfourteen_4.1.27+dfsg-0+deb8u1_all.deb ce37a25d01e21bcbbb43353c0836f2e3fdb2044e 323390 wordpress-theme-twentythirteen_4.1.27+dfsg-0+deb8u1_all.deb Checksums-Sha256: 5261ff684e58b6a6f907f1da16085f03af0bc8448225e412333060322db97e09 2719 wordpress_4.1.27+dfsg-0+deb8u1.dsc e25c8f6137f9bbb64265dbbdf9b23b111618c654658a3e4f34edb106dfb3bd41 4655716 wordpress_4.1.27+dfsg.orig.tar.xz 7757feea993d403f97b6f5fd2f07f0eb24681d9a26d1b58844ca3c36a94d6bb6 6004220 wordpress_4.1.27+dfsg-0+deb8u1.debian.tar.xz 335687a18973ff2392703d8c82b67ee570804aef5f06a6ddd34048818fcba692 3070800 wordpress_4.1.27+dfsg-0+deb8u1_all.deb a777da1958772de17b76dc3ef84ad458e2b71b65b24ddcb68f28fcaf7107629a 4271518 wordpress-l10n_4.1.27+dfsg-0+deb8u1_all.deb 47c9be507cbaf1155975bc331c932fc40523db585f6a9f973e16cc06a0574b79 504996 wordpress-theme-twentyfifteen_4.1.27+dfsg-0+deb8u1_all.deb d6519a0dd35a49c19dbc623797c8650082ccd41885c53bd007cda784b4a82dd5 804244 wordpress-theme-twentyfourteen_4.1.27+dfsg-0+deb8u1_all.deb 03f52e63dd80805ace08967a7ee9f20023a58000121b222cac80c4ad42a58311 323390 wordpress-theme-twentythirteen_4.1.27+dfsg-0+deb8u1_all.deb Files: 9d778f4d68171f534b9715ccd9b92109 2719 web optional wordpress_4.1.27+dfsg-0+deb8u1.dsc 9ec1df5a6c7fcf3359ac277ce0239e56 4655716 web optional wordpress_4.1.27+dfsg.orig.tar.xz 5aa7c1c0ac75514864b04e6488206d3a 6004220 web optional wordpress_4.1.27+dfsg-0+deb8u1.debian.tar.xz 900a2f1f0134a452a65d673fdb1a436b 3070800 web optional wordpress_4.1.27+dfsg-0+deb8u1_all.deb e2c61543da84b423559fe5e3a5b94db3 4271518 localization optional wordpress-l10n_4.1.27+dfsg-0+deb8u1_all.deb 94e7402fe452abfb0f9c3469c2be9d5e 504996 web optional wordpress-theme-twentyfifteen_4.1.27+dfsg-0+deb8u1_all.deb cf07fb244e35e4da8933421ce7c289ff 804244 web optional wordpress-theme-twentyfourteen_4.1.27+dfsg-0+deb8u1_all.deb 39bfcabbaaa5f4bde76f27ae7df089d3 323390 web optional wordpress-theme-twentythirteen_4.1.27+dfsg-0+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2ok8lfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkuw0QAIXXs/4uVN4SH9njDJXRHRYKs4UugrSxSBOB vb6Y3kz6mfufczBLnTlziYUXOaMkp1BMXBmLLgbJvLIUzVk4oYNvR0EXmHSjYQYg K8EI/cCsOSKRn05Uo4qG2o8kk4rzxANbsgq0KuvqJQt382w/Pbom5mDKmldX8zMG 6QyofhBWBTD6ErvK3Se+3cgMqUi8YEyrdFF+ow8/GyNH/a+DlQHABnjakbgjoMea 2iSh9jDrzb8vmP4HYIi/bhn6ogGkbW7MH5jHEsl9lXPM9djHqphrLp3+yQ9nAZ9v 1ggFrLErLGXXvA5L/MDA+ljPVEQwAR7a3CbBNW7RU/axBEKcn1i+7R6bQy76diuB f/CZoAruI09eyX5G81oHB3SVvpREQai2gyIebQ+MtH7YDLAZptbrYrdbYhRwCYTO z7D2HLafFsKg4T/2eFiQrDuCob5DyIG1byKXWfbTeicN/UO1Yp20alKu2CXc26Sw v916Af++/iUxuHW3rz0FCjC/kAWORe6UW/WunqZEgdaBe1d4FoWrwFdQ+uZ9K5oS 6Mpr5K01CO4gHzrqDwHfhmFo1C1rnQsiU+8aruCPhs5eqqx8N6yodc0aBYkLWmq6 hwVKIzkERtv2j/qaiXDGMtPBVljgZ9qjaAbKlLjnBqz9BaSPwR8gmDv4qSfCvEq7 a8fOmPny =hwu2 -END PGP SIGNATURE-
Accepted tcpdump 4.9.3-1~deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 10 Oct 2019 18:44:32 +0200 Source: tcpdump Binary: tcpdump Architecture: source amd64 Version: 4.9.3-1~deb8u1 Distribution: jessie-security Urgency: high Maintainer: Romain Francoise Changed-By: Markus Koschany Description: tcpdump- command-line network traffic analyzer Changes: tcpdump (4.9.3-1~deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Backport 4.9.3 to Jessie and fix CVE-2018-10103, CVE-2018-10105, CVE-2018-14461, CVE-2018-14462, CVE-2018-14463, CVE-2018-14464, CVE-2018-14465, CVE-2018-14466, CVE-2018-14467, CVE-2018-14468, CVE-2018-14469, CVE-2018-14470, CVE-2018-14879, CVE-2018-14880, CVE-2018-14881, CVE-2018-14882, CVE-2018-16227, CVE-2018-16228, CVE-2018-16229, CVE-2018-16230, CVE-2018-16300, CVE-2018-16451, CVE-2018-16452 and CVE-2019-15166. Several vulnerabilities have been discovered in tcpdump, a command-line network traffic analyzer. These vulnerabilities might result in denial of service or, potentially, execution of arbitrary code. * Refresh disable-tests.patch and disable tests that require newer libpcap features. Checksums-Sha1: eff9c244ad13ac76ac4cf59d09eeb2c894bf711b 2101 tcpdump_4.9.3-1~deb8u1.dsc 59b309f3620ac4b709de2eaf7bf3a83bf04bc048 2333119 tcpdump_4.9.3.orig.tar.gz 26862474a4f758ae8467b202d48bbe3af295ac44 13824 tcpdump_4.9.3-1~deb8u1.debian.tar.xz 67167e1edc675f11a54101ad213ce751f78586ed 391444 tcpdump_4.9.3-1~deb8u1_amd64.deb Checksums-Sha256: bb9af8e9ba7916b44806e9d71a7d5a3423de47f28308f3fa7132757e77fdaea4 2101 tcpdump_4.9.3-1~deb8u1.dsc 2cd47cb3d460b6ff75f4a9940f594317ad456cfbf2bd2c8e5151e16559db6410 2333119 tcpdump_4.9.3.orig.tar.gz 7a16f76673f35c4706d4f5b5be4ddae264ab0889684e00f27ad1476e57a2bc9c 13824 tcpdump_4.9.3-1~deb8u1.debian.tar.xz f378249d71735bb63adbca80f1157b419c4436b39028321819b10fa5c3627d2c 391444 tcpdump_4.9.3-1~deb8u1_amd64.deb Files: 168dcbb9750597a311364d702f7f506c 2101 net optional tcpdump_4.9.3-1~deb8u1.dsc a4ead41d371f91aa0a2287f589958bae 2333119 net optional tcpdump_4.9.3.orig.tar.gz 072abc1d9b562618f55a8e2e9dea45e7 13824 net optional tcpdump_4.9.3-1~deb8u1.debian.tar.xz 5aa92e1e3a63b38952173ba65556eff2 391444 net optional tcpdump_4.9.3-1~deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2g2O1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk6nEP+gPtlbI6dGH0+TH9P+3R2GU+EOpmuFA6edFA a80nUsPcbhkeuBZQL9OyZl+6Phgo0RBt5T9+2jEeiQs/H6Ubvw4RggeMscrr7NcM NOZxRgzV+iH5NGFaQt349dDtP/fqdQO5TC/sZKicQBmCik+pwvZe7GjW5R10zDwW X3NFrF1w/SW2KqJ497hGsJNX44Iq0uKHCf5H4guHvOKBqDyIgel11Eg2g2Dypm2z LrZ6upWOmk2dgdVjaDMFYtLK6bJJ+qZ82JakuBSmQQylBQVjQmAAs7skgRvmK4lf 6yxaFpiwrzqvrJCUIg3eOLsj0dBWZFKM1+IJjvvrFyLGq6E0OK7d1T2FRucuVpo/ 6zBS9gK6M1cgI4RokZbFAHvX8Z0k2ZHJuQCiqR2uoGoGTgatu3gyNGC8H/B0tFBG G068Oqiq6Y2N69LLlADkGz9/HzDXGJvfVwfRdIh9ZKPtayWDK/1MzgdpniCPQ7w0 ShpMLlaFU2oINz/x4hIlOMRV1SrS9bN6pT4rc3fsxrJ8BygUFsRINODdAr/AIv0v h2HPQNZW4IYQvqgpdOR7IKaLnksNcao7dmZskZbT8r9duG2E8ydv6SfMtGLA64O8 nsxHvSdlB94XDNhQax4I7Y+2ySCBXLMmc7lpobrmpcGAJNtwk+EtiHvcYyrC5OkD pBce8Hua =fJkh -END PGP SIGNATURE-
Accepted lucene-solr 3.6.2+dfsg-5+deb8u3 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 09 Oct 2019 17:41:55 +0200 Source: lucene-solr Binary: liblucene3-java liblucene3-contrib-java liblucene3-java-doc libsolr-java solr-common solr-tomcat solr-jetty Architecture: source all Version: 3.6.2+dfsg-5+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: liblucene3-contrib-java - Full-text search engine library for Java - additional libraries liblucene3-java - Full-text search engine library for Java - core library liblucene3-java-doc - Documentation for Lucene libsolr-java - Enterprise search server based on Lucene - Java libraries solr-common - Enterprise search server based on Lucene3 - common files solr-jetty - Enterprise search server based on Lucene3 - Jetty integration solr-tomcat - Enterprise search server based on Lucene3 - Tomcat integration Changes: lucene-solr (3.6.2+dfsg-5+deb8u3) jessie-security; urgency=high . * Fix CVE-2019-0193: The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat7. * Disable the tests because they fail because of network errors. Checksums-Sha1: fd987c87ced3fa3b3a87f15095b91c82503a7403 3374 lucene-solr_3.6.2+dfsg-5+deb8u3.dsc 11d233a1bd426cafde9ef92f650d3b68bc4772bc 51716 lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz 9035e6d2aafe86828f6a0d07dcc6fe87d94ed822 1502544 liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb 468c79a9771f7f532e4dc6c703e20e0f0a3abbb2 10893314 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb 26da0f4e763dea11f409d24216c36ab0c91125b7 4806728 liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb 2f12b558e2027bc15cd57fccb264ca4261c53ad9 1962046 libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb 274b94227a6e0a11ccbd7295c51a4cac43cd73b0 145050 solr-common_3.6.2+dfsg-5+deb8u3_all.deb aef4d8697048f1e44f5d787e4b30bf4a22d4672c 9352 solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb 36a1ff295fe4a45fff19cc40e829953ecb97ce92 9038 solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb Checksums-Sha256: 6a66eded5410ac3efbe2c984a48a985cbdf66cb0936bebc46719656fd1e54fb6 3374 lucene-solr_3.6.2+dfsg-5+deb8u3.dsc e46c4fcc5edd66e2b1991e6c3adf60ff32b43c66c96d31765606280be86b8326 51716 lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz b7f039573517477ad3e81079d6224896cae49dde840188aa37874b7588488bfd 1502544 liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb 30525365c52ec364daa8ffca1397ad58a1245db4975b060f535e170b35d71c0d 10893314 liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb 5f6bd58868811e7244e504d62dc7a02be3fbbaa6aec7e5a27243542bc73c1712 4806728 liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb a5cad2effb061f3dfb8c41ad9984c466b3319449141df2a7db5d4788deb5a792 1962046 libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb 636dbcdbdb8b8ab73d3baa7ffa1aeecd891a3a7c73270c237cd9c31a6285d136 145050 solr-common_3.6.2+dfsg-5+deb8u3_all.deb 887e832fa73e07d885a455464fbea53493a21b1f782a5a2254001ad7a8c6baae 9352 solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb 0fb484f1b36bd8199135f8e921cff353f1b48e9056c09134d87a404b344943dd 9038 solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb Files: b2a9a530f14341e554095fad1b6ca6aa 3374 java optional lucene-solr_3.6.2+dfsg-5+deb8u3.dsc dcc55cdadb87f1d79e0d34b3247d3dea 51716 java optional lucene-solr_3.6.2+dfsg-5+deb8u3.debian.tar.xz 1802220e6016f48bc56a849b76b470dc 1502544 java optional liblucene3-java_3.6.2+dfsg-5+deb8u3_all.deb 8e82552802043cee88bf4a0c3bbb1463 10893314 java optional liblucene3-contrib-java_3.6.2+dfsg-5+deb8u3_all.deb 7d1088e6c38d01b4c0bdae1cd19d63bc 4806728 doc optional liblucene3-java-doc_3.6.2+dfsg-5+deb8u3_all.deb 5c4144431a04586b90928f48b3a60c0b 1962046 java optional libsolr-java_3.6.2+dfsg-5+deb8u3_all.deb 6ebc8515b2abcb5b58a9bbc6df6cc22b 145050 java optional solr-common_3.6.2+dfsg-5+deb8u3_all.deb ac8a29380fea8af59f9ec87a7c2c561e 9352 java optional solr-tomcat_3.6.2+dfsg-5+deb8u3_all.deb 8b94ab4dfd1236c3d62b9efe47157ae5 9038 java optional solr-jetty_3.6.2+dfsg-5+deb8u3_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2fXEVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkE/gQALC2xmOMgs6vqfHInGOIpnIbOzaJNOdNSUdM vL1Yf2IVYxMIjb6ksQWmtDrTyGExxpdB35383cEuYI+rvV1cAsZZNsY
Accepted jackson-databind 2.4.2-2+deb8u9 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 02 Oct 2019 21:36:21 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14540, CVE-2019-16335, CVE-2019-16942 and CVE-2019-16943. Deserialization flaws were discovered in jackson-databind relating to com.zaxxer.hikari.HikariConfig, com.zaxxer.hikari.HikariDataSource, commons-dbcp and com.p6spy.engine.spy.P6DataSource, which could allow an unauthenticated user to perform remote code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. Checksums-Sha1: a006955a518980e131a1d9a5d8063e833df23e10 2691 jackson-databind_2.4.2-2+deb8u9.dsc 7fceb674852fbd91daec6f878e409eeb8f617474 12036 jackson-databind_2.4.2-2+deb8u9.debian.tar.xz 84974bde19f0edfecd5b5351b20e71c32b784b6b 987756 libjackson2-databind-java_2.4.2-2+deb8u9_all.deb fa0f054ee5e220c95d232d3e2e435312bc4c6ab0 4743850 libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb Checksums-Sha256: f7a05cc38f9ee4d9778e8c7aa4d7cbeb1824387849bea588f1f62625110170fe 2691 jackson-databind_2.4.2-2+deb8u9.dsc f5b9374cf02b2c19411275cbad2f669271e1eeed10eea868df133554e92c07e1 12036 jackson-databind_2.4.2-2+deb8u9.debian.tar.xz 43af9463c6b0bcf20d2944bf088a3b9b609c0f2f80d82d6a140e66100914289d 987756 libjackson2-databind-java_2.4.2-2+deb8u9_all.deb 64311ce46e1e5e9e068a5e685d68f55863b475bd83d141a6d9cfb1c698d592cd 4743850 libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb Files: 4ffc12233765570d3d2ca979fd86bd1f 2691 java optional jackson-databind_2.4.2-2+deb8u9.dsc 92fddfbe7726055ec0a2c0ce66943762 12036 java optional jackson-databind_2.4.2-2+deb8u9.debian.tar.xz e0c42e490609be5e452effc14e29098b 987756 java optional libjackson2-databind-java_2.4.2-2+deb8u9_all.deb 753cc52f350a7f18edcf258987e1a12e 4743850 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u9_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2VEehfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HktgoP/2NT5QL8X1H3d++fbLuVT8mNSKzh5p8Ygynf jIW3DFt/YGnw0h7XI8mGy23zX+ZSolUIBR2bVy0/Ybj8+8FY/0QW9txfldF5/ZeL JdyLkNYB+m1AX3VBWJP/0vvMztis+J99couYjcDJ5hRFgW2Q7j6oGqy1GiLNlBZK 4eKq2ju0Jz3ZQO4byMdHx0+qP6NjSxvQlmizOmycE0EnUb3W2FenFR6FyWwmvZlX ulwqFx4amUQJRqjlCLZrLACiVcKaXpFfcRrCj2+Og335R4m6JgSdFR65uvlKfMzg qKeA65VNtBUyZ9WvXgqCpGW1McsFFICkRaE/QLFXewJmRi7WZDfE9l4ELGMlLPq+ hxw4r/KcV7jocQLFE/+EWSC3VbmJjEe1JdfTE0Uv9UUBd2cXLOW3ps0uIHgeOL+x CRLHXqB+sRD21EMeDRG/YjVzCqcV6JRtpKHTTqOtJ0vR+XCa6I3ZHgtoLu4LCOfD B9nEzaC8DrtW9ba9kh2dMODspH0pyGRFykpJYccPa7nrSPbPdbnG/Qksrf7ojs0/ Hp6JNIvsOSn+7IyJlqqcBTrqiOML6H7KhnGirHAEEy9SeZKdOEZqxZ+crNwbJGCw stdVMgFAP7l3IH16YUyde+bGZLp3VgHiBeaPQ+AGDmzFCbmoWNKMMEtUr08feAJR nmfXny4T =4QEu -END PGP SIGNATURE-
Accepted apache2 2.4.10-10+deb8u16 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Sep 2019 21:21:12 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.10-10+deb8u16 Distribution: jessie-security Urgency: high Maintainer: Debian Apache Maintainers Changed-By: Markus Koschany Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin apache2.2-common - Transitional package for apache2 libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Closes: 941202 Changes: apache2 (2.4.10-10+deb8u16) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix incomplete fix for CVE-2019-10092. Revert the old patch that introduced a new CSRF protection but also caused a small regression. (Closes: #941202) Use the correct patch from upstream. https://svn.apache.org/r1864191 Checksums-Sha1: d0bc1aaf7f1bc6eb19f36cff534c8111f2b93867 3432 apache2_2.4.10-10+deb8u16.dsc 6ba90af44ddec40b51f0d56db2f256a275fd6e06 570212 apache2_2.4.10-10+deb8u16.debian.tar.xz 58bbdedcaeccbf3ef390454de5d42b02cc96ab38 1146 libapache2-mod-proxy-html_2.4.10-10+deb8u16_amd64.deb 676502412c4c6179a101252866ef9ecf5d3e1949 1138 libapache2-mod-macro_2.4.10-10+deb8u16_amd64.deb 7192470d7b0c35bf9c73a64d4e39f8ea04cadfaf 209216 apache2_2.4.10-10+deb8u16_amd64.deb a1132fad4b6f57fbdb841574d77e3cd4fc056ea2 162528 apache2-data_2.4.10-10+deb8u16_all.deb cfc03d8c6019a4f5b1ea780a6f1f45710f1d0bad 1041016 apache2-bin_2.4.10-10+deb8u16_amd64.deb 29df62db277b06a3c46434c81e120eb31914b477 1502 apache2-mpm-worker_2.4.10-10+deb8u16_amd64.deb 55cc9c21b4aece72f042de6ebb3873141d820d91 1504 apache2-mpm-prefork_2.4.10-10+deb8u16_amd64.deb 5032774614a3c0d77bc19b382f1b8263b8a682e3 1504 apache2-mpm-event_2.4.10-10+deb8u16_amd64.deb b30328ecdc4d622f9f9edbce04f8fe51fae71d1e 1504 apache2-mpm-itk_2.4.10-10+deb8u16_amd64.deb 9c64554e5c518a44b4897710583c894c00f61ee6 1694 apache2.2-bin_2.4.10-10+deb8u16_amd64.deb 2ffc18d1a4e951ba8b18c2558f612e62ecb21688 126212 apache2.2-common_2.4.10-10+deb8u16_amd64.deb 7605876ef390767b67c6a568753cf7f3f62da099 196496 apache2-utils_2.4.10-10+deb8u16_amd64.deb 1cfcb6c45e3510085b9250dbe285f2fd264c105d 1646 apache2-suexec_2.4.10-10+deb8u16_amd64.deb be36567949dec086023ee3aaef46e2988579c44c 131398 apache2-suexec-pristine_2.4.10-10+deb8u16_amd64.deb dfb3e7ddd459f02ed64e4206b0af32bd18602119 132906 apache2-suexec-custom_2.4.10-10+deb8u16_amd64.deb 0ff67f0f580d27b1cef55028d38144d6314ce769 2755358 apache2-doc_2.4.10-10+deb8u16_all.deb 3bcff10f76e62655fbbd1e723002b5be1c745cd4 283646 apache2-dev_2.4.10-10+deb8u16_amd64.deb 85b94a1979e71d52dbd3855114a0d4f27027fb09 1712932 apache2-dbg_2.4.10-10+deb8u16_amd64.deb Checksums-Sha256: 9065182ee32b97d4e27283bdb5cafba2b10556241fe17122f57210da2245249a 3432 apache2_2.4.10-10+deb8u16.dsc 85ec5e71e28d2fd20c367c2f40f88c0f235cae61f1767676fc4975965ecb6cd2 570212 apache2_2.4.10-10+deb8u16.debian.tar.xz b28ad9b3f29c12b747050d51696fbb4063ba39afefcbe616bc364683f1732ed6 1146 libapache2-mod-proxy-html_2.4.10-10+deb8u16_amd64.deb 0db337eb467164b1f367ee42fa4a4b76cdaa474aa15bfb9fb8c452ec16bfbfe7 1138 libapache2-mod-macro_2.4.10-10+deb8u16_amd64.deb 7e6ac94653298ee7bb5e0d14a43414f7b25d19cdbb248b8681735b21bd3cd4c0 209216 apache2_2.4.10-10+deb8u16_amd64.deb 1680227257de5a85489e0b40024e1dc180be1e3a032f3af742e24e689065002d 162528 apache2-data_2.4.10-10+deb8u16_all.deb df57a29d9ea4224050dccb8a0b9182017d8a3fcda24d53b5d5cdf0457895b9b4 1041016 apache2-bin_2.4.10-10+deb8u16_amd64.deb 5158f9c9e2f34e891f645e616cfa6fa7b1f212fdf88eb3077a88131aa3756f29 1502 apache2-mpm-worker_2.4.10-10+deb8u16_amd64.deb c05c95f57b22a0a577e8b62ef44d9e727b2dafef47f6bab6e2a91d920aa81e82 1504 apache2-mpm-prefork_2.4.10-10+deb8u16_amd64
Accepted openssl 1.0.1t-1+deb8u12 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Sep 2019 19:47:32 +0200 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1t-1+deb8u12 Distribution: jessie-security Urgency: high Maintainer: Debian OpenSSL Team Changed-By: Markus Koschany Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information openssl- Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1t-1+deb8u12) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-1547: Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present. This can occur even where all the parameters match a known named curve. If such a curve is used then OpenSSL falls back to non-side channel resistant code paths which may result in full key recovery during an ECDSA signature operation. In order to be vulnerable an attacker would have to have the ability to time the creation of a large number of signatures where explicit parameters with no co-factor present are in use by an application using libcrypto. For the avoidance of doubt libssl is not vulnerable because explicit parameters are never used. * Fix CVE-2019-1563: In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or decrypt any RSA encrypted message that was encrypted with the public RSA key, using a Bleichenbacher padding oracle attack. Applications are not affected if they use a certificate together with the private RSA key to the CMS_decrypt or PKCS7_decrypt functions to select the correct recipient info to decrypt. Checksums-Sha1: 1da94996d5e7890437ac0e677da151881ae4b7a5 2427 openssl_1.0.1t-1+deb8u12.dsc ad441c88f8a0941d23678140c229539868c7fb56 118796 openssl_1.0.1t-1+deb8u12.debian.tar.xz 778d96f40374ccef806eeb542237d07ba062eca7 1169498 libssl-doc_1.0.1t-1+deb8u12_all.deb 716061433b38fdca4fa1bb035ff5a30bdb16690c 665592 openssl_1.0.1t-1+deb8u12_amd64.deb 9a639061960b6a59da98f61d63ae4cd7812ce76a 1048576 libssl1.0.0_1.0.1t-1+deb8u12_amd64.deb 1abe157091a33ef3f471883104a24102384a190a 645666 libcrypto1.0.0-udeb_1.0.1t-1+deb8u12_amd64.udeb d6c48cabd4a247cce3997d933d4e446df5fb2c21 1283706 libssl-dev_1.0.1t-1+deb8u12_amd64.deb 66faec612f7c0546da3e4f89f2741921e1c4ed2d 2821754 libssl1.0.0-dbg_1.0.1t-1+deb8u12_amd64.deb Checksums-Sha256: 224da86e423639a661759e10d07e344a4d969f3b9125518701b718f158da2228 2427 openssl_1.0.1t-1+deb8u12.dsc 28bcb0510fe598a7ba4b2d6e6241f8e7d9d22d142a4cd1cd8e9d23a73a6ad0b8 118796 openssl_1.0.1t-1+deb8u12.debian.tar.xz d7b3cd99bbf59aaeea83eace17986394f7224d4df9c78c717ce83c2de131ac3a 1169498 libssl-doc_1.0.1t-1+deb8u12_all.deb e8cee7b0ab8898812499bbb24d2a6b5755d8b5982595beb6c2d87583f51a2c97 665592 openssl_1.0.1t-1+deb8u12_amd64.deb c91f6f016d0b02392cbd2ca4b04ff7404fbe54a7f4ca514dc1c499e3f5da23a2 1048576 libssl1.0.0_1.0.1t-1+deb8u12_amd64.deb b178a27413a682af53be9f2e8ab5b07a34c7d8f6ad586f97d5635e0dd4a3da58 645666 libcrypto1.0.0-udeb_1.0.1t-1+deb8u12_amd64.udeb 0b1425af6f6c33b3e68aaa870882e540bc343e07ea4d74167e61858467be4ff6 1283706 libssl-dev_1.0.1t-1+deb8u12_amd64.deb 5745f5bcf943e69734545106ad057b9d09e8eac92c1535fd40568617e95dda40 2821754 libssl1.0.0-dbg_1.0.1t-1+deb8u12_amd64.deb Files: 380abb085b0c078f1a2ae085f6e5fa8a 2427 utils optional openssl_1.0.1t-1+deb8u12.dsc d774aa6f3555337a0c4a022d2aea029a 118796 utils optional openssl_1.0.1t-1+deb8u12.debian.tar.xz 3e61773472c08d339b0dc229cab15462 1169498 doc optional libssl-doc_1.0.1t-1+deb8u12_all.deb 8b7208445c97d3304ed3bade428201bb 665592 utils optional openssl_1.0.1t-1+deb8u12_amd64.deb 02124c56a3fa64ab3f9a225f450dc0ac 1048576 libs important libssl1.0.0_1.0.1t-1+deb8u12_amd64.deb 1c991d117028567a0edbaf0cc7fd5b90 645666 debian-installer optional libcrypto1.0.0-udeb_1.0.1t-1+deb8u12_amd64.udeb 9b8c19ac61fb8f698fdd97e8d29ac654 1283706 libdevel optional libssl-dev_1.0.1t-1+deb8u12_amd64.deb 17d208050c5d4470a3902e9b93941443 2821754 debug extra libssl1.0.0-dbg_1.0.1t-1+deb8u12_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE
Accepted wpa 2.3-1+deb8u9 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 15 Sep 2019 18:47:15 +0200 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2.3-1+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian wpasupplicant Maintainers Changed-By: Markus Koschany Description: hostapd- IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2.3-1+deb8u9) jessie-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-16275: hostapd (and wpa_supplicant when controlling AP mode) did not perform sufficient source address validation for some received Management frames and this could result in ending up sending a frame that caused associated stations to incorrectly believe they were disconnected from the network even if management frame protection (also known as PMF) was negotiated for the association. This could be considered to be a denial of service vulnerability since PMF is supposed to protect from this type of issues. It should be noted that if PMF is not enabled, there would be no protocol level protection against this type of denial service attacks. . An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network. Checksums-Sha1: 2801693344c6b3577ab106fdd72c12a789817b39 2664 wpa_2.3-1+deb8u9.dsc f56f6b2d74b838abcf862b7e62520b4b76c9624d 106736 wpa_2.3-1+deb8u9.debian.tar.xz 90493f68bf2c6110a2f7279ca8f45a4fd6565e85 542360 hostapd_2.3-1+deb8u9_amd64.deb bcbb7f17d46a591ca7dc478cd46bf43368401817 346998 wpagui_2.3-1+deb8u9_amd64.deb ea4c96e25b299ed51341eaae658cee59d6fbee37 919828 wpasupplicant_2.3-1+deb8u9_amd64.deb 34bf0a3d5f7b4a91b6b6d2752a477c9f07dd2945 223784 wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb Checksums-Sha256: ffb223db68894b3d25e8a255039348484a760253041f0a208821038c824f0a00 2664 wpa_2.3-1+deb8u9.dsc 715f21525933a97145e5ee1ac654d88f730b4a7569f5e00676359d4de6094842 106736 wpa_2.3-1+deb8u9.debian.tar.xz 29e10a7330e2c189715dd2644e9a57a3058048a5e716eac9c2df7a2587c7df69 542360 hostapd_2.3-1+deb8u9_amd64.deb 0ad43840973b8ed9ff13dd578094c079defa810dc97640b1bae9c01c322726df 346998 wpagui_2.3-1+deb8u9_amd64.deb c4ba4e7a89d52994a8d8f7c41b22ab2eda4dc43005b44e5a8971a5a911686261 919828 wpasupplicant_2.3-1+deb8u9_amd64.deb 15fb5f59ab3f1ef255f51f340af53123a3496cb19237e6369f1b4591da40e691 223784 wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb Files: fff561db76491e62e269baaeb501b10d 2664 net optional wpa_2.3-1+deb8u9.dsc 0e01f935de2a7926c49540f074c122ec 106736 net optional wpa_2.3-1+deb8u9.debian.tar.xz d57e34980a1f005ba0d6947f79ea0aa1 542360 net optional hostapd_2.3-1+deb8u9_amd64.deb cf9cee52a249a330b021922ab0857c8d 346998 net optional wpagui_2.3-1+deb8u9_amd64.deb 0e82075b12a7465fcce0d4239fe8b4b2 919828 net optional wpasupplicant_2.3-1+deb8u9_amd64.deb b151d19411b10b4b5f4b6c445a9312c0 223784 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u9_amd64.udeb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1/etVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkGbYP/i89qxdj6oaTykUkLU8mQkSIwa5kmg/0xFoY epOXhdhRJQOuJrAC2p/nxpKQ8M9kSN2pi5GTCkHemkN6+Pfb+JA07Ol5C0q/J6hZ pqiOHXUvD+Dx7RRrO+SO0BRv5C2omqaKcx9AscNeh/dCoYyO73PPzvzrTpEBUVaU LdBEbQN7nZnfhE3p632X7CTEKXI3bzj7tnHZ7p0bS45NBdarmB2N8AeJOwFsgVoK iDuzHgZWXEgCv7VDd0jYVTFpLkOEOVxTXZ+lJJxZzL6nMJPhKZBuPF2lu+MDlWSn DCDWyM2m0U6Yv12ArMLTYyw6rH1Y9GInjQbrK7zgPfIUIZdnZQpKfCH9txgQ7E8t RPyo0bIleSsiCwk7NRPASknDEkfjIxTmTfFOlEnjbcvmC4ZWjH4Vz5CUjg95rOTj ITC/qYU2hjrv0L1ZwJBixigSJxJ/ju4dZTP4OxhRxk7x73roeGGUMLGiiJUYL4uH oz+/y4vrLF1RjobrVRPu2IAWZE+olD+GXGyfgy1jlBMikQZiHuPXFKphg6cXpIbq w3amnCc62Pmw2tc0/e8fSxgExNwjNnCQy4eYAaEOGv4RFQz6V06ddX6xeMJwzlLJ vkf9eg+qoN2Wgovc8BFA43ZzeKIsrWrCesX77LUDzucHFieOCEMy9+TRmpPOk/cK aAP1HBma =WEq1 -END PGP SIGNATURE-
Accepted opensc 0.16.0-3+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 11 Sep 2019 13:20:03 +0200 Source: opensc Binary: opensc opensc-pkcs11 Architecture: source amd64 Version: 0.16.0-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian OpenSC Maintainers Changed-By: Markus Koschany Description: opensc - Smart card utilities with support for PKCS#15 compatible cards opensc-pkcs11 - Smart card utilities with support for PKCS#15 compatible cards Changes: opensc (0.16.0-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Backport 0.16.0-3+deb9u1 to Jessie and fix CVE-2018-16427, CVE-2018-16426, CVE-2018-16425, CVE-2018-16424, CVE-2018-16423, CVE-2018-16422, CVE-2018-16421, CVE-2018-16420, CVE-2018-16419, CVE-2018-16418, CVE-2018-16393, CVE-2018-16392 and CVE-2018-16391. * Fix CVE-2019-15945: out-of-bounds access of an ASN.1 Bitstring in decode_bit_string in libopensc/asn1.c. * Fix CVE-2019-15946: out-of-bounds access of an ASN.1 Octet string in asn1_decode_entry in libopensc/asn1.c. Checksums-Sha1: 1aebadb728ce25409dfcf72807dc7af92dba159e 2299 opensc_0.16.0-3+deb8u1.dsc 8a5616ac514c4fbad50b0505dc61f082de3e479c 1760418 opensc_0.16.0.orig.tar.gz 86f6f587f5814b21fcb353669e8003f327c39dcc 20924 opensc_0.16.0-3+deb8u1.debian.tar.xz 838c1324ab6e19b30deeb943cfd93a111c8e8640 238290 opensc_0.16.0-3+deb8u1_amd64.deb 39b21cf6f2d9f744c4f4003649c43d7dac914a4a 752602 opensc-pkcs11_0.16.0-3+deb8u1_amd64.deb Checksums-Sha256: 8f09a6e05d5801a73c875c78ab83a9760dcd78034f18e33e51e4bd59635a11be 2299 opensc_0.16.0-3+deb8u1.dsc 3ac8c29542bb48179e7086d35a1b8907a4e86aca3de3323c2f48bd74eaaf5729 1760418 opensc_0.16.0.orig.tar.gz 3db579ad3ddaf97b5d643449ee1f5965b0b4140cd1e8ac8bd2ebade5fcbb7c5f 20924 opensc_0.16.0-3+deb8u1.debian.tar.xz 36452b55b14fd6275f67610d02061b5f970c58425ff9ef332f9b0b877747a363 238290 opensc_0.16.0-3+deb8u1_amd64.deb a1ca667fe8739ad73357ff2da3890f080770d4081b3b1026d06492945b0f6eaa 752602 opensc-pkcs11_0.16.0-3+deb8u1_amd64.deb Files: 5654300954209b8c3a2bd866cc402a5a 2299 utils extra opensc_0.16.0-3+deb8u1.dsc 724d128f23cd7a74b28d04300ce7bcbd 1760418 utils extra opensc_0.16.0.orig.tar.gz 5dcba43337b092fb4be5decc3899f2b1 20924 utils extra opensc_0.16.0-3+deb8u1.debian.tar.xz 2ea183043cf9afaedb53c751aa47cca3 238290 utils extra opensc_0.16.0-3+deb8u1_amd64.deb 9cbfe8e4ea3139a5e061f6e9df7f6f34 752602 utils extra opensc-pkcs11_0.16.0-3+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl15DnZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkiS8P/2QqYK3NG4ODsMeKw6b57ikcHSi1tttBsdIf WQ+ajX5xlso5OcZ42iqO4hcVpJcH+p3oe99D4o+MtsuJNLTddPhPfSuRdZD3VWgQ T67wVmTubFCQLKi7twxVzUFacPOtDaIu4UbSjWbU+svX35JycRs/8pi+woJmYAB5 C4H71xRKF3vNo97uBuDEHTGPmk4OKI5iY4z4ugU2R6DmzebIheVPC8Z0CJY/1jv1 MPS89hCsC6xHb9PX4Ura8xcTj3C8n0Wq5Zko4/rJzhYv9l/RC+R7+5Pd/6mG4hwi upWMp/18rhF9cCYIs6PBb9CWNrelbALvG99ZlJXyKOJiEi8YF89K4FkHdqi2uyC/ 411Jafm9vzpnOHAMPVQiEjAdkCw+JKltfo32Lv/5JqlOcz7LIN6GH2/AJ/T0ve6c ClbzNq6dHCeXrSMHzuNNMSowho78mdK6yBaNLozmLJFjJQrhW3HzFOyIRSKq0YLc qQ/0bOlugZOyZElr74P6jRk8GwMQS7ME1mGGJtfaNb/igKp44RuhYiUueevAzqM3 uO5r0sAPxgawDLQO7q4TczxT5AdjN/iaUPZNX65rRHnyJiY9tJHa2z3ojj8Tt60G 6c397gujEseYC9E7jYybf41+fnIiTwH19xnUI/7Kjbk0u7gFfhBqGfXWmh2L02hp fGhSh6sY =8A2Y -END PGP SIGNATURE-
Accepted icedtea-web 1.5.3-1+deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 09 Sep 2019 20:26:24 +0200 Source: icedtea-web Binary: icedtea-netx icedtea-plugin icedtea-netx-common icedtea-7-plugin Architecture: source amd64 all Version: 1.5.3-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: OpenJDK Team Changed-By: Markus Koschany Description: icedtea-7-plugin - web browser plugin based on OpenJDK and IcedTea to execute Java a icedtea-netx - NetX - implementation of the Java Network Launching Protocol (JNL icedtea-netx-common - NetX - implementation of the Java Network Launching Protocol (JNL icedtea-plugin - web browser plugin to execute Java applets (dependency package) Changes: icedtea-web (1.5.3-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-10181: It was found that in icedtea-web executable code could be injected in a JAR file without compromising the signature verification. An attacker could use this flaw to inject code in a trusted JAR. The code would be executed inside the sandbox. * Fix CVE-2019-10182: It was found that icedtea-web did not properly sanitize paths from elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. * Fix CVE-2019-10185: It was found that icedtea-web was vulnerable to a zip-slip attack during auto-extraction of a JAR file. An attacker could use this flaw to write files to arbitrary locations. This could also be used to replace the main running application and, possibly, break out of the sandbox. Checksums-Sha1: e26a157737e25c70c6acc4d553c17f24b7f0f3e5 2736 icedtea-web_1.5.3-1+deb8u1.dsc 4b8f157fd5090fd862a549e1c1fbb82f9a6f12b4 1593900 icedtea-web_1.5.3.orig.tar.gz 5d55012a734871fe73eec096485bca19759b759c 20488 icedtea-web_1.5.3-1+deb8u1.debian.tar.xz f64163c4870df940ac3e6a882c36f76dac734470 25438 icedtea-netx_1.5.3-1+deb8u1_amd64.deb 5c145b7e7a3dbc922e2ee62e033915bf85e6bddc 200516 icedtea-7-plugin_1.5.3-1+deb8u1_amd64.deb 4f0d9952c37db5e35534380b9c4d1d77e5165049 1131930 icedtea-netx-common_1.5.3-1+deb8u1_all.deb 4dabc37fe4247eca48eabad7696955f48e825355 9076 icedtea-plugin_1.5.3-1+deb8u1_all.deb Checksums-Sha256: 53c1d9469b4d6d73f8f88cb94509eb44b77aceca57e85e68f4b2d0328c6d5973 2736 icedtea-web_1.5.3-1+deb8u1.dsc 9b4b4477711930cb1d40bde752b17492fe8462a9c0cbd89bfe2c361b64d466b9 1593900 icedtea-web_1.5.3.orig.tar.gz 8b8b170dd6e50179818cf3edbb442dea3d844a7d1c3efe7f053650c5ee4e00cb 20488 icedtea-web_1.5.3-1+deb8u1.debian.tar.xz 3210874fc7e57ec217b549e37528042d8e62559c445e72eb7efa1e0b8f021c5f 25438 icedtea-netx_1.5.3-1+deb8u1_amd64.deb 53467b9f1e673ac82a84289530136ede466aa428565ebb457d0859720970b4bd 200516 icedtea-7-plugin_1.5.3-1+deb8u1_amd64.deb bf9df6009cbe0bf6d37bbf3d3f5933d98a457629fe74364e2765cf126dc573be 1131930 icedtea-netx-common_1.5.3-1+deb8u1_all.deb 432e8841658e5a5d0e1e3a4fd56f8c0d7f0645cafc6ad659e51c4586174c3d6b 9076 icedtea-plugin_1.5.3-1+deb8u1_all.deb Files: d3fef072c30c4db2f58d80f0ebb14e82 2736 java extra icedtea-web_1.5.3-1+deb8u1.dsc 72d288739968732a4efa0e0664391fde 1593900 java extra icedtea-web_1.5.3.orig.tar.gz 600e9be96246b8b6c63ec07c325abf14 20488 java extra icedtea-web_1.5.3-1+deb8u1.debian.tar.xz 7434962c82802ef3ef60e35dfd682121 25438 java extra icedtea-netx_1.5.3-1+deb8u1_amd64.deb 7ced8ab4ef0a892e0188e8148454f476 200516 web extra icedtea-7-plugin_1.5.3-1+deb8u1_amd64.deb a26bff474cacf7aaa75eb274c1e0732c 1131930 java extra icedtea-netx-common_1.5.3-1+deb8u1_all.deb 48781c9d312148bf9d09dcf8bd0f515e 9076 web extra icedtea-plugin_1.5.3-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl12mvhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3eIP/2PZEPv5Nxo+bFVgoTgheoBJ00Zo8g0v2/0B qBH0GUx4+UDrqKrHN+iktddPq+a9HnKwavTQAQv1VbieQ8o1GNRfn61zj6OPpIDE BW3ysM7ePFLHwJg84/hc+fpjp4PqXjhh6bN2SY1VY64KGmfBqIofoxVZv1KFbK0o 0D7HtlL+uYOinYJA9acogAqv9b79aQ0epmO9R+bYFoaxllBHfBjgdc+r3f2lBmef MYOKvtSVKcdXeHyhRGo3PYeWos0gt4hOJ2WXTC24Ss+6gNk/JcMIrF1REeQwXaM9 2kA56J1kkmMQOcI4V3nK4mfToyYw2FCZYOYK+Wj/Cv8Fnjbx3JUYn+HdSR8ShdHl FbyMlztC/0PgBWgohEz2S5/wmKpsE9JywWhieZBvVZcrugF0IYMbOtFuw5qwzCub R0JGmgk5r10bAylHq0juGDd9XwRGV4Vy4b1IhpAskB54+g38wQ+9437g23zyT8nQ BHdosipJuqo5yo40IZiDFYI5xwGrdIOxX08jLIItyupnnSihvWSq+uRI0Pb4zwIZ Qq5bqA8SdjzcyrL3cgMm+GjL8iqzFV9yNz1QA2ygskDgVUTyUfvI7luyYQrQCTwU T+5kNzFV8OR1HQkK4tgVOozStwSBMkpW+xd5TKS2ltS2DZ2dqTRPd0UEE7qP3T0P lluGLTLq =AZbs -END PGP SIGNATURE-
Accepted apache2 2.4.10-10+deb8u15 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 28 Aug 2019 15:01:48 +0200 Source: apache2 Binary: apache2 apache2-data apache2-bin apache2-mpm-worker apache2-mpm-prefork apache2-mpm-event apache2-mpm-itk apache2.2-bin apache2.2-common libapache2-mod-proxy-html libapache2-mod-macro apache2-utils apache2-suexec apache2-suexec-pristine apache2-suexec-custom apache2-doc apache2-dev apache2-dbg Architecture: source amd64 all Version: 2.4.10-10+deb8u15 Distribution: jessie-security Urgency: high Maintainer: Debian Apache Maintainers Changed-By: Markus Koschany Description: apache2- Apache HTTP Server apache2-bin - Apache HTTP Server (modules and other binary files) apache2-data - Apache HTTP Server (common files) apache2-dbg - Apache debugging symbols apache2-dev - Apache HTTP Server (development headers) apache2-doc - Apache HTTP Server (on-site documentation) apache2-mpm-event - transitional event MPM package for apache2 apache2-mpm-itk - transitional itk MPM package for apache2 apache2-mpm-prefork - transitional prefork MPM package for apache2 apache2-mpm-worker - transitional worker MPM package for apache2 apache2-suexec - transitional package for apache2-suexec-pristine apache2-suexec-custom - Apache HTTP Server configurable suexec program for mod_suexec apache2-suexec-pristine - Apache HTTP Server standard suexec program for mod_suexec apache2-utils - Apache HTTP Server (utility programs for web servers) apache2.2-bin - Transitional package for apache2-bin apache2.2-common - Transitional package for apache2 libapache2-mod-macro - Transitional package for apache2-bin libapache2-mod-proxy-html - Transitional package for apache2-bin Changes: apache2 (2.4.10-10+deb8u15) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-10092: Matei "Mal" Badanoiu reported a limited cross-site scripting vulnerability in the mod_proxy error page. * Fix CVE-2019-10098: Yukitsugu Sasaki reported a potential open redirect vulnerability in the mod_rewrite module. Checksums-Sha1: eddda6e3b62e63fdf82f71244b4807a2baf838df 3432 apache2_2.4.10-10+deb8u15.dsc 66da4aecac639ac9f6af9e1264a7e0209a6df3e5 570580 apache2_2.4.10-10+deb8u15.debian.tar.xz 31c0202d289a619b4cd57847a9018bd2c47b543f 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u15_amd64.deb 75cc4af610f1183a6364ea254a6ba329cc9eab1f 1142 libapache2-mod-macro_2.4.10-10+deb8u15_amd64.deb 3342551cc5eab2928542b183b6ef2ec0da0d4e6a 209044 apache2_2.4.10-10+deb8u15_amd64.deb 5bfdb616634c4aca35c38f6621fcbdc140840e17 162564 apache2-data_2.4.10-10+deb8u15_all.deb 118e6b0a289258994d68ded3ad1e6b746cc0f307 1040362 apache2-bin_2.4.10-10+deb8u15_amd64.deb 5105a5d5b6aeefe1d06a3108ed1280971157c018 1518 apache2-mpm-worker_2.4.10-10+deb8u15_amd64.deb b9b7a8ca77ae3835919d55a70af8d81f08df2d49 1520 apache2-mpm-prefork_2.4.10-10+deb8u15_amd64.deb b87f9f2f69fa050cea63f198c57b962c24e25d27 1522 apache2-mpm-event_2.4.10-10+deb8u15_amd64.deb 7bca32dc4ccf448611ed88a855e106d6357c8c00 1516 apache2-mpm-itk_2.4.10-10+deb8u15_amd64.deb bd80850a35bbd053b349eb72dbea8df5e2734c80 1704 apache2.2-bin_2.4.10-10+deb8u15_amd64.deb 92f3695c9f8e27685b8f2feeb837eadb86b4a402 126122 apache2.2-common_2.4.10-10+deb8u15_amd64.deb 22c5d16ffa532fc6819ffcbaa6fad6cab1a0 196446 apache2-utils_2.4.10-10+deb8u15_amd64.deb ac2f739c3c7ef8dc05fb4d2a6360dddcc98d9762 1656 apache2-suexec_2.4.10-10+deb8u15_amd64.deb 9ea95e1a7c6095ee08f3f9ad1fecd7adb50eb870 131234 apache2-suexec-pristine_2.4.10-10+deb8u15_amd64.deb 4541228726933d757931c3d67fcc269373891cc5 132866 apache2-suexec-custom_2.4.10-10+deb8u15_amd64.deb 13bf97d8cb519d7fcb2df4870865e44a065afcfd 2722672 apache2-doc_2.4.10-10+deb8u15_all.deb 7de4255917f44de3668196e345c0e6188c47a581 283498 apache2-dev_2.4.10-10+deb8u15_amd64.deb 63e9fcdc5c1ab4780773552f3eb72264b0ff5f62 1709908 apache2-dbg_2.4.10-10+deb8u15_amd64.deb Checksums-Sha256: 4d2ad1ec10cb0dd9d04545a90d25d981b55a13e4044196e0aa808cbfdb303a47 3432 apache2_2.4.10-10+deb8u15.dsc 9a1fc3f547ac4d0336ee1fc23cc58d29e84e81075e1b4985e34f54b0882554b7 570580 apache2_2.4.10-10+deb8u15.debian.tar.xz 1544aa138c423f26773605b592bc2b0f4e3ff1f5edcbeab7427c0ae4ed5a143a 1158 libapache2-mod-proxy-html_2.4.10-10+deb8u15_amd64.deb 6b7ef0237b6737c829c3d2d45723ecee66f2354b3f26750c37557a34372910e3 1142 libapache2-mod-macro_2.4.10-10+deb8u15_amd64.deb 4cf9c423d535842e9e3e007f3d8e9d8e18454f80fdbe9b7e8a91a54634936af6 209044 apache2_2.4.10-10+deb8u15_amd64.deb e2408cefb9d69064e716095477a2b359c488d026ab78582d9a35367e0f0c 162564 apache2-data_2.4.10-10+deb8u15_all.deb 451d91133e883af18e105cac2eb72a66027859f9b5e5cc37cf971df2d649c9bf 1040362 apache2-bin_2.4.10-10+deb8u15_amd64.deb 972db8cd3b73b1f780cee11c7618f7967aba7e14bb2356a0e2176201b5192642 1518 apache2-mpm-worker_2.4.10-10+deb8u15_amd64.deb ffb73f28ba41d41337267f8448a44f9f252b38c7d53d00a15c1c4036217a2a28 1520 apache2-mpm-pref
Accepted openjdk-7 7u231-2.6.19-1~deb8u2 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Tue, 20 Aug 2019 17:19:59 +0200
Source: openjdk-7
Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib
openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-jamvm
openjdk-7-jre-zero
Architecture: source amd64 all
Version: 7u231-2.6.19-1~deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: OpenJDK Team
Changed-By: Markus Koschany
Description:
icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-7-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-7-doc - OpenJDK Development Kit (JDK) documentation
openjdk-7-jdk - OpenJDK Development Kit (JDK)
openjdk-7-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-7-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-7-source - OpenJDK Development Kit (JDK) source files
Closes: 935082
Changes:
openjdk-7 (7u231-2.6.19-1~deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Build sunec.jar because the duplicate classes in rt.jar were removed
upstream. This will restore the old behavior. (Closes: #935082)
* Tighten the build-dependency on libnss3-dev.
Checksums-Sha1:
50becb16bba2d8077ac7f624020202a536c1ecdf 4836
openjdk-7_7u231-2.6.19-1~deb8u2.dsc
5cd2aa90c410747621c3ed8a727a63ea118f4985 174340
openjdk-7_7u231-2.6.19-1~deb8u2.debian.tar.xz
30726f09884bca1a9073aa5d8e17f3964993cda1 15965908
openjdk-7-jdk_7u231-2.6.19-1~deb8u2_amd64.deb
0fd1765d0c84aa79661c4de8a02640d44d691654 40151350
openjdk-7-jre-headless_7u231-2.6.19-1~deb8u2_amd64.deb
bae8baa7cc8a1e6112c4b39412e5acbe825d28be 175888
openjdk-7-jre_7u231-2.6.19-1~deb8u2_amd64.deb
81ae67a48452a5393ed793590257d5c2ded1f59d 1886556
openjdk-7-demo_7u231-2.6.19-1~deb8u2_amd64.deb
fe4c0646cca6f41a48eeef8366bc08b35f6fa22a 178321222
openjdk-7-dbg_7u231-2.6.19-1~deb8u2_amd64.deb
cef181c4e15a7c6fbaddd8f3b119c797896a12ff 724324
icedtea-7-jre-jamvm_7u231-2.6.19-1~deb8u2_amd64.deb
892fa254b797f0db7fd924877903f6143b805d78 1739826
openjdk-7-jre-zero_7u231-2.6.19-1~deb8u2_amd64.deb
6f0d04aded5879fdf6583db1d3e4a28443f99b68 315160
openjdk-7-jre-lib_7u231-2.6.19-1~deb8u2_all.deb
80cedd3bbc4d354c6b54e48cf138c4b8ebb7fecc 40372004
openjdk-7-source_7u231-2.6.19-1~deb8u2_all.deb
6dd9ea66f948bc67e4f74745a23123e0299032d1 11264114
openjdk-7-doc_7u231-2.6.19-1~deb8u2_all.deb
Checksums-Sha256:
be21252268db063f5b75b4a88acd3ee8484a070e30d5b1d75f5b07b20393bb2b 4836
openjdk-7_7u231-2.6.19-1~deb8u2.dsc
056983845d5bbba6ebba52dd052e361e695c392778f744e3c5d6f897c31b6d77 174340
openjdk-7_7u231-2.6.19-1~deb8u2.debian.tar.xz
48b2c6f165ef14b11ddf150adeddc1d04b12084bcc767cb445c8c82c6b67aa17 15965908
openjdk-7-jdk_7u231-2.6.19-1~deb8u2_amd64.deb
f22897b4eacf701294db5412ec1d1d96589eb1acbc413224c417ab5f4571f8af 40151350
openjdk-7-jre-headless_7u231-2.6.19-1~deb8u2_amd64.deb
6255714d76be3b716735a1f1c97b831bd4cd8323c17d188221839ef550cf68d3 175888
openjdk-7-jre_7u231-2.6.19-1~deb8u2_amd64.deb
839657a6da9cd26db8ad19a72d22a135e82a18079c531d45c50cff2b4b558571 1886556
openjdk-7-demo_7u231-2.6.19-1~deb8u2_amd64.deb
a34364553a4a240f4dae5ede18c9cf51f966e510ad20c2234f900b7fd201f70f 178321222
openjdk-7-dbg_7u231-2.6.19-1~deb8u2_amd64.deb
79d72497dc5a72951c87f2551c1da51b7afdf508149d16b2c9e99ab888e3b01c 724324
icedtea-7-jre-jamvm_7u231-2.6.19-1~deb8u2_amd64.deb
d345f48300f99658998cc92df50af81e0201389a14ae11f3503ef557c7962395 1739826
openjdk-7-jre-zero_7u231-2.6.19-1~deb8u2_amd64.deb
8faeaae1f44c32088951b7f45a616c33400e29becda72e9622db57631a0a3313 315160
openjdk-7-jre-lib_7u231-2.6.19-1~deb8u2_all.deb
e27413133b8b37c2264b39e22bc144abb75a2afc9c2c659fc9964728143e2897 40372004
openjdk-7-source_7u231-2.6.19-1~deb8u2_all.deb
71e9d9508444da2422114ad101ffeeb00907738ca7410880062941241538b738 11264114
openjdk-7-doc_7u231-2.6.19-1~deb8u2_all.deb
Files:
c94b24f5d4df67d52eded9ca9db9d6b0 4836 java optional
openjdk-7_7u231-2.6.19-1~deb8u2.dsc
4ff6c499081de2ff97d75d18f21cab01 174340 java optional
openjdk-7_7u231-2.6.19-1~deb8u2.debian.tar.xz
c99588eb6679ef91fc95718b00b02ae5 15965908 java optional
openjdk-7-jdk_7u231-2.6.19-1~deb8u2_amd64.deb
2cff545892a1a5cc7bc3ff6bd6953580 40151350 java optional
openjdk-7-jre-headless_7u231-2.6.19-1~deb8u2_amd64.deb
78817b094400ba25ef56cad9b40a6231 175888 java optional
openjdk-7-jre_7u231-2.6.19-1~deb8u2_amd64.deb
6a804d87f239d55664c2827ae089fcbe 1886556 java optional
openjdk-7-demo_7u231-2.6.19-1~deb8u2_amd64.deb
c11362eb03c4161e1aabf88718825146 178321222 debug optional
openjdk-7-dbg_7u231-2.6.19-1~deb8u2_amd64.deb
a279f0694c889e87a056575b3c15b429 724324 java optional
icedtea-7-jre-jamvm_7u231-2.6.19-1~deb8u2_amd64.deb
4c187853749467a6175b6665abd3b64b 1739826
Accepted nss 2:3.26-1+debu8u6 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 22 Aug 2019 15:40:11 + Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu8u6 Distribution: jessie-security Urgency: high Maintainer: Maintainers of Mozilla-related packages Changed-By: Markus Koschany Description: libnss3- Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.26-1+debu8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Install blapi.h and alghmac.h into libnss3-dev package and libfreebl.a into libnss3 to enable building of SunEC security provider in OpenJDK 7. Checksums-Sha1: db42c49065de220263d7f21fbb50f1266cabc86d 2403 nss_3.26-1+debu8u6.dsc 0b573fd95b18bb7203d0c6cbdf681a3c82dd6dc7 41316 nss_3.26-1+debu8u6.debian.tar.xz 0027c9823001f1f8e44c5a958dc6c9fa3f237df4 1173802 libnss3_3.26-1+debu8u6_amd64.deb 7a8eb349947bbd966062ec719d1d7ccffdff224e 18868 libnss3-1d_3.26-1+debu8u6_amd64.deb d8560d990bd94b9381e92cc4a2561256490cfe80 784316 libnss3-tools_3.26-1+debu8u6_amd64.deb 706f74a2f56d41cc83c5273a4f1762bb234bcd5a 241894 libnss3-dev_3.26-1+debu8u6_amd64.deb 0e26457c83140a907a43ea9c692f2b3a8d53ab1e 8199238 libnss3-dbg_3.26-1+debu8u6_amd64.deb Checksums-Sha256: 7319a87ffd7acd4739b2791e38b62d809eefa21eb742de4a6518566948edd6a6 2403 nss_3.26-1+debu8u6.dsc 59e4fbc69e5ab0f93405b918efe58400af27bbb5a7f33e73c47c37a15158624a 41316 nss_3.26-1+debu8u6.debian.tar.xz c1b9d05220e6c5f59621936270fb93bc302418df4adf9abc051910e923f82068 1173802 libnss3_3.26-1+debu8u6_amd64.deb d482b4bb06151042d6655b8a3fbbada9b6876dc015cdda44eb4658fbb91eca09 18868 libnss3-1d_3.26-1+debu8u6_amd64.deb 2da4af3ede5912df3356e7a8300725f850073c93ef26f2a43363514cc097085d 784316 libnss3-tools_3.26-1+debu8u6_amd64.deb 90e4757f60bd7012b0d2bcf581334cfdff99e0ebea50b225c1bd6efdc7d6a03b 241894 libnss3-dev_3.26-1+debu8u6_amd64.deb cc04205c192446cf4e5d1af3f0b0a45217f50500b473ec47b279ffac1ec978a2 8199238 libnss3-dbg_3.26-1+debu8u6_amd64.deb Files: ce2dd4221011aa27aaafc720d62a2af7 2403 libs optional nss_3.26-1+debu8u6.dsc 2ab65d6b5b96a964e183dfc5fe160d92 41316 libs optional nss_3.26-1+debu8u6.debian.tar.xz abe2958d9859002574b017e668d7f340 1173802 libs optional libnss3_3.26-1+debu8u6_amd64.deb cc084237ad02297fb131a9c195f22b4c 18868 oldlibs extra libnss3-1d_3.26-1+debu8u6_amd64.deb 7fb08998a8695638979f7b84e2189e49 784316 admin optional libnss3-tools_3.26-1+debu8u6_amd64.deb 208bb7f6d89c4553c7210911c9c17e9e 241894 libdevel optional libnss3-dev_3.26-1+debu8u6_amd64.deb 6109f3d5d6c654a0a4e5819940d31b4e 8199238 debug extra libnss3-dbg_3.26-1+debu8u6_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl1e1c1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkpg0QAI8QEg+zGh/pz38r00MwFI1itQv6uj1s/Vkz SwMilNKUXA694Q4KJxwmHzt4FroDu8BB4gjDMACNqoq4BvB1AUMQi12lBnnAj6WB Xco26ObhdswuRpmLiMMPATL9LhnTlz92HTirkOX8kiyR2/MKfrQTn21vq3y6pU8p 47O/Qbaa+IlWPiNy5lqXTT6kUTsA4g3mNn7eUr0ynmeOFRuymXamen/ct9WU6IUJ Txf1/5WOytgormk1pqPjUmFCVBRC4YMjjqSYZ+LMxsn08ggrRo/QJpQHFEDvfPBT R5idAmWG9lAfpQeiruZ9ZixAYXoBi90MQWOtvpbvRlDrFSeLReCpi0qh3MYZosXY Yur8XewauoLKHIuD2jJnXZzOKQvaAqy1B6XkEC+NDjRWIEGvFy4zJck3ARlNugYM QbMMv8ZEGyUt+71inRJi0nT3wb+l1yEtOm3GRx4hQF0WDIzSiombNBaOBlKPKtC2 X3I834LBAwKhDIyj8uujVRVEqJt4VbKwKBcnC7H34AQJKVHOM7ClwyxJgxmy2QIM Mm1K1SDEzopexBYxLLCcIG/Ki1lej9by5ZOv/HCL8UmzU3Rh/5EikH88siHYApuc xQEbDg+HZ8ZmQnlw0MkIqCyF9p5CTIbQCZGW/UV9uVSLzXmFfYCdILwYc2D6DUoT t5MEKhMX =ce93 -END PGP SIGNATURE-
Accepted kde4libs 4:4.14.2-5+deb8u3 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 18 Aug 2019 16:23:23 +0200 Source: kde4libs Binary: libkdecore5 libkdeui5 libkpty4 libkdesu5 libkjsapi4 libkjsembed4 libkio5 libkntlm4 libsolid4 libkde3support4 libkfile4 libknewstuff2-4 libknewstuff3-4 libkparts4 libkutils4 libthreadweaver4 libkhtml5 libkimproxy4 libkmediaplayer4 libktexteditor4 libknotifyconfig4 libkdnssd4 libkrosscore4 libkrossui4 libnepomuk4 libnepomukutils4 libnepomukquery4a libplasma3 libkunitconversion4 libkdewebkit5 libkcmutils4 libkemoticons4 libkidletime4 libkprintutils4 libkdeclarative5 kdelibs-bin kdelibs5-plugins kdelibs5-data kdoctools kdelibs5-dev kdelibs5-dbg Architecture: source amd64 all Version: 4:4.14.2-5+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Qt/KDE Maintainers Changed-By: Markus Koschany Description: kdelibs-bin - core executables for KDE Applications kdelibs5-data - core shared data for all KDE Applications kdelibs5-dbg - debugging symbols for the KDE Development Platform libraries kdelibs5-dev - development files for the KDE Development Platform libraries kdelibs5-plugins - core plugins for KDE Applications kdoctools - various tools for accessing application documentation libkcmutils4 - utility classes for using KCM modules libkde3support4 - KDE 3 Support Library for the KDE 4 Platform libkdeclarative5 - declarative library for plasma libkdecore5 - KDE Platform Core Library libkdesu5 - Console-mode Authentication Library for the KDE Platform libkdeui5 - KDE Platform User Interface Library libkdewebkit5 - KDE WebKit Library libkdnssd4 - DNS-SD Protocol Library for the KDE Platform libkemoticons4 - utility classes to deal with emoticon themes libkfile4 - File Selection Dialog Library for KDE Platform libkhtml5 - KHTML Web Content Rendering Engine libkidletime4 - library to provide information about idle time libkimproxy4 - Instant Messaging Interface Library for the KDE Platform libkio5- Network-enabled File Management Library for the KDE Platform libkjsapi4 - KJS API Library for the KDE Development Platform libkjsembed4 - library for binding JavaScript objects to QObjects libkmediaplayer4 - KMediaPlayer Interface for the KDE Platform libknewstuff2-4 - "Get Hot New Stuff" v2 Library for the KDE Platform libknewstuff3-4 - "Get Hot New Stuff" v3 Library for the KDE Platform libknotifyconfig4 - library for configuring KDE Notifications libkntlm4 - NTLM Authentication Library for the KDE Platform libkparts4 - Framework for the KDE Platform Graphical Components libkprintutils4 - utility classes to deal with printing libkpty4 - Pseudo Terminal Library for the KDE Platform libkrosscore4 - Kross Core Library libkrossui4 - Kross UI Library libktexteditor4 - KTextEditor interfaces for the KDE Platform libkunitconversion4 - Unit Conversion library for the KDE Platform libkutils4 - dummy transitional library libnepomuk4 - Nepomuk Meta Data Library libnepomukquery4a - Nepomuk Query Library for the KDE Platform libnepomukutils4 - Nepomuk Utility Library libplasma3 - Plasma Library for the KDE Platform libsolid4 - Solid Library for KDE Platform libthreadweaver4 - ThreadWeaver Library for the KDE Platform Changes: kde4libs (4:4.14.2-5+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-14744: Dominik Penner discovered a flaw in how KConfig interpreted shell commands in desktop files and other configuration files. An attacker may trick users into installing specially crafted files which could then be used to execute arbitrary code, e.g. a file manager trying to find out the icon for a file or any application using KConfig. Thus the entire feature of supporting shell commands in KConfig entries has been removed. Checksums-Sha1: 5ebdb7ca27fa28b4bdb9fef93f14a92dcb1b1550 5735 kde4libs_4.14.2-5+deb8u3.dsc e7e5a51f6d97ecabd8a1b0ba87cf037edbaa0f03 24 kde4libs_4.14.2-5+deb8u3.debian.tar.xz 674c31bb4ab85b1783ec3887ef9babf0d61cbf8a 966880 libkdecore5_4.14.2-5+deb8u3_amd64.deb f936836209ad20cde79f26736c4d038e642c8b8d 1356894 libkdeui5_4.14.2-5+deb8u3_amd64.deb 841a186b641d84876859fcbfb4af69fdff4eec4a 57232 libkpty4_4.14.2-5+deb8u3_amd64.deb 1b84ce57df85fc576eb3522c1f5f04c8d0fe371a 76392 libkdesu5_4.14.2-5+deb8u3_amd64.deb 234a306a5cf88a064c4c9ed91ed18249f3a32cb8 293150 libkjsapi4_4.14.2-5+deb8u3_amd64.deb 14253e119331ed6f3da8b5e6fe1f9c1a0c0e3cb1 331804 libkjsembed4_4.14.2-5+deb8u3_amd64.deb 1c0a7f8427dd7ec5ae9114a93d5b6dc9433a5f7e 898970 libkio5_4.14.2-5+deb8u3_amd64.deb 5cda8feb889c97269e82eba248933aa060c93b84 52896 libkntlm4_4.14.2-5+deb8u3_amd64.deb f22c67fc72f8e65735638b1451c65efe5a8b4998 295674 libsolid4_4.14.2-5+deb8u3_amd64.deb 48127941bbf4b28564b158caea35faa8dae916ae 340320 libkde3support4_4.14.2-5+deb8u3_amd64.deb 1906bcc34ebe7c2f49c0da79f24d2216f08f1550 246358 libkfile4_4.14.
Accepted openjdk-7 7u231-2.6.19-1~deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Mon, 12 Aug 2019 19:58:42 +0200
Source: openjdk-7
Binary: openjdk-7-jdk openjdk-7-jre-headless openjdk-7-jre openjdk-7-jre-lib
openjdk-7-demo openjdk-7-source openjdk-7-doc openjdk-7-dbg icedtea-7-jre-jamvm
openjdk-7-jre-zero
Architecture: source amd64 all
Version: 7u231-2.6.19-1~deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: OpenJDK Team
Changed-By: Markus Koschany
Description:
icedtea-7-jre-jamvm - Alternative JVM for OpenJDK, using JamVM
openjdk-7-dbg - Java runtime based on OpenJDK (debugging symbols)
openjdk-7-demo - Java runtime based on OpenJDK (demos and examples)
openjdk-7-doc - OpenJDK Development Kit (JDK) documentation
openjdk-7-jdk - OpenJDK Development Kit (JDK)
openjdk-7-jre - OpenJDK Java runtime, using ${vm:Name}
openjdk-7-jre-headless - OpenJDK Java runtime, using ${vm:Name} (headless)
openjdk-7-jre-lib - OpenJDK Java runtime (architecture independent libraries)
openjdk-7-jre-zero - Alternative JVM for OpenJDK, using Zero/Shark
openjdk-7-source - OpenJDK Development Kit (JDK) source files
Changes:
openjdk-7 (7u231-2.6.19-1~deb8u1) jessie-security; urgency=high
.
[ Markus Koschany ]
* IcedTea release 2.6.19 (based on 7u231).
* Security fixes:
- S8191073: JpegImageReader throws IndexOutOfBoundsException when trying
to read image data from tables-only image
- S8208698, CVE-2019-2745: Improved ECC Implementation
- S8212328, CVE-2019-2745: Exceptional throw cases
- S8213431, CVE-2019-2766: Improve file protocol handling
- S8213432, CVE-2019-2769: Better copies of CopiesList
- S8216381, CVE-2019-2786: More limited privilege usage
- S8217563: Improve realm maintenance
- S8218873: Improve JSSE endpoint checking
- S8218876, CVE-2019-2745: Improve PNG support options
- S8219018: Adjust positions of glyphs
- S8219020: Table alternate substitutions
- S8219775: Certificate validation improvements
- S8220192: Better outlook for SecureRandom
- S8220517: Enhanced GIF support
- S8221518, CVE-2019-2816: Normalize normalization
- S8223511, CVE-2019-2842: Extended AES support
Checksums-Sha1:
6f0ab923259e4efc1d3ec7825c6e07c4061db43c 4828
openjdk-7_7u231-2.6.19-1~deb8u1.dsc
e1a84b0fae20994dd93c426a9a1b79bde1969da4 54734898
openjdk-7_7u231-2.6.19.orig.tar.gz
f47952456129d01858be8085338a600629aa0414 174360
openjdk-7_7u231-2.6.19-1~deb8u1.debian.tar.xz
59efb1b31a918b993f3ff74fcbc317fad170b69d 16332460
openjdk-7-jdk_7u231-2.6.19-1~deb8u1_amd64.deb
5d02b1284ca3c8994c0f99f64ec1457c97a9 40085362
openjdk-7-jre-headless_7u231-2.6.19-1~deb8u1_amd64.deb
7d2ac5796ae04c345993aba1d4a28ad07d7453e6 176518
openjdk-7-jre_7u231-2.6.19-1~deb8u1_amd64.deb
e066963c4408019597d102c62f05290c1ae281cd 1886488
openjdk-7-demo_7u231-2.6.19-1~deb8u1_amd64.deb
8fdb483825880f74ebd247a083f1b9ec22f71580 178278126
openjdk-7-dbg_7u231-2.6.19-1~deb8u1_amd64.deb
48ca669dbf73c80dc50217c48f0886285834a47b 724270
icedtea-7-jre-jamvm_7u231-2.6.19-1~deb8u1_amd64.deb
ac3203784c07090d69a02e5bbb9bebdcb4155f3e 1739614
openjdk-7-jre-zero_7u231-2.6.19-1~deb8u1_amd64.deb
e0442923e1bf714ad4be46ffb90876d56bbe525a 315050
openjdk-7-jre-lib_7u231-2.6.19-1~deb8u1_all.deb
a7f0580f02e0f9ab17ff79c7b26a647e515242bd 40358192
openjdk-7-source_7u231-2.6.19-1~deb8u1_all.deb
a4ea0439e1b93e941751819293f42592774b239b 11264410
openjdk-7-doc_7u231-2.6.19-1~deb8u1_all.deb
Checksums-Sha256:
b529e346c7846b36a68c9b134c5c3d0064c02d8eab0b7e5f923c4206212d6d3e 4828
openjdk-7_7u231-2.6.19-1~deb8u1.dsc
833881cbd26541d82bb3e3da11eba010fe7cd365a0112782236ac8e1ea61b284 54734898
openjdk-7_7u231-2.6.19.orig.tar.gz
bc54df11f377efeb107e8e996b9f6abde433e79c5ece4bd3e83f1bb3270eb8fe 174360
openjdk-7_7u231-2.6.19-1~deb8u1.debian.tar.xz
8b97db19c60eab556eaf71e2b50a766346f2b623f84c7f6dbb22cc6964733434 16332460
openjdk-7-jdk_7u231-2.6.19-1~deb8u1_amd64.deb
e6ce972877366d0dfc3496eb1f069b7679177ba37341324016e2b315036609d6 40085362
openjdk-7-jre-headless_7u231-2.6.19-1~deb8u1_amd64.deb
ddbed2aa19edd4802cd3fbcd48ebea2e16f2cc462cc5a8dc326f5f4fba21a472 176518
openjdk-7-jre_7u231-2.6.19-1~deb8u1_amd64.deb
b979126a1c4cfca4112189ad17e8ba337ab2a7f8f8a992fe9ba2b97e2c37116c 1886488
openjdk-7-demo_7u231-2.6.19-1~deb8u1_amd64.deb
01f2fe34ccaccf2c22c609567e0f05736598e90228ae72c1ef39c693cda68107 178278126
openjdk-7-dbg_7u231-2.6.19-1~deb8u1_amd64.deb
fee30c4fd4891c9007d2fae6d37272f23c25e37a10b5363e7a044e48b2434171 724270
icedtea-7-jre-jamvm_7u231-2.6.19-1~deb8u1_amd64.deb
bb052d02fbd74b4d2b911ca06076b8766ed281a7302c77e3100c40d5f0fab0bf 1739614
openjdk-7-jre-zero_7u231-2.6.19-1~deb8u1_amd64.deb
fddab8c16b1723479dc63679ad9a53409ecaa97ce65c9f59283e651e93994be1 315050
openjdk-7-jre-lib_7u231-2.6.19-1~deb8u1_all.deb
0aa5572b7303b51d943881478d534878b97d0d25411ac13a7cc0e5af8bf9390d 40358192
openjdk-7-source_7u231-2.6.19-1~deb8u1_all.deb
Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u3 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 07 Aug 2019 17:07:51 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5e+r1.3.5-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: ProFTPD Maintainance Team Changed-By: Markus Koschany Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Changes: proftpd-dfsg (1.3.5e+r1.3.5-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12815: Tobias Maedel discovered that the mod_copy module of ProFTPD, a FTP/SFTP/FTPS server, performed incomplete permission validation for the CPFR/CPTO commands. Checksums-Sha1: a40860f8b49f6e804f5944395f1614177a2ca9f6 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.dsc 7b38338c619775dfd3c321eeac586669692e883b 96960 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.debian.tar.xz b8c47e08ce83537619b555251a3ac58670429615 2460658 proftpd-basic_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 7079589d82ae552d9d7df805a41cae3d61be3118 961248 proftpd-dev_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 9e29f33ed2f608343e881e8b23e5680dabab3001 476608 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb cc86e4f629b35cf32ef480d3f07a3ddc36e68bde 476292 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 51754cbf9ded6362937f5826292b31de7d9ad7a3 484454 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u3_amd64.deb ed0ba68f85a5c5f80bd5c8d5ce58017fdb002fd1 477588 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u3_amd64.deb ce48b74f7c116c4177ff8848bbc062b922caaa58 475684 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 1f12806aac5a024e1dcdc791908fea0e8af2 477296 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u3_amd64.deb b2f0516dd150d9fa6557603a5877f308d399def2 948774 proftpd-doc_1.3.5e+r1.3.5-2+deb8u3_all.deb Checksums-Sha256: e083e8f0b11b825ad7ef089553521ac86bb7058e29e67fb5af01799d862b67f4 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.dsc 58fd61b0c49656d2eb28d4633f8838563c9d18503c646d0db746baa78c3e0436 96960 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.debian.tar.xz 7e99cfabb154c963deb1c2d08f9b786228b9fa6d4a1cc530a0f91d929964f442 2460658 proftpd-basic_1.3.5e+r1.3.5-2+deb8u3_amd64.deb cd3066e51df9c144e898b25a451c6786d8511de5d0fc397e22cff48a519f310e 961248 proftpd-dev_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 704fa08812c478a581834228cb6e828e606d9fbdbd974aea6bde64fd275669d8 476608 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 92a1e51a75e5703e075aa93ad51f0c12337bf15d7efc34c99215ca560211b5df 476292 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 59ce7b4e91b538f79d0cc46de1aa1ac686a09539767eb509f2344848ed8657f5 484454 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 5de7788890d6f65cf10c8baf6401bc170f0c4907b0d319a66d413aa5186eb628 477588 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u3_amd64.deb bfe968bb396c399c179ea8eeca56b19cef60abe0bbf7b3ea867a90c113de8ea0 475684 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 631fdf954e01028d5f27c90dac720f9254691d5dd8dd2005a6e5d5986f73bed1 477296 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u3_amd64.deb ff86f7bd06a9daab389d7a8feea0b24af2953ea4c7d7ba0f49cee0f555f223e7 948774 proftpd-doc_1.3.5e+r1.3.5-2+deb8u3_all.deb Files: fef40e244115f23dbe6a2bb97e44a460 2985 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.dsc e3cf82662ac1ad320176523f60ebc59c 96960 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u3.debian.tar.xz 149f6954844f67b89f0a7f595ad8bbb5 2460658 net optional proftpd-basic_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 59d99d9156947be3b28b6b5dde84f556 961248 net optional proftpd-dev_1.3.5e+r1.3.5-2+deb8u3_amd64.deb c03d19783da28bde235579725224c118 476608 net optional proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 7ffabb5954e1c0804e7a91582d10e655 476292 net optional proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u3_amd64.deb bd5eadabcf9ec91e6a09273c7815a43e 484454 net optional proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 00234277d330bcc284bffa647b97a111 477588 net optional proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 312cd6caa3a50d4b66320b0dc6bb01ca 475684 net optional proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 08e89ed770c3eec5c47eb4fe866aa73e 477296 net optional proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u3_amd64.deb 91e1c4d3aa023ba8e047f0f6adfa430d 948774 doc optional
Accepted unzip 6.0-16+deb8u5 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Jul 2019 16:07:29 +0200 Source: unzip Binary: unzip Architecture: source amd64 Version: 6.0-16+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Santiago Vila Changed-By: Markus Koschany Description: unzip - De-archiver for .zip files Closes: 932404 Changes: unzip (6.0-16+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * There is a zip-like file in the Firefox distribution, omni.ja, which is a zip container with the central directory placed at the start of the file instead of after the local entries as required by the zip standard. This update now permits such containers to not raise a zip bomb alert, where in fact there are no overlaps. (Closes: #932404) Checksums-Sha1: 13e82254d642c2dab5155e284353e4ac52bbd063 1850 unzip_6.0-16+deb8u5.dsc d61ae2e5ab400bcec8097c014a4764645332b842 21024 unzip_6.0-16+deb8u5.debian.tar.xz 1cbab0b5bfdb0b6a32cbcc4bbb5094b63f1e80a0 164124 unzip_6.0-16+deb8u5_amd64.deb Checksums-Sha256: c2c5301a102b42ce4ea6cfac1818acef2ea96111f043fed0718619ec2cc07201 1850 unzip_6.0-16+deb8u5.dsc 399f7797b26090f57710f081e1baf948b806089e01468448a6546f8471f823a5 21024 unzip_6.0-16+deb8u5.debian.tar.xz 6bb1bb383aab2f1a3639e6080131d7fd9f4d44b32cca04d28e0de368b2cd2e3c 164124 unzip_6.0-16+deb8u5_amd64.deb Files: 07375c34a6561f94492b57a87e8314aa 1850 utils optional unzip_6.0-16+deb8u5.dsc f51846430dc924e5279a31438630b41a 21024 utils optional unzip_6.0-16+deb8u5.debian.tar.xz 7e776aa56613a3dbe87102a321b52b95 164124 utils optional unzip_6.0-16+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0+GodfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HknGIP/0MANSmWHL67OccmvBj4XsXvkOhtYThIcVVX /jeEiHbvBeOTkhd+hMJy6oUpuyKDYfr4I6G3qVesQ5vp+oLW5PQOhQM+0O5h7ETX Y3jSlyWLLVPJG4xnI/muYls3udiXxqQrVIfA6W+cKEzYoks38Hd3Q39/u/t87Org uw2xxwmQrwEu3QPG4Vdy5+lSANV9rtXlmPSWzCeyPKk2qu0isLKupc18B9ifs7Qp MstKJP/7ydOsHe2QwPcYw1OOZMt6cIzJ93yJtPgPbrza67/SndDg3L/BXlntX5cs BkPBwDoXE0vQ77BMnxjdPHI3ZjVZB19TblvZ/kveuGXu6AdIf1gMhwr7QxRF6rL6 adSCAWJeCrXWf0I80cCg+aP6Ikv3T3sWdYBxS3XpMiOq8SgZXVff2N5P+xhkRMWQ 1gELurRdH/PP+3cD3H5YAGH/yHfgbNfcjsmaD20S6sTwbgbD15OQv4AmH3WrDuFc UHoP2jfNtWNVZhQnecgEZ8ebIN5aDKxM75E7n/iOBBgh0jIc4BGmPnSHtg79OuOo DQnwSlrhB9wd5jKEL3BIQIY50DW1KVVtDRCcaDqV5J7K6/7SIg3X6s4lEimxpRx1 ZZ7AoMQFgReQ6NfAAZK7dv+X8HQUd+RCQ78tgQQE3tPIu4VrqZCbRkSbrvctEcKk Owa/zTxT =CAv+ -END PGP SIGNATURE-
Accepted libxslt 1.1.28-2+deb8u5 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Jul 2019 14:28:55 +0200 Source: libxslt Binary: libxslt1.1 libxslt1-dev libxslt1-dbg xsltproc python-libxslt1 python-libxslt1-dbg Architecture: source amd64 Version: 1.1.28-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian XML/SGML Group Changed-By: Markus Koschany Description: libxslt1-dbg - XSLT 1.0 processing library - debugging symbols libxslt1-dev - XSLT 1.0 processing library - development kit libxslt1.1 - XSLT 1.0 processing library - runtime library python-libxslt1 - Python bindings for libxslt1 python-libxslt1-dbg - Python bindings for libxslt1 (debug extension) xsltproc - XSLT 1.0 command line processor Changes: libxslt (1.1.28-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-4610: Invalid memory access leading to DoS at exsltDynMapFunction. libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2016-4609: Out-of-bounds read at xmlGetLineNoInternal() libxslt allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. * Fix CVE-2019-13117: An xsl:number with certain format strings could lead to an uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte on the stack contains the characters A, a, I, i, or 0, or any other character. * Fix CVE-2019-13118: A type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, leading to a read of uninitialized stack data. Checksums-Sha1: aa5240d20fc7fdfbccdb19ae503fedd3ff38909c 2554 libxslt_1.1.28-2+deb8u5.dsc 5d9ffef4479418f254545dbd59648e6ec4efaf89 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz 2888e99c3af44d7cc916bb588f5f9ad6d99d1ce2 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 4997eb9da7f12c1eab754a7ecfa1226b9719abe4 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb c70e6e9f9ba4a742f77e7da0ca8325b86dfac79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 1aaca9459be4d495fc749be484f46455d9ae9402 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb bc8edafe4cf996128dc07c5c1b52277ecfe4f373 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb a1a33e3b8a3b52920de69e830fa6f70bde6aa56b 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Checksums-Sha256: 07e3b5c407fe8b16a149016c644564f8fd8f5e028d23c0908b8342aeb29dc8ec 2554 libxslt_1.1.28-2+deb8u5.dsc b16233b1c69d3d46b0c5354e50e1bde721101ebd5af8b36797a076f4b60aa095 40992 libxslt_1.1.28-2+deb8u5.debian.tar.xz b8725bbac6039f3d3349ef9ce0b2d605a94d96e6c113b72136d986dbcf6dd1ed 232996 libxslt1.1_1.1.28-2+deb8u5_amd64.deb 2aaee466be04abdaeb2505bccafc5cc1ef45e27f26e2bc3e47cf17544d854c92 513812 libxslt1-dev_1.1.28-2+deb8u5_amd64.deb 3a0ac8cffde48a68e1c7d81337a02395b48abe86f3050739e7ee5ed56cb1f79e 480192 libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb aef7168c6243d5376457c01dec1b226f1527e2bec342afd1a99deaac48ce69a9 119062 xsltproc_1.1.28-2+deb8u5_amd64.deb 16a9620dba9f4d9e267b5ef4fd6af5a58d746f7b5a34c1d1ffb6e9882df6ec9e 139576 python-libxslt1_1.1.28-2+deb8u5_amd64.deb 0c99004aa2f250cc94519831260075857de76dd7233071c9222f96c6c0f5da3f 222380 python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb Files: 8f5410d80471a408a166e90286a3fb2a 2554 text optional libxslt_1.1.28-2+deb8u5.dsc a71ce544bd4154da94c7a97beb5daf40 40992 text optional libxslt_1.1.28-2+deb8u5.debian.tar.xz fc9cabc797e42428784a010424ae3c7b 232996 libs optional libxslt1.1_1.1.28-2+deb8u5_amd64.deb df5e523058d21b2eec8e0e1ec958c0fe 513812 libdevel optional libxslt1-dev_1.1.28-2+deb8u5_amd64.deb df538b575fcbfccadf6a7ab2022dec4b 480192 debug extra libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb 42a50d14da380f4fc48f715d58c93646 119062 text optional xsltproc_1.1.28-2+deb8u5_amd64.deb 0c0673ce58b900533946818465112c8d 139576 python optional python-libxslt1_1.1.28-2+deb8u5_amd64.deb 559f25ab7eca07a1152fbac3f0aa4d8e 222380 debug extra python-libxslt1-dbg_1.1.28-2+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl01uQtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqQkQAKohZX21KCGorNfYkCfPsjEvUptkxBlp0gEQ Y8JrYr6MTVaAd27Db2/Lgz6gf0KpO1fMKJ4KA0O6+r2fU3vGzMIcIWxZ8926ndT6 R+CJQL7clBgq27EY/cSpAhbxvKyzUuqpm758nNdRQbmfk4k8acx6fhMyM0AOVxMu HX8GgNl8vUi17XWEVPpBYwdzFMR4EQ6AhIo681UWaL+Ms2NX9C71f3I6QK6BVqib WaxXvCs+Ry/+o+oJ1stlc8t+V5/FxwhQpwQG5eb4M/5zj3W598Qv9VP7aiqqRMsL DUltiWNpHQVoAHLvfehYO9BzCx6qri8onPk8aqaovCSPO4+crwtgCtpLPZgX2tSA Ey9bWSRgZfQ80L0oWq7ScY41YcH+jPHl4/5/J2MJGwQlj1Odt5I1jDDcXDoK2dmz 3CLw6GOxNYdb4mHsziY4YoieSScLdC0Bbn5xzbLIY2EgRejCkHRVZlzNtwoPAwbM WPb
Accepted libonig 5.9.5-3.2+deb8u2 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 17 Jul 2019 14:56:48 +0200 Source: libonig Binary: libonig2 libonig2-dbg libonig-dev Architecture: source amd64 Version: 5.9.5-3.2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Jörg Frings-Fürst Changed-By: Markus Koschany Description: libonig-dev - Development files for libonig2 libonig2 - Oniguruma regular expressions library libonig2-dbg - Debugging symbols for libonig2 Changes: libonig (5.9.5-3.2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-13224: A use-after-free in onig_new_deluxe() in regext.c allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The attacker provides a pair of a regex pattern and a string, with a multi-byte encoding that gets handled by onig_new_deluxe(). Checksums-Sha1: 577835fd247352a443aea137c52b2867424b55f1 2052 libonig_5.9.5-3.2+deb8u2.dsc 804132e1324ef8b940414324c741547d7ecf24e8 587874 libonig_5.9.5.orig.tar.gz 6cd0c735502eb29b4f19000f0aaf1a3d1fd1398d 8856 libonig_5.9.5-3.2+deb8u2.debian.tar.xz a3d58474f99934541e7f45d59e7ec4f519be0405 118194 libonig2_5.9.5-3.2+deb8u2_amd64.deb c38cd75b5dbc143af574552d04e4f30bd04e6be3 200780 libonig2-dbg_5.9.5-3.2+deb8u2_amd64.deb 29fde0a527633d79d33af846b6055d7d0eda90b4 79500 libonig-dev_5.9.5-3.2+deb8u2_amd64.deb Checksums-Sha256: 9f18307e1a4dcbf0e4eb6f9270e16a4d1184da8734064be12967515798dc6350 2052 libonig_5.9.5-3.2+deb8u2.dsc 9f49ae7819a5f47e25449d0e4b010d479f7868a24a7b9884b47041b49a76438a 587874 libonig_5.9.5.orig.tar.gz 0ef168eeb768792e8d28489ccdfbc60d12df64825e7cc2f2f340ba0b2d79a45d 8856 libonig_5.9.5-3.2+deb8u2.debian.tar.xz 2d3fa4ee3633d791a1f4111f21e8ff4ee13f8b2ee44f3bb08d6844e506ec8632 118194 libonig2_5.9.5-3.2+deb8u2_amd64.deb a49b35e44d25d8dacb795c36ec6e797bccde98308098bd319c8ecdf9110c2cb9 200780 libonig2-dbg_5.9.5-3.2+deb8u2_amd64.deb c2e7a78a86526553540734ba7e544948eb8a74d81a3f611e7935001d331d006f 79500 libonig-dev_5.9.5-3.2+deb8u2_amd64.deb Files: 85210f4889c44465221ff5d187d9629c 2052 libs extra libonig_5.9.5-3.2+deb8u2.dsc 970f98a4cd10021b545d84e34c34aae4 587874 libs extra libonig_5.9.5.orig.tar.gz f5a13615f57395da29ea5eb4c560dc95 8856 libs extra libonig_5.9.5-3.2+deb8u2.debian.tar.xz b911c28b28f7b26fa214c6511b2c118e 118194 libs optional libonig2_5.9.5-3.2+deb8u2_amd64.deb 461cc6b4485c38ff6285f272d855a5f2 200780 debug extra libonig2-dbg_5.9.5-3.2+deb8u2_amd64.deb f7cf35a6d4990614e05c555961fee67f 79500 libdevel optional libonig-dev_5.9.5-3.2+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0vHqJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkyvAP/A8ozF1tpueiujv9d2S18Xbo7iv+Fnb0oFCl hw38ieIV3Zi7pjXHb+aqv+C31beHYZYAID8pWDktYravaO5FPS3n24RUxWNt2fDc dQdqU0NeuGvclNqtRyRoAHM52qQ7UJE/XIt4Vsp8/mtO3g/5b5XcfWeBytr0dgHp j8QBW8LlM2BfyhecP5ADO3cPu1sm/7wq1/NDdM5hH2vFO+YIVOnEeWSckIE69Cl+ cMKLLnbRp4WCsVrdhyyCNChqx9ah+XAJhRWDU0O8dt/mpWsHmFco1tvnlPqIsgXI saJ54SOja9qDDJz1rR0qRCitjh5Kz/zr4Tg8gudj3VqOVliCd8IflRqp1Fr4IugM 8GZOtIIGdw8Uv+GzzujQ6h8VA3lAL8tg+kIJi83hkm6uF3SAQ12r9ht73vcMjVHx 6KySt/GGKC3yFGQo7k9QycCpJL3D+RKJqwlK3M3F6TNV21qd3zzWFlZG/p9FT/Rx FWEdXkmYDjtqMtNlxsZ5CpdmTbN9IIIXYP5ZYMz2WZxCIg0Gx7X46HPl87VkaM88 5r0mQQZxHJfmrGgyfQObUP5adHmvGTIHN4WtERJANAHtzl9BxgSExZS5jZiB0Rzu edIP7VP9+tsyw4zfiMO4aWFMX38rs6UBkZlBqMqMQISQDlvtadvsUW2+eoKtlsCN OAjG/428 =rs/p -END PGP SIGNATURE-
Accepted openjpeg2 2.1.0-2+deb8u7 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Jul 2019 18:03:52 +0200 Source: openjpeg2 Binary: libopenjp2-7-dev libopenjp2-7 libopenjpip7 libopenjp3d7 libopenjp2-7-dbg libopenjpip-dec-server libopenjpip-viewer libopenjpip-server libopenjp3d-tools libopenjp2-tools Architecture: source amd64 all Version: 2.1.0-2+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Debian PhotoTools Maintainers Changed-By: Markus Koschany Description: libopenjp2-7 - JPEG 2000 image compression/decompression library libopenjp2-7-dbg - debug symbols for libopenjp2-7, a JPEG 2000 image library libopenjp2-7-dev - development files for OpenJPEG, a JPEG 2000 image library libopenjp2-tools - command-line tools using the JPEG 2000 library libopenjp3d-tools - command-line tools using the JPEG 2000 - 3D library libopenjp3d7 - JP3D (JPEG 2000 / Part 10) image compression/decompression librar libopenjpip-dec-server - tool to allow caching of JPEG 2000 files using JPIP protocol libopenjpip-server - JPIP server for JPEG 2000 files libopenjpip-viewer - JPEG 2000 java based viewer for advanced remote JPIP access libopenjpip7 - JPEG 2000 Interactive Protocol Changes: openjpeg2 (2.1.0-2+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-9112: A floating point exception or divide by zero in the function opj_pi_next_cprl may lead to a denial-of-service. * Fix CVE-2018-20847: An improper computation of values in the function opj_get_encoding_parameters can lead to an integer overflow. This issue was partly fixed by the patch for CVE-2015-1239. Checksums-Sha1: 3f805cf537d7753c27aa44bfd113cd08204c955a 2916 openjpeg2_2.1.0-2+deb8u7.dsc 5100bc1add63c6e6ce755e98715373aed05aeb37 31564 openjpeg2_2.1.0-2+deb8u7.debian.tar.xz 0fe8e8fc5df444c5f9d8b1ac49e0447e98cced10 39070 libopenjp2-7-dev_2.1.0-2+deb8u7_amd64.deb 5e5ff86bac4a82827537426b1d79eab0ac4f7bbf 117880 libopenjp2-7_2.1.0-2+deb8u7_amd64.deb 8b64806273cddd8c9f81ebc10f844cd39b3a1440 60842 libopenjpip7_2.1.0-2+deb8u7_amd64.deb 5080064886095a000e56ca09be1235afb27b2348 85836 libopenjp3d7_2.1.0-2+deb8u7_amd64.deb 1abd955d06f2ff273be35033c439677e9c8c29ed 918866 libopenjp2-7-dbg_2.1.0-2+deb8u7_amd64.deb 83c994c04984e62d7d733f37fed89d8528aa8e3c 29082 libopenjpip-dec-server_2.1.0-2+deb8u7_amd64.deb 3f4dee20f35e4997d209ee5f0caefcd8316b7f92 45816 libopenjpip-viewer_2.1.0-2+deb8u7_all.deb 7464a7da68df6afbbdac074ccf92f7527dc83626 49938 libopenjpip-server_2.1.0-2+deb8u7_amd64.deb dba5dd9cfcf8a42197b57170785d5e66da64cca5 41798 libopenjp3d-tools_2.1.0-2+deb8u7_amd64.deb 603a07518f2882b73209ce407972fc7142d3d1ae 79622 libopenjp2-tools_2.1.0-2+deb8u7_amd64.deb Checksums-Sha256: 678395a2c0d87687d5c7c7ce38657e19e11c9ed09d14f009ffb5a1f49ca71e30 2916 openjpeg2_2.1.0-2+deb8u7.dsc 07f817124e7455e70ca7bffbaf917140a39315eeed0fa9d4a51673199eb0c029 31564 openjpeg2_2.1.0-2+deb8u7.debian.tar.xz b4d14c0ac26232e7061499ef520f0c02abbf9d1f8a5c0188e73008b31f9c701a 39070 libopenjp2-7-dev_2.1.0-2+deb8u7_amd64.deb 28022914e2538923a7c9b8f1d4dd3def600a6a9a1635ff27ad2a94421c457130 117880 libopenjp2-7_2.1.0-2+deb8u7_amd64.deb 08b8f9b190017de90e4dc3d435ca23a3abaef6197d8f4c1e2e84f0320283b3c7 60842 libopenjpip7_2.1.0-2+deb8u7_amd64.deb 726b503795a276618f2e7892194aaffd41b2261b5015316fde3ce70acdd5d6d7 85836 libopenjp3d7_2.1.0-2+deb8u7_amd64.deb ee56944184ecde901e916302337c6958e01cb01377df4d7eaceb77ea941508c6 918866 libopenjp2-7-dbg_2.1.0-2+deb8u7_amd64.deb 5953714b0033812362f417a9b1e5e3a04317078994178ecfcc0cb04ca24ae2a8 29082 libopenjpip-dec-server_2.1.0-2+deb8u7_amd64.deb 07afd5eaf1942c78e464535703572010822ee4df09b77b5fc95649d3cbcac325 45816 libopenjpip-viewer_2.1.0-2+deb8u7_all.deb 2c00e9be878c617ed2ff1237b572b4d1602bdfbf15c7353ef477966ef3a93a84 49938 libopenjpip-server_2.1.0-2+deb8u7_amd64.deb 5cecb844ecd5d89ad0179ded38eef173ee46ae8139e760b6a3d4af0e60b2a78c 41798 libopenjp3d-tools_2.1.0-2+deb8u7_amd64.deb 61ac0fb1dabaf21ab41c80651e24e4ed43c3a34c7f423fab595711a4c6f09aaa 79622 libopenjp2-tools_2.1.0-2+deb8u7_amd64.deb Files: 2bf30e429ece4f9959d0dd24246cbc1f 2916 libs extra openjpeg2_2.1.0-2+deb8u7.dsc f0bbdfb5070f19ee22f29215ae6d5487 31564 libs extra openjpeg2_2.1.0-2+deb8u7.debian.tar.xz 8d80b85fe36a501b91a579441d339c01 39070 libdevel extra libopenjp2-7-dev_2.1.0-2+deb8u7_amd64.deb 4460520a6f266394665a7b37b71f55b1 117880 libs extra libopenjp2-7_2.1.0-2+deb8u7_amd64.deb ff20e3b55ec0d6ec2577e9546488f4b4 60842 libs extra libopenjpip7_2.1.0-2+deb8u7_amd64.deb 0cbe954bf11286fff9511e3b3f460245 85836 libs extra libopenjp3d7_2.1.0-2+deb8u7_amd64.deb 7fa460994df6e90d46375a784521889e 918866 debug extra libopenjp2-7-dbg_2.1.0-2+deb8u7_amd64.deb d21ec9f18fa67cee469dd5e54e774f8d 29082 graphics extra libopenjpip-dec-server_2.1.0-2+deb8u7_amd64.deb 2258120c66fff4408236dc3775398cea 45816 graphics extra libopenjpip-viewer_2.1.0-2+deb8u7_all.deb
Accepted unzip 6.0-16+deb8u4 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2019 19:44:27 +0200 Source: unzip Binary: unzip Architecture: source amd64 Version: 6.0-16+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Santiago Vila Changed-By: Markus Koschany Description: unzip - De-archiver for .zip files Changes: unzip (6.0-16+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * David Fifield discovered a way to construct non-recursive "zip bombs" that achieve a high compression ratio by overlapping files inside the zip container. However the output size increases quadratically in the input size, reaching a compression ratio of over 28 million (10 MB -> 281 TB) at the limits of the zip format which can cause a denial-of-service. Mark Adler provided a patch to detect and reject such zip files for the unzip program. Checksums-Sha1: 9707794b8a62e66f1a0496634ff2c8ada550e95b 1850 unzip_6.0-16+deb8u4.dsc e4c2c98a87b1579e6611574a07ed4d4338e734f1 19880 unzip_6.0-16+deb8u4.debian.tar.xz 7f94a48fa756fec1d31ad9485196ebc6b2631d70 163836 unzip_6.0-16+deb8u4_amd64.deb Checksums-Sha256: fd218267b9256a12ecb3165f2af7ce559d4f5877388f6bb6395b0ddffee62e7e 1850 unzip_6.0-16+deb8u4.dsc 4806bbe3dc9a1705f2da44206fba063064cb3cd3438b256c3703f806b39179ea 19880 unzip_6.0-16+deb8u4.debian.tar.xz af4ffce422730eb723eb0091263392f5648ad5c4a2a6fa7c665f72a4e97976cf 163836 unzip_6.0-16+deb8u4_amd64.deb Files: a210d5414946dfa3e0c43ff16e706dc9 1850 utils optional unzip_6.0-16+deb8u4.dsc fcb55c3625eaf5d1152676696e469eca 19880 utils optional unzip_6.0-16+deb8u4.debian.tar.xz 1f0d137a72b896f0a15497424a2451a0 163836 utils optional unzip_6.0-16+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iPONfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk+d8P/3IzU7XtloT80Af0vuB2H6C5zQycuIA8TakX l/VwakjUzspR+2Tkg5lJku4WBHrkwkymy28i72Y8jsdBR0Ao2K1ctiMK1yaOmdB6 AjGcqd8dFYPvZxeNiIvfMxVb3QqzwUYqKhkXCy3/kv0vWPPvkDchML2Ja72G+29g fv4WQ+CRuZZSlA0Z+Xo19ffUTcqUPafTY8n472Y/6lQE3jvQSbALEuUrkRVqXk9c RgXhkB9y4vWUrrcL+IqnqRlUChtEUmXm7fKv8RW+LDf19TPZR/QTWsvMFrqJJPyB nYxQCdekOJms50DHsJJ7M7txDVCFOFUXPjxQi7gBLeGXh8c5qfOvE7ppp5sBLOxn RhPoe4AEpnY9Fqq5130/Em1v4fZebz4HWU/5aZIt09Yu8IM/ygn9ayH6SPHd5pxD /DRDmIaJ2ztyjKgr/ggT03uhzTTnu78K6cOBoKKWmmFLIAdYm/K2cUL6iWsxJwtX bLM5j0TjeeuP0a4zZbTDvv7ju5NAbpmZrtQ1XA9JI+r1Zu3uiLFHj9X+JDNbwYCo DDogw9Gwj4KFmkNqRl0bNXKhpE/ngDZcrE/vyJQlrq3T+Z0uYieuNLDh6rYeC7AM itzVAlnZ4I90SwZ9OnjU4N44XsgY2mVSYQSR10SmfIuziL9EcfYjzmTsDVOBMAY9 bB5CpCo6 =kAmt -END PGP SIGNATURE-
Accepted dosbox 0.74-4+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jul 2019 16:11:38 +0200 Source: dosbox Binary: dosbox Architecture: source amd64 Version: 0.74-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Jan Dittberner Changed-By: Markus Koschany Description: dosbox - x86 emulator with Tandy/Herc/CGA/EGA/VGA/SVGA graphics, sound and Changes: dosbox (0.74-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-7165: A very long line inside a bat file would overflow the parsing buffer which could be used by an attacker to execute arbitrary code. * Fix CVE-2019-12594: Insufficient access controls inside DOSBox allowed attackers to access resources on the host system and execute arbitrary code. Checksums-Sha1: bdf382d71bc19177b8ee16715164e1325d1f44c3 2084 dosbox_0.74-4+deb8u1.dsc 2d99f0013350efb29b769ff19ddc8e4d86f4e77e 1265711 dosbox_0.74.orig.tar.gz 60504d3f51bf6da2d142f486368de7ff4dfc758b 89604 dosbox_0.74-4+deb8u1.debian.tar.xz 5aa62bfe2b22d8906c42734712de7cbfa0fa3907 856084 dosbox_0.74-4+deb8u1_amd64.deb Checksums-Sha256: fae54ef4f103655658de5e907bd3e68a990c87c4188791194eb8ec11b52e91b7 2084 dosbox_0.74-4+deb8u1.dsc 13f74916e2d4002bad1978e55727f302ff6df3d9be2f9b0e271501bd0a938e05 1265711 dosbox_0.74.orig.tar.gz adec00e5819ec32f288bfd651cedd0a6efe44b0febf0efc526c6ec2a01906d64 89604 dosbox_0.74-4+deb8u1.debian.tar.xz 21dff1311073e3d16b02720a413e89830aca2a18b32f95b872fee4a47e44db01 856084 dosbox_0.74-4+deb8u1_amd64.deb Files: 96be28835bf8f93d6366cc4c89c23f81 2084 otherosfs optional dosbox_0.74-4+deb8u1.dsc b9b240fa87104421962d14eee71351e8 1265711 otherosfs optional dosbox_0.74.orig.tar.gz 75572d076a55b60892d66ebbca453ceb 89604 otherosfs optional dosbox_0.74-4+deb8u1.debian.tar.xz 9bd499a7f89a92657e826531727338ea 856084 otherosfs optional dosbox_0.74-4+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0iDKBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkjyAQAKfFRei6RooIUcYLP4+V0IeIUaJaWg8O6Y95 +Vn8rsfK8yxWtxHu2sC5k2Lk6qlQqn6l3jtlRw+6+hWfO8TJj8Y1nHC8l25kRHSP eAMM/py4wfpGiUknNtXG9RwSFhxlLdRpXazlJ3UuiAAdoPR71e/talM2qiRzFFkv Y/f5mkF/6s173S/JaMCCjW3I7xiC0xQ1gqoQ9SN/H8lUwDyYtUKuFJNObjymFleb lAwCt1/pa3PCsT2tP5khP8PSz4VundgndnnWxEvAGUmPjxkHN1jia+Cz+cTAv7cv lg0dUE00IrbB9J67DEWKXWZovav9RKZg5EWuCkKRbMR50TlGcInvpMKljouBIns5 SU/jH09sT2swYFQjQPjdip5rFPYWZTYYKP//4As11NQ38z7lr26ZD+JcrNsRwR1i k2CdYdz1R4pHR4Cz71RRv9siZTvmyFTM+XQbvn5QdiJNxRepyUp4/llyN5Fgvr0n ClkZaeGB0NqXopPHy7NdbhfcY/IL8j7fGvzLqB5q0UNYRAYYkQ4vB90pVP54PSsJ Uc1mbUfNtouck9ks47pfQk4RkIZWBlsbiAfzM9g99z9U5+ZQTWQoEd19ddYUUtZV pblJq74LLkAUCOVVSDGpKa/HCdnLAPCKwhAVq9OLsaSD09vns6LGMKwVwZYnvb11 xNENCmor =qOT6 -END PGP SIGNATURE-
Accepted expat 2.1.0-6+deb8u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 29 Jun 2019 15:28:34 +0200 Source: expat Binary: lib64expat1-dev lib64expat1 libexpat1-dev libexpat1 libexpat1-udeb expat Architecture: source amd64 Version: 2.1.0-6+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Markus Koschany Description: expat - XML parsing C library - example application lib64expat1 - XML parsing C library - runtime library (64bit) lib64expat1-dev - XML parsing C library - development kit (64bit) libexpat1 - XML parsing C library - runtime library libexpat1-dev - XML parsing C library - development kit libexpat1-udeb - XML parsing C library - runtime library (udeb) Changes: expat (2.1.0-6+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-20843: It was discovered that Expat, an XML parsing C library, did not properly handled XML input including XML names that contain a large number of colons, potentially resulting in denial of service. Checksums-Sha1: b61f01a4d40b89eb6a610732ce5952f172300256 2443 expat_2.1.0-6+deb8u5.dsc ab46f03fa47ab459ba8d06bd28d967a903c01f07 22932 expat_2.1.0-6+deb8u5.debian.tar.xz e9db595e74bd382f994f585f29589d6102c5a9e1 126386 libexpat1-dev_2.1.0-6+deb8u5_amd64.deb 1439ac87aa415d18e0a4ddbabce61b4e06980058 80306 libexpat1_2.1.0-6+deb8u5_amd64.deb 7f8e47cac34a5b4217b108202568bf2e5cba67e1 52186 libexpat1-udeb_2.1.0-6+deb8u5_amd64.udeb e9fbea5a59357e9818c81d16ff556c125782e769 24342 expat_2.1.0-6+deb8u5_amd64.deb Checksums-Sha256: a3dd7aa5ee6c407abc6e61fb77cfcbf168904086db8f18682f0c31f2bd410a53 2443 expat_2.1.0-6+deb8u5.dsc 2daf883dd385cf4ae686f8c2a7057e8cdc6a7368893de7f39b5c5577d4a50049 22932 expat_2.1.0-6+deb8u5.debian.tar.xz d17c83371511ce2042eaaff3d05c6aaf5d952bf508dee9274f1c772778cb2e51 126386 libexpat1-dev_2.1.0-6+deb8u5_amd64.deb 25baa2a993d2514f4d4a31ee6a68f4e62f2028c3fbaa9cd0d445e163290ca8c3 80306 libexpat1_2.1.0-6+deb8u5_amd64.deb b3a7a7068e65c1c4a10a8ce210c75d9677a66649585345370ff0fc52371ef4a5 52186 libexpat1-udeb_2.1.0-6+deb8u5_amd64.udeb 7e237391b6595b09dd75b34b629ba3971dd21ea68873b5362d8884ffded832c5 24342 expat_2.1.0-6+deb8u5_amd64.deb Files: 9de5050508a827a823cc26c48f249eb4 2443 text optional expat_2.1.0-6+deb8u5.dsc 26dbefb7f570225617c9565e613b7bf8 22932 text optional expat_2.1.0-6+deb8u5.debian.tar.xz 685d147fc8cff20982c41953022eadb5 126386 libdevel optional libexpat1-dev_2.1.0-6+deb8u5_amd64.deb 60ef88e38960756916d5f01b68daa826 80306 libs optional libexpat1_2.1.0-6+deb8u5_amd64.deb 41f7084a8e1431a76615411a08200c15 52186 debian-installer extra libexpat1-udeb_2.1.0-6+deb8u5_amd64.udeb dae142046444ce424f1d3f8a9353edf9 24342 text optional expat_2.1.0-6+deb8u5_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0XfH5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkrjIP+gJA1C910AogUBPlJk66cSClrTpwn+mjAJIA xG6nwKe2zQSYSMg6C8K20HFz7Gm2TvY6xIkB3lhkc/PbdPyNZmXyMC8fhukNwObI 1eJMBLtTYVhQ7yhV7U1rqF6aSAk35eruARTMgVzFQlT0mL7cmVUJeLSb/0JkXNS1 CgpYhuQOy3Miayd6UL2NInQyWMaWHCBpCb7m6pBgxXIi5EdpYM1T24Oj7UWX5kHo Ru0KRZRuwVVpSH5E+lrDXZp1/uPXjYhIjuWCl1AJFx6fJsIu/2IT5m1pwWErfWpT 3DL6cNGLplGOQ/XmPBPTum8kyP8nxQHyE672ZyezOJZ8sW4cIOTS7M6+2awZl18o G335+bZrEhNRC5D1+a8kfkbY6wqcJEMp04XlZtUESRxpTWzHMPaMCkn/IdzSwjds 36ZHmEsEb7WGmweAO9YcPlT27RAcUMLz1XwcC3J1kV9kYNuIHSJk1phsHk8WxGxH XZkfUV32MvrCek9ek43xQbaf74U3nIBNdxDSHXYBduds/8Ga6x1TeapLbnSK3Zml +I6H1tsTI/JCoM7FbZ1Mo6bR1E+wMTCsALZWZkibIFNsingOr7D0JTDDVK3bdwJR q7bHhOKIOxZVUcZy/x0w7ogUXHJuPVbUzSrnSDKy0tfgzTTEdZmAPP3YsIEz5O1f dhd8Mit+ =ZjLq -END PGP SIGNATURE-
Accepted jackson-databind 2.4.2-2+deb8u7 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Jun 2019 14:16:32 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * More Polymorphic Typing issues were discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x or logback-core jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. Checksums-Sha1: 740f82394a856d212296eb22ae2aa5edeaf4e981 2691 jackson-databind_2.4.2-2+deb8u7.dsc 67c84c8fef6daf4726afb42b465a321ff57ea0c9 11048 jackson-databind_2.4.2-2+deb8u7.debian.tar.xz a75dbb35c5b50d6718c3de08604fd788632f8063 987418 libjackson2-databind-java_2.4.2-2+deb8u7_all.deb d1919f4a9d484e5d0d26a918fa889e87ef4978be 4746840 libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb Checksums-Sha256: f7a7ec0f2e5bd05b740d4662c538af204787e1e76047aac2b17ea02543d22eb9 2691 jackson-databind_2.4.2-2+deb8u7.dsc ab603541d2449ccb0254709464000fe6756d4eb3ab3c7ce952e4d385fcefa7ca 11048 jackson-databind_2.4.2-2+deb8u7.debian.tar.xz b9cdd0ee518eec9fc3bf6002aa4f08e0183e039a2ab0fb2525f9ca571933133e 987418 libjackson2-databind-java_2.4.2-2+deb8u7_all.deb 7990308100acff9c3b70da47232ad28b55b834bf2b8af24319068a1a875795b1 4746840 libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb Files: ecec562643030fc24a77f0d278a8a06b 2691 java optional jackson-databind_2.4.2-2+deb8u7.dsc 1ebe23d1525c997a805629bb5a788416 11048 java optional jackson-databind_2.4.2-2+deb8u7.debian.tar.xz 4f5351e8d0b4bf82aac548d13cfb6606 987418 java optional libjackson2-databind-java_2.4.2-2+deb8u7_all.deb e4c3b7e19e512d2e42c7a5c2ecd9a5bb 4746840 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u7_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0MzVNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRH8P/iWXV+YoaTBk76azq9XKltJL5IsuRnBN/4F0 tgS4/J0eUSLEfVnYZ5PDIvz3Cj71gtGAKyn3LLKKeIMY1x0LOIBYMhI0nE9KJKAZ f4NNF9pGkMFjMeIW81glj23ujS1LqC+i4ayZaH71qr3f0Y21ZeCor1ZzXRQwzxYR vqoZbXEtFvG2Gbj7C9jVrgFIG+wJzcqS/g6tf0gs5ERGhikRFaVu7Xu4N+JuyGbN qFCtjeO9yJ2GosvaIu+iNoj7FNmOzV7URrSefituJ0zIfb6BlQASUOdNSEOtwNs3 Fal/AIbl9vIh2vpbZi1iN1y9/aLLPhkVdGR87DgQCouvhpfJGb/jfU4Ri6GvpE3d usT2BGmOeu3eFJNB0NbuvaNnBb3/QuFvG2shTLKUbmxxdSgRDN1W/QHNsnTL0UW9 hOGGKVpctU2n4Lv0/fdoWKvx0wVRXVrvWUQ2mpFeoak/FI6dlkb746gQC78sWfYr 0uLZysxsoswt5EPUCEaLOcfdoiV7kqMaPyRxzFqXWO0u7fCp6poESqZwFUG+E2Xq uGUoUFXZXQF/ji3UwqFkXteo18CxUS0/3qQ1Kh10Qp8eAMkmqOKMktXmCpNUAlZG QV9ymywp/r6/6gxARWk33wh17q2ooLEJPJaI24iT3fqJl74c+kD1S5wiCVudnhG8 3CaePqBa =sFNn -END PGP SIGNATURE-
Accepted gvfs 1.22.2-1+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 19 Jun 2019 18:07:45 +0200 Source: gvfs Binary: gvfs gvfs-daemons gvfs-libs gvfs-common gvfs-fuse gvfs-backends gvfs-bin gvfs-dbg Architecture: source all amd64 Version: 1.22.2-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian GNOME Maintainers Changed-By: Markus Koschany Description: gvfs - userspace virtual filesystem - GIO module gvfs-backends - userspace virtual filesystem - backends gvfs-bin - userspace virtual filesystem - binaries gvfs-common - userspace virtual filesystem - common data files gvfs-daemons - userspace virtual filesystem - servers gvfs-dbg - userspace virtual filesystem - debugging information gvfs-fuse - userspace virtual filesystem - fuse server gvfs-libs - userspace virtual filesystem - private libraries Changes: gvfs (1.22.2-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12795: daemon/gvfsdaemon.c in gvfsd from GNOME gvfs opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) * Add only-accept-external-authentication.patch for additional hardening. Checksums-Sha1: 17f2a0846f199aabb692ab548f0db1a559fabcfa 3442 gvfs_1.22.2-1+deb8u1.dsc 73ed1a3249afe0218d2606105ff1d12690218941 1585720 gvfs_1.22.2.orig.tar.xz 553a56ffac0c4d016c35bfbde758f55906cbcc0f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz dfac64f23b07f970ca243bb0b51308b9bff32d72 737576 gvfs-common_1.22.2-1+deb8u1_all.deb 4342bdfbb2cee3e6328e6a62f73f131c224b789c 334254 gvfs_1.22.2-1+deb8u1_amd64.deb 8854679c1c33647a4eb2c53ee767f129fc0806d3 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 67ae88bc37e3b05a368dccecd6b7ea43c0935aaf 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb 71586bf0c187dbab2ebab591e50d553199133e4a 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb 605a7c2baa6edb71b969a2c6870e86a9cd1e8d78 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb 9952ccace0a3907f2e00e4b08f0312ebb204f8d9 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb 24898a9e5e24296b6421ca2792fb8ef333584aa6 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb Checksums-Sha256: 1dcde902c6a35b26e3a6ba16d9eb3105d32fe9f00ec7186291900eee348a3225 3442 gvfs_1.22.2-1+deb8u1.dsc 8d08c4927b6c20d990498c23280017e7033b31a386f09b4c3ce5bedd20316250 1585720 gvfs_1.22.2.orig.tar.xz b42ac53f76d8531b3d00717dec03daae53f02b32521f4afa622db2fe0d4ca17f 19764 gvfs_1.22.2-1+deb8u1.debian.tar.xz 7fa0daf949148a50dd45e2fb9d12646e3fecc117f63fa9c65dd536f4ac1b341a 737576 gvfs-common_1.22.2-1+deb8u1_all.deb d9cf1f707b455174663c7241d278d22142f37233ac1b0ef5f2fd32e5c2dcd74e 334254 gvfs_1.22.2-1+deb8u1_amd64.deb ee6b145f3816fef7d082070179edad3e9fb3493a976659e3147084a51c81cdb1 354120 gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 29ac82d0d917208a73b06d8b5dcf12ed09793e3f8ad1ae3d2d0d43ed6d8662bb 333734 gvfs-libs_1.22.2-1+deb8u1_amd64.deb 635cfae979743d71f16c8ac03a84f7c4e53859e133630adb4227aec1cc6248a4 255284 gvfs-fuse_1.22.2-1+deb8u1_amd64.deb acabe80b304d54f731d351b1f4f69bc0f7009d7353acc44c96025c82180d7c42 535298 gvfs-backends_1.22.2-1+deb8u1_amd64.deb b98a5868d301143482999c2952946ac3ea847f73a8fa4e0ef13cda5f5445212e 276170 gvfs-bin_1.22.2-1+deb8u1_amd64.deb fb38659946ce9c1c572903178d5f76bee162c036ed01e869ba3935397b90e960 1839700 gvfs-dbg_1.22.2-1+deb8u1_amd64.deb Files: 406a1561939eb950b99cb40934726bbc 3442 gnome optional gvfs_1.22.2-1+deb8u1.dsc 6b00ec682a6851bcdad7814dd799e228 1585720 gnome optional gvfs_1.22.2.orig.tar.xz 8a8b6296a38f2b4f432cdab91afe0033 19764 gnome optional gvfs_1.22.2-1+deb8u1.debian.tar.xz a919375ed5a8399ee8905315e9624da1 737576 libs optional gvfs-common_1.22.2-1+deb8u1_all.deb 3650a1619b29c7a87f9932b5eb549f64 334254 libs optional gvfs_1.22.2-1+deb8u1_amd64.deb 01222b41abc7415845c66125d6c19d21 354120 libs optional gvfs-daemons_1.22.2-1+deb8u1_amd64.deb 8cbcc9620a58d8e6743f7fe696339d1c 333734 libs optional gvfs-libs_1.22.2-1+deb8u1_amd64.deb 44c6db056cad3f06d38da02a0ffc3daa 255284 gnome optional gvfs-fuse_1.22.2-1+deb8u1_amd64.deb 03d308befe77b382f0605cf235a36a3a 535298 gnome optional gvfs-backends_1.22.2-1+deb8u1_amd64.deb 870d6c7e203154fdc411f6a7cd42962d 276170 gnome optional gvfs-bin_1.22.2-1+deb8u1_amd64.deb a7290672c2bc140afd8f72a54dadc482 1839700 debug extra gvfs-dbg_1.22.2-1+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0KbcdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkkVkQALFV7CK7q0hUwaXrIsrtlg4LVmHhzvg075Za kEIIZJiwU60M6q2IGqkwmDmSIHEoLQcjjsJ3dlcNUjYKQaStC55t1NQmlzps2wEl
Accepted phpmyadmin 4:4.2.12-2+deb8u6 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 17 Jun 2019 20:37:05 +0200 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:4.2.12-2+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Thijs Kinkhorst Changed-By: Markus Koschany Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:4.2.12-2+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12616, CVE-2016-9864, CVE-2016-9861, CVE-2016-9850, CVE-2016-9849, CVE-2016-6632, CVE-2016-6631, CVE-2016-6630, CVE-2016-6628, CVE-2016-6624, CVE-2016-6613, CVE-2016-6611, CVE-2016-6607, CVE-2016-6627, CVE-2016-6606, CVE-2016-6612, CVE-2016-6626. Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web administration tool which prevent possible SQL injection attacks, CSRF, the bypass of user restrictions, information disclosure or denial-of-service. Checksums-Sha1: fa67ef082a427e7a45faafb46672e0e541e7f6ac 2118 phpmyadmin_4.2.12-2+deb8u6.dsc acb2bfec0f1dfb762009a324ab93d451c82c 5203736 phpmyadmin_4.2.12.orig.tar.xz a9e7a9a274294ea4222081b64a5c949efa500639 78976 phpmyadmin_4.2.12-2+deb8u6.debian.tar.xz e849f37bd8f76e4ca109af43eea620159d984fc9 3859880 phpmyadmin_4.2.12-2+deb8u6_all.deb Checksums-Sha256: 355c6c7294a996ac0f23af1c9303216625f803acda6832ce7ef07abe12ea63d9 2118 phpmyadmin_4.2.12-2+deb8u6.dsc 29a5d980ca16f0ee20437f3e01e2ab553041ccf41ebe26fb18f11261d74a 5203736 phpmyadmin_4.2.12.orig.tar.xz fd7e4751d33c679ea2f596ec14e30591d2ad67add54b169a63c6eea16b1ad86c 78976 phpmyadmin_4.2.12-2+deb8u6.debian.tar.xz 1117415baaae3cb5fe3852b78984f342423c21bfb017ec30827853e04735f267 3859880 phpmyadmin_4.2.12-2+deb8u6_all.deb Files: 68f5347899ca1097c1437d71afb3535c 2118 web extra phpmyadmin_4.2.12-2+deb8u6.dsc 2d12dce0a405db30509793720d1034e3 5203736 web extra phpmyadmin_4.2.12.orig.tar.xz 56f4479edca6b6d81e6f9c9ec324dd0d 78976 web extra phpmyadmin_4.2.12-2+deb8u6.debian.tar.xz b6183475c00b24aed3c9f8515236fad1 3859880 web extra phpmyadmin_4.2.12-2+deb8u6_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0H5MJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkHEAQAKY2uWm2LzKgt6Quk6FkPNjptauFqoYDd026 xQU/sO7Z09//9TbWchjN772KZwjjIIs911TZWUflrPJaWfsLuDunD/FtyKYTzzDV y+XOCest2dKx3MeEEc4qVKw1kLqc1k0iwOgKj2/TPjGTZZxpLq4I2L6INj1E7lYt yd0R2tKRj2KkMSjPE8zwCioNtritbjPS82RKqotkd/z9owwtbhNLmQaZNB6wVj9e EEnYGKt8TFl2wG06QL06v+reS542Ikb+JOsiuq/0dC2q7pMPnSi07+6/msh2p5vk VvheUe0+b096BOhmpDxjt+djlkIayA4sbBSnFtcYAAkftD7kQZs5vJM/9dn17iGS f1ZKgjhNbxEkbI9Ga26stBq9URpFVULHOfU4vlhz24RWZjz4hcMvoaKsGJEaows/ GHso9lLsZch8zdtnZEDADxTTWKMuzTb9Ybh9HPyBPsXANxUzKpNgywOFhw80fh8g iioXkWdEJ//QwKZmZzg5Yh6oTvD/3gCFcEQG3Ngpun72rOYWyu+PLgCMHSDbxwUN s2209KXTipqAHaejUHRcA+EbLVlLkkdo+TToxPOAUtoyooHxmKJUKFyBa3PCQS20 CqahDEnsoX2Wh1oXsEJ8xK8ZvVbXijLpQDPAjKjbw/Gs2x3++wPeNsvBNvMWHfZ1 DerCYkW7 =Fh11 -END PGP SIGNATURE-
Accepted php-horde-form 2.0.8-2+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 16 Jun 2019 22:34:16 +0200
Source: php-horde-form
Binary: php-horde-form
Architecture: source all
Version: 2.0.8-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Markus Koschany
Description:
php-horde-form - ${phppear:summary}
Changes:
php-horde-form (2.0.8-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2019-9858:
The Horde Application Framework contained a remote code execution
vulnerability. A remote attacker could use this flaw to use image uploads
in forms to install and execute a file in an arbitrary writable location
on the server.
Checksums-Sha1:
79af5edbcfc1927e84bcafa42a3819ccb2191504 2182 php-horde-form_2.0.8-2+deb8u1.dsc
b1d79c632d5638dc808bab8338935627b6c1bc9d 192576
php-horde-form_2.0.8.orig.tar.gz
6799b92d8f2eb53bd1ffab3ee2ca20e3b1f5b1bb 2948
php-horde-form_2.0.8-2+deb8u1.debian.tar.xz
7e625aec6a729a083f181ba390819c91ccacbea0 139790
php-horde-form_2.0.8-2+deb8u1_all.deb
Checksums-Sha256:
b6dd6800db31606200d3d895d07ed79acbf2a84341017f8f258558c2c222df2e 2182
php-horde-form_2.0.8-2+deb8u1.dsc
c023ed7a5d5c08f1aaf10ab2a711405e4d80b350b61992dc0a07e6010d37 192576
php-horde-form_2.0.8.orig.tar.gz
08b0c579e5541d365d3317ab62718dcf0192a6d556fdfc62cb03a86f45bae8f4 2948
php-horde-form_2.0.8-2+deb8u1.debian.tar.xz
c90d76b555aba5fde2f65693d9f07e245643dfd334ad7275d1d3aa6c3fc62843 139790
php-horde-form_2.0.8-2+deb8u1_all.deb
Files:
8ce3cb36d0985089682f9b2f7948bc94 2182 php extra
php-horde-form_2.0.8-2+deb8u1.dsc
e7f7ac98c58d23762a2ce2c7580d3767 192576 php extra
php-horde-form_2.0.8.orig.tar.gz
e1897c1e1e40dc5c080deea0faefa12d 2948 php extra
php-horde-form_2.0.8-2+deb8u1.debian.tar.xz
6357e8198c3a79a1ed69d0b44c40c4e1 139790 php extra
php-horde-form_2.0.8-2+deb8u1_all.deb
-BEGIN PGP SIGNATURE-
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl0GqrhfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk9hMP/jIg32KH9Uj2XQoZhxz1YYXENXJrqJvBqYtB
xziRDZvKJfONYxO/ko4EmaB3OJvrxYoKppFq8uepH0oNIITDN0YqiXS6YDVqUtz1
86yVGvc3BUNubq5FbYnG8TfI3gcZVU0t5sNPyfBNYv83j42qhT8Yb65QbIjYgcyc
o7806LAqY2w1aVDsURwHEm6ORlO+otW23C3Z0lx2VsQtTKOWyc4PmWdhAtdmqC+8
OM1jRJq+7dzRT3W/kmbsOQZU3KkItuQbH5HjifFQsFtG68p8O3MaeqFgxjpuC9TI
z4/vTwCOTU6v9beZEy9J2N9ODFHCoAshWxFfMhIaXmFmWXLWQPotSyZznGnvIxL/
VaXemZ6vb25qDt86qr1pUNebMljKIFHto6ciy+tVclHFNIk0F3H+x0hQbTTD/4kd
S0ueg+MTFwa/BacFfBbuxXG8yhDAJH9SGSJ61XtOk3QnAytUcGhmK0tBurWZdEmE
dFJaeDAz+d7o7ycugJHyJEedr2G8ysvEwUA1+w97qOW4jFv1inhrJbWXZaTWL5UK
mG5OcLiSNswOTbusPilJ9RpnNdoXbiHTOzp60adj0p37xUcuetuuF74/bnEYVu9I
myABEuxKiJDcELJW1wtcMT8h2P56M8tHc0I0nXmJwm143zCef2sn4SR1yK6xQAuw
V5NB4LWF
=I6cR
-END PGP SIGNATURE-
Accepted otrs2 3.3.18-1+deb8u10 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 11 Jun 2019 14:07:25 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi Changed-By: Markus Koschany Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12248: An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. * Fix CVE-2019-12497: In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. Checksums-Sha1: 3c772ebbbe6297134ee0a20e8890768540eb05d2 1975 otrs2_3.3.18-1+deb8u10.dsc e59d4daeac44f61ba536fef070b73ba8f6bfb6e2 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz 0f7003292a2c8baf2c31028773a376195b11763f 5683880 otrs2_3.3.18-1+deb8u10_all.deb 41a166a402524029983409d7174586460cf38826 190010 otrs_3.3.18-1+deb8u10_all.deb Checksums-Sha256: b581d8188b3e528a03ea53fe9091faeeff7bf237b0cb39131f6d9162b390f33e 1975 otrs2_3.3.18-1+deb8u10.dsc ef326eebf4979e418e4f0b242bc680d713968853b37abbb3cd727cc45a2c 51544 otrs2_3.3.18-1+deb8u10.debian.tar.xz 155a1e8b2784c223686431ecde4b9a81be19048f9e0a4c3566982b69b307f313 5683880 otrs2_3.3.18-1+deb8u10_all.deb d3e8377fbd2732e5272fc7d8715277fcb21c60ba2992de90373cbd0ebb4203ec 190010 otrs_3.3.18-1+deb8u10_all.deb Files: cd1f37d9843077e72d3dd39043790312 1975 web optional otrs2_3.3.18-1+deb8u10.dsc 78603d6aab585323e3d0273ab0f021eb 51544 web optional otrs2_3.3.18-1+deb8u10.debian.tar.xz 25768457ee237db190cbcc0641566585 5683880 web optional otrs2_3.3.18-1+deb8u10_all.deb 4da8d1ef53b6f92c42fbf86557ae7776 190010 web optional otrs_3.3.18-1+deb8u10_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlz/qUhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkOaQP/jUFx2bbgXqrpk9RWtLvlUVZCo9rDXuR9OAm nXfl9WDs26SN9A2Upf49+HnyNaHcGg5ZbtHaluhNvZAIQtEKhq2En1HHg0k8Wxmb 4h3qpgFqthJeWm91nhSLv/I8mTUn8vnDaedHRD+BXUWRJZmH3/Xb1rzSLf1BrMrO 01VQsxMiq9xSr8zvFnUmU4PON/X70sKqJ9X0rQVCgTm/28QtpM5F0S/Hw2sgqMiU eHZAT1ielDvjuJ9ZHNYHsFBt979FMjdb6t2PG4dbQKIpc5UrXz7N4HRxCTeE8qCD JvqN57CFdj8zo0DynYDHPHsFf8d+NzCep+DhBpIbxO2ZnAxjzYy2TyHCvI5mleTc /CbnPhKoOAvb2Nw0g3mAs8x3vvL3CW36gu95l7j+UJMtYaZftLuzv33AEmi1v/9l bzqCd4vCxvv45/5JeSZdtyT2TZmCso62evticoq1L4rCcB95ZcNQMO2p9i3JjEgc LHHNh0dXrkE286e8LpEmNxaYdZtvqsc3qIjthXTXK/n543TqLtQTonnGA+4qLMKO H8r5izEd8pk4JoEi217Nmf4Sl5tS/7eApR7EfYxpGbb/08AliM+V0octgirpldRY JtI+AIvfA/i7WqMjF/tgQ0/kPzOEnOMDBZ7i2M8GwxNGXBmPFXCbrZVv0EWOcWEn RutwjzTt =0e9M -END PGP SIGNATURE-
Accepted curl 7.38.0-4+deb8u15 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 25 May 2019 22:09:04 +0200 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u15 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini Changed-By: Markus Koschany Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u15) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-5436: libcurl contains a heap buffer overflow in the function tftp_receive_packet() that receives data from a TFTP server. It calls recvfrom() with the default size for the buffer rather than with the size that was used to allocate it. Thus, the content that might overwrite the heap memory is entirely controlled by the server. Checksums-Sha1: db8d41e1c1ba4f0325464d128a7b7fac6a397860 2824 curl_7.38.0-4+deb8u15.dsc 1c213d8e66ee781576ee3f34a59232dfde58a202 57928 curl_7.38.0-4+deb8u15.debian.tar.xz edd64e4e3bac004d730735bbac2852348868f0aa 204486 curl_7.38.0-4+deb8u15_amd64.deb f10a56278c78ccee2a7a9fe898dab6b818dfa706 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb 08c185ca3029ecb53e25ebcdfed212b491efc7e9 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb e913d37ca2a60d3eef20aa7069e804e19a7f6af0 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 5c40236a0f43e47542a9370ffe93b30f7e510469 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 37d11df5efeff2ce5ff961668aac71fcdb6de011 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb beac399d44d663a6ec4be324980e4ea20eb34e71 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 572bb153f414436d7ab1b9d183a80b120660950e 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 856e27a33789aa7adef54e29be6063c1cf467c54 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb Checksums-Sha256: 974ceb515fefc87cb735252d84a406c0b330721ee1f895d935c69828cd1c958f 2824 curl_7.38.0-4+deb8u15.dsc 8fa2d674b499046c23d418c8d0c8e5531f5943a626cedd663c446270399bb8fe 57928 curl_7.38.0-4+deb8u15.debian.tar.xz 0cc00e8cd657455b520f1aea15b303c5c0079be70e9531cf37510fce55eea3ce 204486 curl_7.38.0-4+deb8u15_amd64.deb 64b4b14119affe54a938153d0f00591fc48128d2846b725ced5dc9ac6ea1f844 259276 libcurl3_7.38.0-4+deb8u15_amd64.deb 0a81be423ed91d3ad54fa99c581c07a78140965e546e267e112df56f15cb30fe 250976 libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb 869537d50aa88ae7f87a171672f9ee82f515b00fb669ca70229557db0c384823 260946 libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 33f6abcbdd5e3c581cf1620d23def6fa38c3f7b58f7556dbf2bf5001f4b2d83e 322288 libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 1b93dcdb54363d965891550cc2f9ea438aff7732802d2ed3fbc1741b8d4adae4 314478 libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb b5a23733df9d26bdc8b5792bd2182a675602c8c3213cc1b886b480ce84c120a4 324964 libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 17fbe30034f17a3fe95f1f2cdf7e743b7d3e3989ec4467144f457b4aa2e02150 2603448 libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 1d41baa036f9422c9303fb22fa59d521ecfaa3e97dca2fd82b1ae504bd8a0f52 1068144 libcurl4-doc_7.38.0-4+deb8u15_all.deb Files: 1f172d81b3be00392f302259b1c1d968 2824 web optional curl_7.38.0-4+deb8u15.dsc 5a704a8fef53258163bb583deddd5a9f 57928 web optional curl_7.38.0-4+deb8u15.debian.tar.xz 2abf2f880e4d316cfb1014f99f02b020 204486 web optional curl_7.38.0-4+deb8u15_amd64.deb 62fad725496f4aa307fee0dcfaaf6d94 259276 libs optional libcurl3_7.38.0-4+deb8u15_amd64.deb e92a793bc5b1c5c39b4bd769f090d769 250976 libs optional libcurl3-gnutls_7.38.0-4+deb8u15_amd64.deb 399f156f01964147efae0afa808f160c 260946 libs optional libcurl3-nss_7.38.0-4+deb8u15_amd64.deb 52bf6859d68835fea5e40bd4d4d35e12 322288 libdevel optional libcurl4-openssl-dev_7.38.0-4+deb8u15_amd64.deb 4e3fde41d644cfce797ae6ecf7ac00bb 314478 libdevel optional libcurl4-gnutls-dev_7.38.0-4+deb8u15_amd64.deb ff1099568cc76d3586fcc678f7b6ec39 324964 libdevel optional libcurl4-nss-dev_7.38.0-4+deb8u15_amd64.deb 6c82c09deff33f469b20131ce8d63191 2603448 debug extra libcurl3-dbg_7.38.0-4+deb8u15_amd64.deb 57511016510a988992fceb4a8a1be490 1068144 doc optional libcurl4-doc_7.38.0-4+deb8u15_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzps
Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u2 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 21 May 2019 15:31:45 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5e+r1.3.5-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: ProFTPD Maintainance Team Changed-By: Markus Koschany Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 929020 Changes: proftpd-dfsg (1.3.5e+r1.3.5-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix undefined symbol: pr_gid2str in mod_sftp module. (Closes:#929020) Checksums-Sha1: 72214d990a042a10d0537105c4429493f1083243 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.dsc 0bc6a2ae0fbb51022e245f17c398fb550deb65e2 95884 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.debian.tar.xz de0c226b57bac3b8db395cdf2e81bb59c22fda41 2460010 proftpd-basic_1.3.5e+r1.3.5-2+deb8u2_amd64.deb e71ef971c9f02bdb3c3f35cb42dd2655e6a53a65 960668 proftpd-dev_1.3.5e+r1.3.5-2+deb8u2_amd64.deb f550bb3dd53d46b5991bf2af143cac0a5bd1178a 476528 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb ef446649bff12c0a9f011aec81166a067a7968f2 476136 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb a32de6ac91e6b0448096c62d2a4fbc3d0a05a7ac 484326 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 943e5ff038f9f12419bcdccd00c0298ee38193c0 477468 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 4775adb9a2016b5b6ab18e591b894eca168732be 475624 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 63fe6cd471cf565569ec3e7bbc7c8564ce134248 477194 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u2_amd64.deb cee123e925241627f8cc080690efa97d96e9b60a 948726 proftpd-doc_1.3.5e+r1.3.5-2+deb8u2_all.deb Checksums-Sha256: 9f50563c35c34cfa5e0334be92385d409e900dc9b829e39d834a4b6a751dc0c7 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.dsc 1f194647bfe771ea36d489d484dac9d4cf505655efac173908d807be9ef1dc6f 95884 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.debian.tar.xz 14d95dcd04a7149e15ef48fe200bb92e1fc53882782ccc67713653934703b588 2460010 proftpd-basic_1.3.5e+r1.3.5-2+deb8u2_amd64.deb a9f99687102604986c3098a93aa194addfc33c1bb1e6648e4a7a623bb01c0e1a 960668 proftpd-dev_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 2834ea8505ef799646c3701fe368c76dbbe92655c85765028b57c261fbb1fabf 476528 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb bd5e4c88fca33f1deacccbb2aa7580721c5ff951cd0fd52bee93e866262f48d4 476136 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb c7cec7f8a81a0263f4dc7d1473c62d4674b9423d977ca98118fc24a6ce26ff69 484326 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 23e80fbeb4ba97c36a0f8c616b21839b95a6f646cb74cb3d24ee1e3c0254a2da 477468 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 3c8eccc1b07409719a339073b50f8db917462f83a5444325439af1c80de4ebd8 475624 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 30ac83c82f56b247d9f104c0513234d0283198f2ffa070a3314df69e939ee981 477194 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u2_amd64.deb f6608ae4e2d5edfe3d04a66ba0263eb35f2ccfcaf453958ee5342c72b44b775f 948726 proftpd-doc_1.3.5e+r1.3.5-2+deb8u2_all.deb Files: 96507ed3a87002f5f6e2cd3ad3c70c59 2985 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.dsc 65fdecb05d124ea07d75ea9846d98b23 95884 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u2.debian.tar.xz f21500ca34813a1750522ac43b44a73b 2460010 net optional proftpd-basic_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 296ed691fd601041396299c775512f55 960668 net optional proftpd-dev_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 2a4a2dbd06de1ba0bfda8a952470e96f 476528 net optional proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 62340ce33fecaa32e037973de76967a7 476136 net optional proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 383adbe08f24bb0c1e6b2e0df7cf6052 484326 net optional proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 1da114c0a6c4630ddc9784503171c3f1 477468 net optional proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u2_amd64.deb a4db2c7980365caf3cffde80407415c8 475624 net optional proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u2_amd64.deb 4aea5b66f3b652bf03b1f5e1cbcd13c6 477194 net optional proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u2_amd64.deb a9c4c9ba559a23ee9a2cb14c9ec04f23 948726 doc optional proftpd-doc_1.3.5e+r1.3.5-2+deb8u2_all.deb -BEGIN PGP SIGNATURE
Accepted jackson-databind 2.4.2-2+deb8u6 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 20 May 2019 22:39:35 +0200 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-12086: A Polymorphic Typing issue was discovered in jackson-databind. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. Checksums-Sha1: 8e465473f5f1fc5b2b2d91651c6f72b3056f383b 2691 jackson-databind_2.4.2-2+deb8u6.dsc a773ccd3155897ff4fb514c06775d7ffa0d52abb 10676 jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 4ea2f0830049bb5cf14205f30c204fb444e8d2bc 987274 libjackson2-databind-java_2.4.2-2+deb8u6_all.deb 6d05b3d963869cc142c43708e23036cb030be264 4742874 libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb Checksums-Sha256: b9257c0ed3f5f6efacfb3261e80ec8a75724afff653733b914b517aa96453c63 2691 jackson-databind_2.4.2-2+deb8u6.dsc a627aa6538c8c86330c8e96f8c1c11855645849a6cb6b23ef9c0eea958c880d5 10676 jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 3c7667955dc959d6f5bfe309887a5ce71f610df5814a133ef61ff745edb1624b 987274 libjackson2-databind-java_2.4.2-2+deb8u6_all.deb 223e48adf22d5ac982df84195c72ea67f5d472b62f11c106f93b129c16c04eb0 4742874 libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb Files: d8c47cd70ba0e6bc17c0eaaae6b57fb7 2691 java optional jackson-databind_2.4.2-2+deb8u6.dsc 6234306ae8d9d738a5a3c4402b9e16bc 10676 java optional jackson-databind_2.4.2-2+deb8u6.debian.tar.xz 3940ca30540141e1ac2cd15e394da28d 987274 java optional libjackson2-databind-java_2.4.2-2+deb8u6_all.deb e980e826504d4005029d06fecb7dc833 4742874 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u6_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzjKidfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJ0gP/jH6aBlSayuf+KRp1P0goyXz/4Qhh7Fsp4AO hmUlQ9/uiHKhxnoWhcRx0X60uhg9nWaEFtr0uS3LyWt219FyeUO2maS8qYS8FZCQ c5l4/x+ije7HbY3EeQZ67jj+QQnz669J1ujemLceZw0DE90ESeCxVi/ktHcx6MWt 06RM8ve/UnYOvBJ5fzWUtGbuB9zT1GCiskx1jjTpzUuZ0U84coQeUSATg9sXvr+l tW9roD9/J5D09DKk7ACG8owHudUUXHvtgHsZshNqnmU5ahZOiLrhNU21ej3Wg/dI t6AvnnNKDaR0P3NqR/KDMN/bACwjzguo5sXXJK+HDL97Rw6tINM81Wv7RKdthuAf uWk7hFx0uXOAe8c9HWml6MxsUGkuRoaWJEJnEVgJ2Qz4xDucRs6s4DsGGP8s+yHX HbgTNYj55Mbd4nzr6D5MoemRm14gvGdkpaGGkUYaHCJVccrd/P4jV1/biRdBS0gU TJadHwmoON+vXL9fLMR7bo0juKwAfA+P+PoO6EuquyCboTLGEMFX4IQcHhyHiuuo /CoihREVxOpgdfPhl6SQATyLiXYIKunXGcvxwlxL1O4tM4Pz1IpbvG8UBuoDLkBc +gpsnXqtGL9shsY+EbhmDLM8td/RdQr+/f9fyKAvtF23EPkt+ts13J7Yn7/1SvRz FWQXa6O2 =vJoE -END PGP SIGNATURE-
Accepted imagemagick 8:6.8.9.9-5+deb8u16 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 May 2019 21:58:51 +0200 Source: imagemagick Binary: imagemagick-common imagemagick-doc libmagickcore-6-headers libmagickwand-6-headers libmagick++-6-headers imagemagick libimage-magick-perl libmagickcore-6-arch-config imagemagick-6.q16 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra libmagickcore-6.q16-dev libmagickwand-6.q16-2 libmagickwand-6.q16-dev libmagick++-6.q16-5 libmagick++-6.q16-dev imagemagick-dbg libimage-magick-q16-perl perlmagick libmagickcore-dev libmagickwand-dev libmagick++-dev Architecture: source all amd64 Version: 8:6.8.9.9-5+deb8u16 Distribution: jessie-security Urgency: high Maintainer: ImageMagick Packaging Team Changed-By: Markus Koschany Description: imagemagick - image manipulation programs -- binaries imagemagick-6.q16 - image manipulation programs -- quantum depth Q16 imagemagick-common - image manipulation programs -- infrastructure imagemagick-dbg - debugging symbols for ImageMagick imagemagick-doc - document files of ImageMagick libimage-magick-perl - Perl interface to the ImageMagick graphics routines libimage-magick-q16-perl - Perl interface to the ImageMagick graphics routines -- Q16 versio libmagick++-6-headers - object-oriented C++ interface to ImageMagick - header files libmagick++-6.q16-5 - object-oriented C++ interface to ImageMagick libmagick++-6.q16-dev - object-oriented C++ interface to ImageMagick - development files libmagick++-dev - object-oriented C++ interface to ImageMagick libmagickcore-6-arch-config - low-level image manipulation library - architecture header files libmagickcore-6-headers - low-level image manipulation library - header files libmagickcore-6.q16-2 - low-level image manipulation library -- quantum depth Q16 libmagickcore-6.q16-2-extra - low-level image manipulation library - extra codecs (Q16) libmagickcore-6.q16-dev - low-level image manipulation library - development files (Q16) libmagickcore-dev - low-level image manipulation library -- transition package libmagickwand-6-headers - image manipulation library - headers files libmagickwand-6.q16-2 - image manipulation library libmagickwand-6.q16-dev - image manipulation library - development files libmagickwand-dev - image manipulation library - transition for development files perlmagick - Perl interface to ImageMagick -- transition package Closes: 925395 926091 928206 928207 Changes: imagemagick (8:6.8.9.9-5+deb8u16) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. [ Hugo Lefeuvre ] * CVE-2019-9956: stack-based buffer overflow in PopHexPixel, allows DoS or remote code execution (Closes: #925395). * CVE-2019-11598: heap-based buffer over-read in WritePNMImage, allows DoS or information disclosure (Closes: #928206). * CVE-2019-11597: heap-based buffer over-read in WriteTIFFImage, allows Dos or information disclosure (Closes: #928207). * CVE-2019-10650: heap-based buffer over-read in WriteTIFFImage, allows DoS or information disclosure (Closes: #926091). . [ Markus Koschany ] * Fix CVE-2019-9956 CVE-2019-10650 CVE-2019-11598 CVE-2019-11597 CVE-2017-9500 CVE-2017-18273 CVE-2017-18271 CVE-2017-17914 CVE-2017-17682 CVE-2017-15281 CVE-2017-15017 CVE-2017-15015 CVE-2017-14741 CVE-2017-14739 CVE-2017-14626 CVE-2017-14625 CVE-2017-14624 CVE-2017-14532 CVE-2017-14505 CVE-2017-14400 CVE-2017-14341 CVE-2017-14249 CVE-2017-14175 CVE-2017-14174 CVE-2017-14173 CVE-2017-14172 CVE-2017-14060 CVE-2017-13768 CVE-2017-13658 CVE-2017-13145 CVE-2017-13142 CVE-2017-13133 CVE-2017-12875 CVE-2017-12693 CVE-2017-12692 CVE-2017-12691 CVE-2017-12674 CVE-2017-12670 CVE-2017-12643 CVE-2017-12587 CVE-2017-12563 CVE-2017-12435 CVE-2017-12432 CVE-2017-12430 CVE-2017-12140 CVE-2017-11537 CVE-2017-11523 CVE-2017-11446 CVE-2017-1000476 CVE-2017-1000445 * Numerous security vulnerabilities were fixed in Imagemagick. Various memory handling problems and cases of missing or incomplete input sanitising may result in denial of service and memory or CPU exhaustion. Checksums-Sha1: ae89777114b7864fcff2406464753828178b7eca 4379 imagemagick_6.8.9.9-5+deb8u16.dsc be96ba94f8f6af809319bfa4a8227a976702f416 308224 imagemagick_6.8.9.9-5+deb8u16.debian.tar.xz 6e4bf0a7b2dc0931e32f2deab3832251a151ddfb 155298 imagemagick-common_6.8.9.9-5+deb8u16_all.deb 2f6b73500482bb438276da0a1c235a82aca8adac 7653154 imagemagick-doc_6.8.9.9-5+deb8u16_all.deb b69d23390ff0501779b9930753e3bc2ac105d81a 173394 libmagickcore-6-headers_6.8.9.9-5+deb8u16_all.deb f5613b61a226b66b51026976293219e5ccc02c1f 136426 libmagickwand-6-headers_6.8.9.9-5+deb8u16_all.deb 68bb2e43ca0032fbb914b932315dad7ecf467c7c 172024 libmagick++-6-headers_6.8.9.9-5+deb8u16_all.deb 8111d05172cfa7dffc7d8b2c9d519efc51a41052 161350 imagemagick_6.8.9.9-5+deb8u16_amd64.deb 8f6c180f10e4f9127e676200ea5c2aefc59c0827 179872 libimage-magick
Accepted librecad 2.0.4-1+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 05 May 2019 21:00:57 +0200 Source: librecad Binary: librecad librecad-data Architecture: source amd64 all Version: 2.0.4-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Science Maintainers Changed-By: Markus Koschany Description: librecad - Computer-aided design (CAD) system librecad-data - Computer-aided design (CAD) system -- shared files Changes: librecad (2.0.4-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19105: A vulnerability was found in LibreCAD, a computer-aided design system, which could be exploited to crash the application or cause other unspecified impact when opening a specially crafted file. Checksums-Sha1: 7ab1ee45042d723594c9c44016236d81d0298d8d 2411 librecad_2.0.4-1+deb8u1.dsc 6bdbe442c7693e402ff8bc432d4ec3c49757704f 15526362 librecad_2.0.4.orig.tar.gz ba4f163d649370075d9d0911155a4f2898f8284f 6284 librecad_2.0.4-1+deb8u1.debian.tar.xz 2555f61a263f932351818cb3505d5b94fa6f5161 2081864 librecad_2.0.4-1+deb8u1_amd64.deb c4c0e39fe4d69ce80afdacec5542df294493285b 6565002 librecad-data_2.0.4-1+deb8u1_all.deb Checksums-Sha256: 4d187ae8ef5635eb48d935667da846567faadc264d672a86300c77f7d8679524 2411 librecad_2.0.4-1+deb8u1.dsc e3d3f65a4510f1bb0d2b94e9917fa16c3f6425cf8e18d233857997e4e13d22f7 15526362 librecad_2.0.4.orig.tar.gz c72e0a524ee89bfd5d7dd09a23665838689b841e3d974db369d55b29ba041641 6284 librecad_2.0.4-1+deb8u1.debian.tar.xz e234e4317915f3d950268a268041d998953a77104b92ef66d3a471f43d672351 2081864 librecad_2.0.4-1+deb8u1_amd64.deb e498b8759d7993432d5d9061713cf609f53c8d72fe55ec8879960c542be8136d 6565002 librecad-data_2.0.4-1+deb8u1_all.deb Files: 4bc61aef5f61fb079f24bbf1fc4132ff 2411 graphics optional librecad_2.0.4-1+deb8u1.dsc 1feedc76e882aee8668de9bd92a56a54 15526362 graphics optional librecad_2.0.4.orig.tar.gz c218a6b0f31890904c3e75c72cabcdcb 6284 graphics optional librecad_2.0.4-1+deb8u1.debian.tar.xz 81c9e7b0dcd705ba568d2ee59207c137 2081864 graphics optional librecad_2.0.4-1+deb8u1_amd64.deb 1cb662a529b82f2d5d1b518dae3761cd 6565002 graphics optional librecad-data_2.0.4-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzPPbNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hka9QP/0hWFs4c/hGjPvae296KUNjpjBHbySs+phaW vXYuUaRVH1bjd8lFaiJRitPmfYzx0gtLswmIhMrZhtqIyQB6s7a3AMRxvbm/K7Lp s7hxaSKoigvjBGFxy6euATeTwsRZaJQD66TF59XnG2Kt6oBJUydBKKju6XPRJDZL LQnY/P2YaKD9ihE7J53vwg3GjrawggFuRRAyYRft6+GcvJ1FMr4FjnICL4iBnoNh /6LfHEyfdW2fOAXqqXoTMdBPrbmccguZoXqKdBLCuleHRz+dzMuBM3pKUI1UlzoH LFnkzVTbYM3tDxPZ6hl8hWf1s9vFqkf+VEOilhELwNz70PF6Y32WmTXCc8TzXEGX D20rYWXg+2ZVLm72FBOJLX/FmttY6mwPGIn8aS8cG62oHNhYNpNTExNT4wM4ucr0 xeU/pnPZ44Fs/uHDu7sSAcSnqfc2E00DIwLnwKOSEXbbi9uMfYPMMSxanwvuXsPm aHNWwx1FpnW4KR61plQmVBKJbeYjgQ4VHQtyGgBDEFl9GPDB+nb/r6SE5qmygqz7 /127Yjwefco/TEyapI0n0i3wYjBpxRmtKFXOKK0WdLwZBahF8HRd6+1SXeWBoh+I LFEy6sQsXApm0rT/aSHsscrNoHfAeG1K3/xroCU8AhvqrL2tdEJV3vLCtAyAbnrp yVaX1C8W =nY6l -END PGP SIGNATURE-
Accepted phpbb3 3.0.12-5+deb8u3 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 May 2019 20:53:53 +0200 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.12-5+deb8u3 Distribution: jessie-security Urgency: high Maintainer: phpBB packaging team Changed-By: Markus Koschany Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Changes: phpbb3 (3.0.12-5+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-9826: Colin Snover discovered a denial-of-service vulnerability in phpBB3, a full-featured web forum. Previous versions allowed users to run searches that might result in long execution times and load on larger boards when using the fulltext native search engine. To combat this, further restrictions were introduced on search queries. Checksums-Sha1: d17c3db726271386c7d30413d17e94f7d4535aae 15560 phpbb3_3.0.12-5+deb8u3.dsc b66e1d6e22965b997fb5fc668eb4080d300a4cf0 98884 phpbb3_3.0.12-5+deb8u3.debian.tar.xz 10594bd62ce7d511098bea36fdd074c95de56097 1510120 phpbb3_3.0.12-5+deb8u3_all.deb 2cb7f89875836db009fecedfd46ad6fce3269dea 5741744 phpbb3-l10n_3.0.12-5+deb8u3_all.deb Checksums-Sha256: 284647888faf4c063de7ce575216e09c21ae7f45e0c3bf645d847dc1147ab6cc 15560 phpbb3_3.0.12-5+deb8u3.dsc b4a16f456c3eb3c5a9550294e72333210cb64aa9c08ef01d60fba13c0f636798 98884 phpbb3_3.0.12-5+deb8u3.debian.tar.xz badd2f28f77898012f303851a9976ac1f3153850f34d7543f2ab725e3a6e0c47 1510120 phpbb3_3.0.12-5+deb8u3_all.deb 92ccb339c4f1089dc271c919cab245e2d12af728e2fd05c18815d8d97ac6b870 5741744 phpbb3-l10n_3.0.12-5+deb8u3_all.deb Files: 8d704ff30039fbf55c5c2b9d5874a0cb 15560 web optional phpbb3_3.0.12-5+deb8u3.dsc a1a39ee7c762a006849ee7bafa1da63d 98884 web optional phpbb3_3.0.12-5+deb8u3.debian.tar.xz e7ee85f81bec2c401264e46e7433f4a5 1510120 web optional phpbb3_3.0.12-5+deb8u3_all.deb 550dcf84148f2d32f1f83c199c3b3650 5741744 localization optional phpbb3-l10n_3.0.12-5+deb8u3_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzNbnpfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkmf8P+gJ7tguzbD9bIImxopyVivT/QxH0S8PaHFRH ymVWOyhuZ04uvKzPVIL4/qIQ4o3xyXtmIg5n0swiUg+StDLn8dNpY4BsjGON1q13 KVVKhLOmMzLpCcFvW2pi/8d40/OOoPsivryJFPsLhyZmQ5pOBGEVfh2qqet9DyFt j4qaWz1LM/PSEiyiG2Y5dMjflqfE36EeUGumnA/81PNnjZLati4kSuzVobt4yHgJ enYUQebknmX2OajcxFHWlKP6m6BDl+sjnm2dE0VCGhioS2e8SFXskUR3R18WnFNe uFkid0yh2nc/6QpsoI/lwQxcs13LHcdfNPrMQjIdNiJFVAblRuqTnEfNK/WZSZX8 ZZy0P+jb+zvlSHM83KT1Ern8jUogHrgVj8hrMnyiFGzQJjsuWWGsI6YbULsUflxU CuHMg0AM29frIzlI+OyYIavUfaWw7If4PQAUL84tYLsuz8lACD4gLx4y05RAJ5F1 faVsGS7Ns2psigTpp0fbJNAMjA6BOiCckOuxZMsA/7zIHqSAQtTO7sfmPoYXjKpu DwOP6AWVGhJpJBY3Q5NG+/U5VvXqzQiLKhMlcDknrbmLIm3TYn3JPJMvkM9m3ymf OvMOeYnaW57iopOI8+1Xlvhju/E1K+pGbVz1KqbzgXo7fDCLt4cjIDuNYUvCbSJM gYFh7jrE =e0u3 -END PGP SIGNATURE-
Accepted otrs2 3.3.18-1+deb8u9 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 03 May 2019 10:37:13 +0200 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi Changed-By: Markus Koschany Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-9892: An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem. Checksums-Sha1: a87fcb7e5c64647e9bdef8ce63458c4062867c34 1971 otrs2_3.3.18-1+deb8u9.dsc 2b07d4252865dcc789b08be3ab158433e65e507e 49120 otrs2_3.3.18-1+deb8u9.debian.tar.xz 57ef579f038d15985c0c03fff01648db0dad70e5 5683504 otrs2_3.3.18-1+deb8u9_all.deb b4f98aee726be08f875705d33e53e9d02224bde1 189862 otrs_3.3.18-1+deb8u9_all.deb Checksums-Sha256: 8e0f4496a963d3f871cbb2d8103307d10c84f8364c3d85da2af633e9f08a27cf 1971 otrs2_3.3.18-1+deb8u9.dsc 19b4b0f25a62166ef9394786c9c0fe314ca69d8998d55e96d3c03b64a2d7eab8 49120 otrs2_3.3.18-1+deb8u9.debian.tar.xz bcb4b9c884b39992f99184a899d342c7ca58ffa209c3461c5907f0b08d3c9b07 5683504 otrs2_3.3.18-1+deb8u9_all.deb ed7c325536df0f5ff4286ec6c2347f092ecaedf14fbe3de524299a54bb7c8840 189862 otrs_3.3.18-1+deb8u9_all.deb Files: 7be9c667e92a672edadc59678ee6a9cc 1971 web optional otrs2_3.3.18-1+deb8u9.dsc 7b4fc48a156f614ff7bbb00757da839c 49120 web optional otrs2_3.3.18-1+deb8u9.debian.tar.xz ed7d658bc63a8f279790f3864fd83e80 5683504 web optional otrs2_3.3.18-1+deb8u9_all.deb 4dd730b67997b206ccff36f4ec920167 189862 web optional otrs_3.3.18-1+deb8u9_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzMBOBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkvjcP/jccIggki0YlB9560D8TaEeZ0MC4gh4BCC2X No9A2TI/tsfAw6FKRFjkZG8Fo2UZb1PepNPIfXect1XtuFHy0szSLgDcbNvNJgxy hHHr964+kH4Ofgf+kJbgdGA0PQPtMpUUnQz7q6JyHVck1CS4DvnEE569McVKT7n2 IcNm2bgBGjrZ//bbf4cf07okiGaepWfb5y0xeQISnsihI5+JDnHJkHFBlST048EU JZsR4+bfXdFaZ1PjHk2bok1vTMH4vbzPtl7A0TohSwMNR47RG5tUM+gIYeww9hib 5QNqE5jKIm7lofeuNR2TEtBowMfL8hsqTJAFowP2z94M3+ud6TqTdlv6ogxTeMuk V1PI//2khphSi/ZzA3HJo9cg0LXJ9Mar8CAXvlnaEYMHB71w/wYm1fCrqloe4g9H igqJAEdlRkg83QsuyKEdOcVHiKUO8oD/QiEm7nOXbUFTeCOXQaR2P2OQ3gmw+WBL 7enT3vlTpOtegcNq2ljRIjhfAcInbXa1ey1Nuy9Ymhe0u2dTl/r5ls4G/+TIXdaV mLKGJW+ZGT/0JYk9Q7rlG+qnCiRY6nUDybijabG99CeTtxQ7/Qv6kRSJksoirY20 C/chu8PVE6BGzFhjhHlajHZrg9Er7LeTtV49prJiyS4isjCAEh3rz/Du5sOCXS2w 6x/wQWb5 =SV4X -END PGP SIGNATURE-
Accepted signing-party 1.1.10-3+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 May 2019 17:55:51 +0200 Source: signing-party Binary: signing-party Architecture: source amd64 Version: 1.1.10-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Guilhem Moulin Changed-By: Markus Koschany Description: signing-party - Various OpenPGP related tools Changes: signing-party (1.1.10-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * gpg-key2ps: Security fix for CVE-2019-11627: unsafe shell call enabling shell injection via a User ID. Use Perl's (core) module Encode.pm instead of shelling out to `iconv`. Checksums-Sha1: cf66b7fe22bba56448eb319dca8b7b7b481da391 2216 signing-party_1.1.10-3+deb8u1.dsc 909182aaadc2e6e7bd1edefb3722b7b97c9abd86 228577 signing-party_1.1.10.orig.tar.gz 03bd4f225ae2a8d70490c0793b13e4ba7ae16b95 17344 signing-party_1.1.10-3+deb8u1.debian.tar.xz 46c6a4f5106d88e7cac74224c2d0ae53a5a11411 159098 signing-party_1.1.10-3+deb8u1_amd64.deb Checksums-Sha256: 62536bc8f88c0ded20cd90499576a85caf731a95b33ad4763d2823416e8c8043 2216 signing-party_1.1.10-3+deb8u1.dsc b8d6fca8b7a64938436b3d825052513d9b22317241d134707ec5d1d48c0642fd 228577 signing-party_1.1.10.orig.tar.gz c4a334bb5c11bb41564c0bbee844ba5b36141ab3940affe50604859d393f1b9e 17344 signing-party_1.1.10-3+deb8u1.debian.tar.xz a26dd54002d69f2ed4fbb8cce1115f4e4e9cd3b254aa1cb11677ff8fc6ca 159098 signing-party_1.1.10-3+deb8u1_amd64.deb Files: ba7428f6b22fb87974782f38aa7820c4 2216 misc extra signing-party_1.1.10-3+deb8u1.dsc 2f8a5b706bbfd53c45d82e176bc2a894 228577 misc extra signing-party_1.1.10.orig.tar.gz 3bc0d37dd6a56a3bbe4b292db03cfe10 17344 misc extra signing-party_1.1.10-3+deb8u1.debian.tar.xz ee6b957f75d52bdc86b5c614415d2536 159098 misc extra signing-party_1.1.10-3+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzJwu1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkWTUP/12MH8Ad8RkSp5vOZgqftMXp+z+sYKyPfeRL +ReoerJjxXeliayorJL/gTUXMeP7FbdRpSLD/sKehQk6eGkXTOMpqm/JjCungMDQ kfqacpAteilZmL1uMN9SLV32fALmC1qBvf2asmh/Wn33abcEDDeiCH7L5lcnI2CM QSJapgwrTkYtxcglRxBT9ZUotjzF1vOAHce2fUDhLVBg+o11Bq2Rps8EYFMZGWcq eJEoLXndNuHGVbs9bDA9snS4/oFZo9y6UFKexSBge3eOBcFChWXyqtN8T9OzFNJI wgo6Jm/CLam1WbpS+dJS/NNjW5Ys8AVoZHEFIuU+JMZtsCUpDL4us8cx7yfv+oHe EmApw/SxD4QWDoheeSk7cc7lOhJHCMNw8akdF8n1MG29s68uSILGHFYA8SAp6WRJ nE+GjhnRCQgZAZZVkPLih07QpOAgUrVVyQGewU+K60X2YR6/jF1KXx48xtc3/o6J a4kn0PHKVDQq+1JaKUcVPqeO0wrOVECsoPBMYiyEmnb+SR5j3XAS41FG6KBvrdNx V9xLhzOnC1VVl1Er2Kn1gfydeT6qnK2zXDof0cMSKXKO1gGQH15iR+NZSCMNpH18 hgdKc0CDtNqI/u9D7HxKGaNMNG0l1RW4WcbtD1vMj1C7foFMTWDFxbpGcjtMTQ2E +u4pbUhS =YWvd -END PGP SIGNATURE-
Accepted proftpd-dfsg 1.3.5e+r1.3.5-2+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 01 May 2019 15:39:43 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5e+r1.3.5-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: ProFTPD Maintainance Team Changed-By: Markus Koschany Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 926719 Changes: proftpd-dfsg (1.3.5e+r1.3.5-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Revert to upstream version 1.3.5 and backport the fixes for all memory leaks separately. This will fix two regressions present in newer upstream versions like 1.3.5e or 1.3.6. (Closes: #926719) Checksums-Sha1: 50d9f33cf92fa3fe048b3de2acc45fef7d1247f9 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.dsc 7eef9570efe6c82c47b76163162432b9ba37f81d 7432816 proftpd-dfsg_1.3.5e+r1.3.5.orig.tar.gz f0d411b11f2bc50db089e33cf27ea61953be8a24 95860 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.debian.tar.xz edf1d166b8c99c82f34582dedf51bba3634b6399 2460132 proftpd-basic_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 20fca3ee7f382812b28c3a47ee016f6a41cee790 961220 proftpd-dev_1.3.5e+r1.3.5-2+deb8u1_amd64.deb fad021747bf8cac70be0d261a98182f055177a4b 476532 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 40a8163c57e8f9d7da2f35decd088adb4d255811 476122 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 24c276ae3a506a328ddaeb34b14da27915d97f8c 484286 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 497409a62ce103722f08a20dba0a151263298d89 477470 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u1_amd64.deb aaafdc02ced4fcf8ff52608920de017e23f79889 475562 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 1cf92dcc8d43dbe18bb0ce70bc26e82a110b4f54 477186 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 1d4cec450fd8dc6f5784062bca89609846ae4d57 948624 proftpd-doc_1.3.5e+r1.3.5-2+deb8u1_all.deb Checksums-Sha256: 360ebbdad3ae2cff446c99c26554a71cecd1e8695beccb0b589fa9977f56a142 2985 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.dsc 8ac3104658b9ce7cf308d9abc3d4b38168f0a7fdc25c1d88c565dedf319ba287 7432816 proftpd-dfsg_1.3.5e+r1.3.5.orig.tar.gz 10602ef5bd5b7cc95c2446df9c07eea1b2497aaefe8c1235661aa8e409cca275 95860 proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.debian.tar.xz 8f50caa959b0e887d47ea1347cb7ade9affc74d4003a04574397a2526ab5b996 2460132 proftpd-basic_1.3.5e+r1.3.5-2+deb8u1_amd64.deb eb865b03f8d1162857321333c0723f465827a5503cc5a1206595ba4598a6d9bd 961220 proftpd-dev_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 63f06975a0644b22791ccbefc92803dc1911b08127aa9869258f50bb9b28be23 476532 proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb af887430e8ddc62d41bcf95607620cdfecf36a9d820f2d5d93ae1c2a1c8cc9e2 476122 proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 937c5395b97909018ee6fbed385af46259fa356d7b2e1a25efaa5903c898 484286 proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 773335d6a2a109988b69142e911c2c54bcad5aa875631376663fc0ef5ad30b95 477470 proftpd-mod-odbc_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 71cb4a8d2c7e02ac7e3950a007e9819424f4c8d2baea8b5a7415cb1cd1c8bf15 475562 proftpd-mod-sqlite_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 45e4930c27d0501282f0597bbc3a2b7d458f2270799f644ce45fd3d221f67c54 477186 proftpd-mod-geoip_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 48a0f01137d8c526ec4ef2c1cb45086888ee80974103b10eb8ce802b6172861c 948624 proftpd-doc_1.3.5e+r1.3.5-2+deb8u1_all.deb Files: 9c7be47d0d9c16265dc736cc893f7c1c 2985 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.dsc dd7b56fbba49bd47dc1eb5344c6a7ef8 7432816 net optional proftpd-dfsg_1.3.5e+r1.3.5.orig.tar.gz a7c2cd475fa398472793f11236ea6df9 95860 net optional proftpd-dfsg_1.3.5e+r1.3.5-2+deb8u1.debian.tar.xz 4d7fc58cf61aa5ffdeebd607bf61d4e6 2460132 net optional proftpd-basic_1.3.5e+r1.3.5-2+deb8u1_amd64.deb fb15269fccb365fc6fd442ec7f1b2a78 961220 net optional proftpd-dev_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 758bcd37bf104c9a5f71d192b8b1b2ed 476532 net optional proftpd-mod-mysql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 6df568780b9c824d3ba15bb0f12b5548 476122 net optional proftpd-mod-pgsql_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 6cb175c7ef1944122c019597e5d0d5e2 484286 net optional proftpd-mod-ldap_1.3.5e+r1.3.5-2+deb8u1_amd64.deb 928bb68f96b8e1d4162cc96001669772 477470 net
Accepted graphicsmagick 1.3.20-3+deb8u6 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2019 23:25:51 +0200 Source: graphicsmagick Binary: graphicsmagick libgraphicsmagick3 libgraphicsmagick1-dev libgraphicsmagick++3 libgraphicsmagick++1-dev libgraphics-magick-perl graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat graphicsmagick-dbg Architecture: source amd64 all Version: 1.3.20-3+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Markus Koschany Description: graphicsmagick - collection of image processing tools graphicsmagick-dbg - format-independent image processing - debugging symbols graphicsmagick-imagemagick-compat - image processing tools providing ImageMagick interface graphicsmagick-libmagick-dev-compat - image processing libraries providing ImageMagick interface libgraphics-magick-perl - format-independent image processing - perl interface libgraphicsmagick++1-dev - format-independent image processing - C++ development files libgraphicsmagick++3 - format-independent image processing - C++ shared library libgraphicsmagick1-dev - format-independent image processing - C development files libgraphicsmagick3 - format-independent image processing - C shared library Changes: graphicsmagick (1.3.20-3+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2017-10799: When GraphicsMagick processes a DPX image (with metadata indicating a large width), a denial of service (OOM) can occur in ReadDPXImage(). * CVE-2019-11006: In GraphicsMagick exists a heap-based buffer over-read in the function ReadMIFFImage which allows attackers to cause a denial of service or information disclosure via an RLE packet. * CVE-2019-11007: In GraphicsMagick there is a heap-based buffer over-read in the ReadMNGImage function which allows attackers to cause a denial of service or information disclosure via an image colormap. * CVE-2019-11008: In GraphicsMagick there is a heap-based buffer overflow in the function WriteXWDImage which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. * CVE-2019-11009: In GraphicsMagick there is a heap-based buffer over-read in the function ReadXWDImage which allows attackers to cause a denial of service or information disclosure via a crafted image file. * CVE-2019-11010: In GraphicsMagick there is a memory leak in the function ReadMPCImage which allows attackers to cause a denial of service via a crafted image file. Checksums-Sha1: 4045df98b71cfc8795fbc35d4a119cda29f35219 2985 graphicsmagick_1.3.20-3+deb8u6.dsc 9e81850b3c7a56ddff4a007f61aebf9e8f398718 215852 graphicsmagick_1.3.20-3+deb8u6.debian.tar.xz 23a27de02707dadbcd316cc222358f2b1e659d93 796868 graphicsmagick_1.3.20-3+deb8u6_amd64.deb 70ac4618418292a2c22ad95d955d3f3a8df13577 1108746 libgraphicsmagick3_1.3.20-3+deb8u6_amd64.deb 3f61b44d7feba893ed74c7c5826510f14884c167 1295518 libgraphicsmagick1-dev_1.3.20-3+deb8u6_amd64.deb 28fb3f5782c6b940c2ed3de6e110e9a7e5e7e153 119590 libgraphicsmagick++3_1.3.20-3+deb8u6_amd64.deb 7e35d833fa772c914c4c8424faf12b2fdebb6243 302090 libgraphicsmagick++1-dev_1.3.20-3+deb8u6_amd64.deb badf73e85eef99b0714d61f40cd5f86a4e70b111 77458 libgraphics-magick-perl_1.3.20-3+deb8u6_amd64.deb 1de9fac831083f7bee4fe1d721cd17dbf881 2224266 graphicsmagick-dbg_1.3.20-3+deb8u6_amd64.deb 60304117bc6285ed1cee3f35ab4f6aae8cabed30 29606 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u6_all.deb f7336ae41719396af7a957ecee2cabb36efec31f 33056 graphicsmagick-libmagick-dev-compat_1.3.20-3+deb8u6_all.deb Checksums-Sha256: 195a0d7c4d0e21d0d2e8f556af06403217698bab08e0c00d7c63de0d4cad1d52 2985 graphicsmagick_1.3.20-3+deb8u6.dsc 299065d2f01dd3547f4e7202df13079daa33cba0ab6c570a56b6cc538d9d4372 215852 graphicsmagick_1.3.20-3+deb8u6.debian.tar.xz 29b0ccb014cc023722686e1bb6d639a51421ecb56a9711265effd0dd5b509891 796868 graphicsmagick_1.3.20-3+deb8u6_amd64.deb 794dcbb227cff2b7b5e56c30a5c14fb417b7daea403dccb57f3e43a7a0c8664e 1108746 libgraphicsmagick3_1.3.20-3+deb8u6_amd64.deb 1bba03b2cc2b1557f3cf74667b2df8a952dceb29df665229de1909a444cd2260 1295518 libgraphicsmagick1-dev_1.3.20-3+deb8u6_amd64.deb 6f686829a3b9a5137865e04132467d3709914447fdfa108c0e003744e359b904 119590 libgraphicsmagick++3_1.3.20-3+deb8u6_amd64.deb f1b2a1e0ecfd7605bd42d9b60d14c7cdf6f8623d9698cd0f696354fe0e1eb442 302090 libgraphicsmagick++1-dev_1.3.20-3+deb8u6_amd64.deb b50279d6cadbef90fe67430a86736b14daaa03f3b5877f0a241caf5b32b07542 77458 libgraphics-magick-perl_1.3.20-3+deb8u6_amd64.deb 8bf419c06c9cc13df3c889c42d0e24347259e23f4884f9e4ff622e295a425b41 2224266 graphicsmagick-dbg_1.3.20-3+deb8u6_amd64.deb 2eb131de490bf9807b6579228c3609f099fbd09f93cafdaefa5abb2bed55772b 29606 graphicsmagick-imagemagick-compat_1.3.20-3+deb8u6_all.deb
Accepted jasper 1.900.1-debian1-2.4+deb8u6 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 13 Apr 2019 20:36:54 +0200 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.4+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge Changed-By: Markus Koschany Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Improve CVE-2018-19542.patch: The original fix introduced a regression which could break support for valid jp2 files. Checksums-Sha1: acea13b9f70395f206689f778f9796eb250106d4 2120 jasper_1.900.1-debian1-2.4+deb8u6.dsc d0dabe29f3844869e9a98b5ec51b60ef2f417028 40280 jasper_1.900.1-debian1-2.4+deb8u6.debian.tar.xz e6c35f40d10300e364ad4452cf1170adbc7bc4e0 135072 libjasper1_1.900.1-debian1-2.4+deb8u6_amd64.deb df5767017ec0ba1049269022779b073c497bc65d 525618 libjasper-dev_1.900.1-debian1-2.4+deb8u6_amd64.deb f4b23e691a41878c7aca04b128043c7b33e2dcfa 23830 libjasper-runtime_1.900.1-debian1-2.4+deb8u6_amd64.deb Checksums-Sha256: 4b184dd7f8691c356cb7168f3886b543c0743ba8620681c95e57251bb4fa9dc7 2120 jasper_1.900.1-debian1-2.4+deb8u6.dsc 8848691c4284c0927e5393233a8f66d6b82732243d36765ab9a7d6216aa5680f 40280 jasper_1.900.1-debian1-2.4+deb8u6.debian.tar.xz 06aa81df186c92c0d84add94053bc7d0665fba076486315e84c6b2b3932e4fc8 135072 libjasper1_1.900.1-debian1-2.4+deb8u6_amd64.deb b39b90c6556372d8adfd5598979cf902125b153aa7eaea09a8f3bd721f6974db 525618 libjasper-dev_1.900.1-debian1-2.4+deb8u6_amd64.deb f4cbb5f6cddc4b76d4370db7b03e998eb8082b58ffcfcd924d436cd879700426 23830 libjasper-runtime_1.900.1-debian1-2.4+deb8u6_amd64.deb Files: ad179abebc0b1b17fb5aa99572061955 2120 graphics optional jasper_1.900.1-debian1-2.4+deb8u6.dsc 9067e73913c1287c727ad64e5c368821 40280 graphics optional jasper_1.900.1-debian1-2.4+deb8u6.debian.tar.xz 401b03d61c07f8213f2daada0a691223 135072 libs optional libjasper1_1.900.1-debian1-2.4+deb8u6_amd64.deb a0478353c137ce8d7aca44544e0faa61 525618 libdevel optional libjasper-dev_1.900.1-debian1-2.4+deb8u6_amd64.deb c9e1077da7beceea6bcadae87432816c 23830 graphics optional libjasper-runtime_1.900.1-debian1-2.4+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyyLRdfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkC0QP/Rz8FLgIRS/WQPk9r/Iwov39YWR3fhCTB3vP q8LCvKohYEhDpAkLKbyfLKxH8Tqc0xMfSuJ8/cR9NdmGwtnDmGIpAJq89RfWwY0Q bcMfMS4QK+YjZ1wpf1IvN8fxzTgZzFl8ZGy4hbAPPPzQQpIhu3a5tbtr97HpjC5+ qYkdGRLTCBSFarVAN7yUTdsIkkc8Thddqw6Lq7H6wYA4BIWQWu/jo+ASx2mahxMO /74VqSrvowa9ZsbRL8Ugjz+i/oE8l5TFaGlfmnTrx5sEmqlMqJLkgfsnFRZETmQ7 O7N/qmbuxzQYXsH6vOXcme6P3FW+k68IdmA0KIOYraFZkeTXMls5iK+tweismo8g kXm8m5EWaV/2s9LBYEE6PhGbU7gSrhkSg/eW7MhkMDHRFGlWyTi6QELu8YILtT0H 3HdU9yxybigWWM7afxfsK4St5r5ao9wSphGQ0T7C2sT2yytI57dXGSyiezuebPBs Gys/yOUe0ixNaypB7CD/kGk4gzKRF4fiD9PFKsj5gOoUMOFvcTNk22K3xVzXGTVm +fhs/QwH4uctYoTwdVMbOURxWCPWRKP+hrimrJn7iBFiUMSno5yYDa42oyMw82MU vSrp2xJMqE99rctNfoMu3/6MFfKhpAYUrgnZSC93TKC483KBUd+GpaihzLt5H/mr GOswhEg2 =YyKr -END PGP SIGNATURE-
Accepted proftpd-dfsg 1.3.5e-0+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 08 Apr 2019 21:30:59 +0200 Source: proftpd-dfsg Binary: proftpd-basic proftpd-dev proftpd-doc proftpd-mod-mysql proftpd-mod-pgsql proftpd-mod-ldap proftpd-mod-odbc proftpd-mod-sqlite proftpd-mod-geoip Architecture: source amd64 all Version: 1.3.5e-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: ProFTPD Maintainance Team Changed-By: Markus Koschany Description: proftpd-basic - Versatile, virtual-hosting FTP daemon - binaries proftpd-dev - Versatile, virtual-hosting FTP daemon - development files proftpd-doc - Versatile, virtual-hosting FTP daemon - documentation proftpd-mod-geoip - Versatile, virtual-hosting FTP daemon - GeoIP module proftpd-mod-ldap - Versatile, virtual-hosting FTP daemon - LDAP module proftpd-mod-mysql - Versatile, virtual-hosting FTP daemon - MySQL module proftpd-mod-odbc - Versatile, virtual-hosting FTP daemon - ODBC module proftpd-mod-pgsql - Versatile, virtual-hosting FTP daemon - PostgreSQL module proftpd-mod-sqlite - Versatile, virtual-hosting FTP daemon - SQLite3 module Closes: 923926 Changes: proftpd-dfsg (1.3.5e-0+deb8u1) jessie-security; urgency=high . * New upstream version 1.3.5e. This upstream release fixes several memory leaks when mod_facl or mod_sftp is used which could lead to memory exhaustion and a denial-of-service. (Closes: #923926). * Rebase odbc patch for new release. * Remove CVE security patches. They were applied by upstream. Checksums-Sha1: 5c1029cfbe36158b39de200c771c79c0b60ee753 2939 proftpd-dfsg_1.3.5e-0+deb8u1.dsc 44f940007798a7c1b3693cd282ad63841e3f30ef 29823478 proftpd-dfsg_1.3.5e.orig.tar.gz a796e98968d80c59732629f1afd9198dde7bb584 82660 proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 8bb561aeb3f98ff0aef9ebb869b2299d7c960759 2432872 proftpd-basic_1.3.5e-0+deb8u1_amd64.deb 28766eaa0d00087017c61d6d34f89ec94196ab2f 931634 proftpd-dev_1.3.5e-0+deb8u1_amd64.deb 66639d6549cfd15b1f0c8d96fba8c236d9a6a80a 447438 proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb 62f0f8fafb12577b38ce0b83c82402eda336b233 447004 proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb dacfb19c38ac88507ed05de78c34a159cf991b68 455186 proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 92878d529517afc42751ece79f3d68b3efe19010 448342 proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb 182a3a97c7cf94623f2a367e45c789549fe590f4 446716 proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb 2e1259ce67fb5af67e737de3450fd830c003ac15 448182 proftpd-mod-geoip_1.3.5e-0+deb8u1_amd64.deb 497467afd76e627d03142bb1e175f1a0ada9df01 1595052 proftpd-doc_1.3.5e-0+deb8u1_all.deb Checksums-Sha256: 765c75f38cb350e179b6c8846ed1f88a8c1c36309143c054c3ea8ff24bac5f3c 2939 proftpd-dfsg_1.3.5e-0+deb8u1.dsc e826b81213d7b1b86182169c46616cf6036f5edb5732331a6a3d3444a7e58f50 29823478 proftpd-dfsg_1.3.5e.orig.tar.gz f89bccffe228d89120e4d29155489519842445cd92c27afb76dcee548881e7ed 82660 proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 5b08f0684d96bef58bf19c08b5b13f00291cedbee067d6a0ba9da91942af13ee 2432872 proftpd-basic_1.3.5e-0+deb8u1_amd64.deb 7556fc1bf3307d42d18d6ce009070d0c31b8f5c13f429751d0b7d90f74f6baeb 931634 proftpd-dev_1.3.5e-0+deb8u1_amd64.deb dc7ec86b179ebe6e8cc0a9f77a18e01a53773238753d38811611d539d8e04e97 447438 proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb 420cc3df09503cdbb5d6c2fa47a8da14850e916392b441df7f333ee018fde094 447004 proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb 26a509e7546739151eb36f58adec6b883e6dc41bd7d236dccfe38244c2b585c6 455186 proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 390d11f9dd56819a299119af2f35927f69da3f4c2a7e314d142594265c694b82 448342 proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb 10bb9023957fb5fc62cd55f0d1a3b95c0195b7f4f19c6863ff57d8061ea2097e 446716 proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb d940b2cc78161cfafe4bc603b39f813a6ea8b57ec793010c86120304d1d94ec3 448182 proftpd-mod-geoip_1.3.5e-0+deb8u1_amd64.deb 6be0440e37d136758732057d225e87651aae207a13a9f039a587f2909240ef39 1595052 proftpd-doc_1.3.5e-0+deb8u1_all.deb Files: 65201f22fb639b4fefd48e95e6314f0b 2939 net optional proftpd-dfsg_1.3.5e-0+deb8u1.dsc f5ef490395432802b1bdb0a782da7854 29823478 net optional proftpd-dfsg_1.3.5e.orig.tar.gz 1e65e268d308beeef087f43df2bda564 82660 net optional proftpd-dfsg_1.3.5e-0+deb8u1.debian.tar.xz 9f2bb6454b3173332de2339fc664efdb 2432872 net optional proftpd-basic_1.3.5e-0+deb8u1_amd64.deb d37b49876b2659709ba1c66652b3ffa3 931634 net optional proftpd-dev_1.3.5e-0+deb8u1_amd64.deb b732b0c1987347f23719db6f86a2f94f 447438 net optional proftpd-mod-mysql_1.3.5e-0+deb8u1_amd64.deb e954c7ab8a515bda62c2509adc8206e2 447004 net optional proftpd-mod-pgsql_1.3.5e-0+deb8u1_amd64.deb 09b863a04da398b24bd1ee1cce84dcd4 455186 net optional proftpd-mod-ldap_1.3.5e-0+deb8u1_amd64.deb 0eb38268abda1ba21a5d979c8384fdbd 448342 net optional proftpd-mod-odbc_1.3.5e-0+deb8u1_amd64.deb bfe71c70a2a6c7c5bd89122f39febe5c 446716 net optional proftpd-mod-sqlite_1.3.5e-0+deb8u1_amd64.deb
Accepted rails 2:4.1.8-1+deb8u5 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2019 14:51:17 +0200 Source: rails Binary: ruby-activesupport ruby-activesupport-2.3 ruby-activerecord ruby-activemodel ruby-actionview ruby-actionpack ruby-actionmailer ruby-railties ruby-rails rails Architecture: source all Version: 2:4.1.8-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Markus Koschany Description: rails - MVC ruby based framework geared for web application development ( ruby-actionmailer - email composition, delivery, and receiving framework (part of Rai ruby-actionpack - web-flow and rendering framework putting the VC in MVC (part of R ruby-actionview - framework for handling view template lookup and rendering (part o ruby-activemodel - toolkit for building modeling frameworks (part of Rails) ruby-activerecord - object-relational mapper framework (part of Rails) ruby-activesupport - Support and utility classes used by the Rails 4.1 framework ruby-activesupport-2.3 - transitional dummy package ruby-rails - MVC ruby based framework geared for web application development ruby-railties - tools for creating, working with, and running Rails applications Changes: rails (2:4.1.8-1+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-5418 and CVE-2019-5419: John Hawthorn of Github discovered a file content disclosure vulnerability in Rails, a ruby based web application framework. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. This vulnerability could also be exploited for a denial-of-service attack. Checksums-Sha1: aacbd738477d51cc6dd766c1167fc34265a354a2 2739 rails_4.1.8-1+deb8u5.dsc e9fbe2c3e499280296bdc5e9f281d5a1e9ef67dc 100644 rails_4.1.8-1+deb8u5.debian.tar.xz b8fa449728552455347a3d76a4466e425f04b4db 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb 5d018f6c7a4b79447db1190af505f82a37b17078 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 00708eebe4a6597130641fbe8b3d86e3840136f5 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb add1f7a8578316f7c5ad59c1852587646b1c90a2 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb ff9da4dbfe754099a28afd89c6a438e7c059056b 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb 18b5f1b03f61a32efb866dd0f1b8e4f645fd9183 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb 522a55b22e7df6cca5fe70610075cf87927ef7bc 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb e15aee3ac5d42bed416eea406838886eee292b9a 119070 ruby-railties_4.1.8-1+deb8u5_all.deb 8caf74e8adf47868053cae7cf3925cf32670760a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb c14516638ffb181ff7f3af3720a4c37f8434ec3d 11958 rails_4.1.8-1+deb8u5_all.deb Checksums-Sha256: 48509ca48a877ac37c262114bba00efb3e588cbe1b1ad3c0265fe95c58b6eabe 2739 rails_4.1.8-1+deb8u5.dsc 96863ef52afed3457f0994f9602c034599a9d3a3b1138f86f38e0b3574d98dce 100644 rails_4.1.8-1+deb8u5.debian.tar.xz 028b8cbca1f5170521a991042147278770de4a9620c2718b0e51e3e060ce1387 205300 ruby-activesupport_4.1.8-1+deb8u5_all.deb 981b08a90d5b2fb07851c1de584ab38bb71a0e145680e40562b6353d0d2e0095 11686 ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 9bfc1d0614af5631ce2c642752253decf3a5c64cde4e94b27d2e73b5956dc239 268062 ruby-activerecord_4.1.8-1+deb8u5_all.deb a480c8cc4fa0536b52c8670026b4bfa04f0ee9f0e318fef3eeb0f187c654b27c 48726 ruby-activemodel_4.1.8-1+deb8u5_all.deb c2c66aa2a07e8270f6864c04ec4bc0ea004fe7e50cb36d590a92663c85147b66 141328 ruby-actionview_4.1.8-1+deb8u5_all.deb d49584b34e04902fd306492c32e253b641fb38bbefdc0cfdf171fc5a44ae3d72 169746 ruby-actionpack_4.1.8-1+deb8u5_all.deb bca8f6eab2f8ef83eacb227ab68019faddac628ab72c9a738cfd62168355f5d8 31726 ruby-actionmailer_4.1.8-1+deb8u5_all.deb 9993d860279e7a22d51335f3f78084008494c71d5aae17dae86c4dafdb5a46d4 119070 ruby-railties_4.1.8-1+deb8u5_all.deb 4bc702eac204a928db415fa54117395d601caaa2e792ac4c9a6987f7b594263a 16792 ruby-rails_4.1.8-1+deb8u5_all.deb 151b12dcaa7a6a91b78077cab51c745ae1cf3593e72ac309633b587f10bdc83d 11958 rails_4.1.8-1+deb8u5_all.deb Files: 682bb8065bc8f6825996163c05a3eeef 2739 ruby optional rails_4.1.8-1+deb8u5.dsc 77a49b78a71883ebecf539a4bf925cf3 100644 ruby optional rails_4.1.8-1+deb8u5.debian.tar.xz 7419b98e34b2d614ac632a91a6b3f99a 205300 ruby optional ruby-activesupport_4.1.8-1+deb8u5_all.deb fb57e3c1219a3930823d6ee5eca51573 11686 ruby optional ruby-activesupport-2.3_4.1.8-1+deb8u5_all.deb 0c4666cb57b2d98530fa40f81c40b8f7 268062 ruby optional ruby-activerecord_4.1.8-1+deb8u5_all.deb feb0b6952b126b0080beb1dbe0fe5984 48726 ruby optional ruby-activemodel_4.1.8-1+deb8u5_all.deb 57d83d62cb85ffe55ab66452c47c7b97 141328 ruby optional ruby-actionview_4.1.8-1+deb8u5_all.deb 795adc5f555e18725d389199062b787a 169746 ruby optional ruby-actionpack_4.1.8-1+deb8u5_all.deb fff2d02ed2486287db39e66d3062a2ee 31726
Accepted gpsd 3.11-3+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 30 Mar 2019 14:56:55 +0100 Source: gpsd Binary: gpsd gpsd-dbg gpsd-clients python-gps libgps21 libgps-dev libqgpsmm21 libqgpsmm-dev Architecture: source amd64 Version: 3.11-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Bernd Zeimetz Changed-By: Markus Koschany Description: gpsd - Global Positioning System - daemon gpsd-clients - Global Positioning System - clients gpsd-dbg - Global Positioning System - debugging symbols libgps-dev - Global Positioning System - development files libgps21 - Global Positioning System - library libqgpsmm-dev - Global Positioning System - Qt wrapper for libgps (development) libqgpsmm21 - Global Positioning System - Qt wrapper for libgps python-gps - Global Positioning System - Python libraries Changes: gpsd (3.11-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-17937: A security vulnerability was discovered in gpsd, the Global Positioning System daemon. A stack-based buffer overflow may allow remote attackers to execute arbitrary code via traffic on port 2947/TCP or crafted JSON inputs. Checksums-Sha1: 8a0b7fc0f860118ae196cf6745bb63bd3c21c43c 2714 gpsd_3.11-3+deb8u1.dsc 9ba8a9bcf55f6d82b839cbddf3d9be64fdbfd06a 1579600 gpsd_3.11.orig.tar.gz f2733287b3cb384d4f191ccc04d46773b734706f 33080 gpsd_3.11-3+deb8u1.debian.tar.xz 53d80c765a8072f76a2649c9cedde52195304f1a 94938 gpsd_3.11-3+deb8u1_amd64.deb 1870f63d1e40675603652934e22c7ef13819a5ca 1335392 gpsd-dbg_3.11-3+deb8u1_amd64.deb e564f0785724cb3a55a1da6afbef76d85f375518 136754 gpsd-clients_3.11-3+deb8u1_amd64.deb 0c12ffbb863af36dd41ad9cd80bdea8b5882d617 96204 python-gps_3.11-3+deb8u1_amd64.deb 66b5b99de0791f6315ac129aa9b1a51bfeaed3ff 220726 libgps21_3.11-3+deb8u1_amd64.deb 226a7be64a51daecbe629c8162fd64a8c3cd2f34 132298 libgps-dev_3.11-3+deb8u1_amd64.deb 1e49b5fd7ce054c1c5f110a54be2ba29d244bd6b 91948 libqgpsmm21_3.11-3+deb8u1_amd64.deb 3fbbc14f56ad101625cfc5cb10c1960596275afb 43778 libqgpsmm-dev_3.11-3+deb8u1_amd64.deb Checksums-Sha256: 5f4ade5132e919e4030ddfc14e24c5c4ffb06ac447f84ef7febe9299ee328478 2714 gpsd_3.11-3+deb8u1.dsc ed66c6b6b1e2b4951de2c0b2399c22f77fe9f5927ef6b948dd8eb023ff53b7ee 1579600 gpsd_3.11.orig.tar.gz a615c97586ba6278eccf6ab2ccb20e7958fb05b7a666efc51e4288403d2453d1 33080 gpsd_3.11-3+deb8u1.debian.tar.xz a555fe24c3a60a1feecba3b21457b08d3367a779c3565903a2a71402745ed574 94938 gpsd_3.11-3+deb8u1_amd64.deb 4d6781631d660ed5bca4cd171b18e2de83f16a13df55fb6bb8426a9bf6ed4b16 1335392 gpsd-dbg_3.11-3+deb8u1_amd64.deb 162f4a114519b6d02eafdc984bb70bb5497b20338cedb44909494c549301f734 136754 gpsd-clients_3.11-3+deb8u1_amd64.deb 7b7369d1be850274560bc044b4841682de587732878fff0bd7eaa638c0be8cf2 96204 python-gps_3.11-3+deb8u1_amd64.deb f8a93798604688f65ecd56e4c7a43a20221c543dc1612ef38b75bcef08b9aa1b 220726 libgps21_3.11-3+deb8u1_amd64.deb 3ab97ed2e6241a3fda64d7cad45c2b676503590abcd2d9914874d9539119e627 132298 libgps-dev_3.11-3+deb8u1_amd64.deb a0bdf0282a5c3de0315e92d31dcc6e058e182a48017b2bbdb1615db230a93e75 91948 libqgpsmm21_3.11-3+deb8u1_amd64.deb a0f97a685346bc4a58d4d0bce23183a37b1ad374a6b00852b4481deda8f17da0 43778 libqgpsmm-dev_3.11-3+deb8u1_amd64.deb Files: bc85481428323758c89c4a46b42516a1 2714 misc optional gpsd_3.11-3+deb8u1.dsc ba28369992886fccb85ce560e4727e20 1579600 misc optional gpsd_3.11.orig.tar.gz 0ac646cd42accb1de7ab727c871ecccb 33080 misc optional gpsd_3.11-3+deb8u1.debian.tar.xz 88de64a551b68b0b2da4238067aeb335 94938 misc optional gpsd_3.11-3+deb8u1_amd64.deb 470fe4c2c9ad222de12a9160e3e0fd16 1335392 debug extra gpsd-dbg_3.11-3+deb8u1_amd64.deb ba75d8e59f6d4af6dff43694502e0ab1 136754 misc optional gpsd-clients_3.11-3+deb8u1_amd64.deb 5a101620728d73fb96297870ac9d54b5 96204 python optional python-gps_3.11-3+deb8u1_amd64.deb 0cfbf41864ef6e9717b45dae7c1e1bfa 220726 libs optional libgps21_3.11-3+deb8u1_amd64.deb 848deca5397bcf9d51ccbeed3c733fed 132298 libdevel optional libgps-dev_3.11-3+deb8u1_amd64.deb 59a0e0fdd8f10a47e951a0a1dac70712 91948 libs optional libqgpsmm21_3.11-3+deb8u1_amd64.deb 583d56c7923a08d85b25c174c4a2b1ae 43778 libdevel optional libqgpsmm-dev_3.11-3+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyfeo1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNkUQAIEWdQjh4Weu+bXKgbWwVmEZJmQErtpmgwVA nNs8V/t7ObhuEy3UW+ZGJIqjlWDAJqm6caz5bX0qa5MuQd+cQYmq3tDfNSmJVDyX 88+jZgPWsBVHK8BqDBBp8u0EcCTOAcCowdezLLFgCUqyoTrCaUh7kfOXfmyM9y53 I17nQf6HkvECzpgx3/cuptXf3njbTqdG2GJzz+mvOiEQ11xHTyhIghIfyNzR893M yVH9CBB76aJROI34sb8FS/se1ef86wLyqblF9pSgFfIfgLYMOcE9N6K3brXqHy0L 4LKSjNARBZ07YLBRif1iK8zuRDdqVEuj39Z/m4ceg99zI1U/z0A2RTui/gX6cs+M YtomqEDczW2dbfa/PT7xeU7Ith8hfgtAAgTp/4iu2rSk/bZz+bnz6Wo/RRGy5R6f SYLjW
Accepted dovecot 1:2.2.13-12~deb8u6 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2019 12:38:40 +0100 Source: dovecot Binary: dovecot-core dovecot-dev dovecot-imapd dovecot-pop3d dovecot-lmtpd dovecot-managesieved dovecot-pgsql dovecot-mysql dovecot-sqlite dovecot-ldap dovecot-gssapi dovecot-sieve dovecot-solr dovecot-lucene dovecot-dbg Architecture: source amd64 Version: 1:2.2.13-12~deb8u6 Distribution: jessie-security Urgency: high Maintainer: Dovecot Maintainers Changed-By: Markus Koschany Description: dovecot-core - secure POP3/IMAP server - core files dovecot-dbg - secure POP3/IMAP server - debug symbols dovecot-dev - secure POP3/IMAP server - header files dovecot-gssapi - secure POP3/IMAP server - GSSAPI support dovecot-imapd - secure POP3/IMAP server - IMAP daemon dovecot-ldap - secure POP3/IMAP server - LDAP support dovecot-lmtpd - secure POP3/IMAP server - LMTP server dovecot-lucene - secure POP3/IMAP server - Lucene support dovecot-managesieved - secure POP3/IMAP server - ManageSieve server dovecot-mysql - secure POP3/IMAP server - MySQL support dovecot-pgsql - secure POP3/IMAP server - PostgreSQL support dovecot-pop3d - secure POP3/IMAP server - POP3 daemon dovecot-sieve - secure POP3/IMAP server - Sieve filters support dovecot-solr - secure POP3/IMAP server - Solr support dovecot-sqlite - secure POP3/IMAP server - SQLite support Changes: dovecot (1:2.2.13-12~deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2019-7524: A security vulnerability was discovered in the Dovecot email server. When reading FTS headers from the Dovecot index, the input buffer size is not bounds-checked. An attacker with the ability to modify dovecot indexes, can take advantage of this flaw for privilege escalation or the execution of arbitrary code with the permissions of the dovecot user. Only installations using the FTS plugins are affected. Checksums-Sha1: 671d615fc906e3b2b437a9d07879ebe822f07129 3486 dovecot_2.2.13-12~deb8u6.dsc 1ee43174691f3f7b3c312054ea68d3d1eb77f30f 746764 dovecot_2.2.13-12~deb8u6.debian.tar.xz a4da44c4c32bbaef07dab55e2ab10df0cfdbfe52 2668162 dovecot-core_2.2.13-12~deb8u6_amd64.deb 7e1f0eb50bd25b5333bd3241069f3439b827d028 751070 dovecot-dev_2.2.13-12~deb8u6_amd64.deb a0951c4a50f5c7680fbd533e40132c862517609f 647734 dovecot-imapd_2.2.13-12~deb8u6_amd64.deb 9fb931c03ee8ee6a830f41d38063a05071998d7f 551014 dovecot-pop3d_2.2.13-12~deb8u6_amd64.deb d27fe9820196e8b056d45dd3a4d6a883d7f61f70 542868 dovecot-lmtpd_2.2.13-12~deb8u6_amd64.deb 45f368053807cb6781ce115a0e8b39072965385c 569904 dovecot-managesieved_2.2.13-12~deb8u6_amd64.deb 6d601038e3331189730d4a943ffabc75539f3436 534392 dovecot-pgsql_2.2.13-12~deb8u6_amd64.deb d746008cb63ae19bbefea8cc08e97bccd595acd9 532048 dovecot-mysql_2.2.13-12~deb8u6_amd64.deb 9f5245d5605db2b1e1afba91a643cd28e2630ad3 530254 dovecot-sqlite_2.2.13-12~deb8u6_amd64.deb a632d55856baf8ed79bab629a0442c8a4342137c 545338 dovecot-ldap_2.2.13-12~deb8u6_amd64.deb 7dfadc3c2bcdbd470d98421e03d68a4d14acc369 531424 dovecot-gssapi_2.2.13-12~deb8u6_amd64.deb 70308ea9baf710aa76b780caa84ab2d3625dbc09 768150 dovecot-sieve_2.2.13-12~deb8u6_amd64.deb d7d238a2301e79fe96d620a5e9c06a861042dd09 542300 dovecot-solr_2.2.13-12~deb8u6_amd64.deb 21d369266c65514e54dbf5cd2a89d5ed742b8cb3 549384 dovecot-lucene_2.2.13-12~deb8u6_amd64.deb 42795c40313844a9c445a4d50716e6d663edde7d 6736276 dovecot-dbg_2.2.13-12~deb8u6_amd64.deb Checksums-Sha256: 526f2488ef91d7a9758911f56df19e3d85ebf25d6f3de8f2235e948bf21e7016 3486 dovecot_2.2.13-12~deb8u6.dsc 4242f321c55f8b83ec2e2d5ea56fdd48175698909c939363647781daa47369bf 746764 dovecot_2.2.13-12~deb8u6.debian.tar.xz d542577f461786fa4dd9f846725ba64fcef5d196d5ad65ec8a77017d4d6ae714 2668162 dovecot-core_2.2.13-12~deb8u6_amd64.deb 7ac98470dfa96a5eb5faebfda40d4f5c1a1ea388a2a6c302a5adb43faeebcf02 751070 dovecot-dev_2.2.13-12~deb8u6_amd64.deb ca6973a3798f1d8b85d29a852ab4057bce15a58a3c51dd0acc29feb731dbf55c 647734 dovecot-imapd_2.2.13-12~deb8u6_amd64.deb b1999508b538bf41baa69b069f8be3d0b9ec6be0f0a161fb0e61d6662f193809 551014 dovecot-pop3d_2.2.13-12~deb8u6_amd64.deb d7ced09d70f09b4c61d7b791b1a92da68e597981c90bbfe441a9e9e90487feb7 542868 dovecot-lmtpd_2.2.13-12~deb8u6_amd64.deb 5e0474d2e33da9e11342d683acf07815cc36d8e3574b744461f201bd73ecaddc 569904 dovecot-managesieved_2.2.13-12~deb8u6_amd64.deb 4b34ccd97ceaa29ba1336440fec8a324ec831a941db98f985ed1d9937780a656 534392 dovecot-pgsql_2.2.13-12~deb8u6_amd64.deb f41b46bfa7aaf8e996a073112313d3eafc9ef44f4bb568ad2a621aa6690d5b07 532048 dovecot-mysql_2.2.13-12~deb8u6_amd64.deb b1bb7fd3bfa933c2651b0de1d6f42780564420c06af60b452ca42da5ec2a0bc6 530254 dovecot-sqlite_2.2.13-12~deb8u6_amd64.deb 21ae81c8773a3d6240921d393824ce5d3f917fdccfbfa71cfc8c6cd76f349141 545338 dovecot-ldap_2.2.13-12~deb8u6_amd64.deb 2431f1cc364c4eb4e4728c55543433d8b76a5a3bd92bf9a252eda71f9007f404 531424 dovecot-gssapi_2.2.13-12
Accepted wpa 2.3-1+deb8u7 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Mar 2019 12:30:45 +0100 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2.3-1+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Debian wpasupplicant Maintainers Changed-By: Markus Koschany Description: hostapd- IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Changes: wpa (2.3-1+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2016-10743: It was found that the fallback mechanism for generating a WPS pin in hostapd, an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, used a low quality pseudorandom number generator. This was fixed by using only the high quality os_get_random function. Checksums-Sha1: 90d90a8b0fd4e65ee13ea90bd583258efd8c7db9 2661 wpa_2.3-1+deb8u7.dsc 38515975c487af544e4596d21c71a5535b1dc3bc 94336 wpa_2.3-1+deb8u7.debian.tar.xz 257e5f0da0577dc7c8172ca34363cd7959c84848 540182 hostapd_2.3-1+deb8u7_amd64.deb fcee9b39f520f9a8fa3f01e169e35ad87e13dbcc 345896 wpagui_2.3-1+deb8u7_amd64.deb cbb76c204c9838c7eef5b943d23f0949fb7c23e5 918088 wpasupplicant_2.3-1+deb8u7_amd64.deb 67df7102e06f4a13f48030f2d9b3970709e24d27 222898 wpasupplicant-udeb_2.3-1+deb8u7_amd64.udeb Checksums-Sha256: 245b5cdb393b56bc9b6e9e58646d9df30ed34b8c347e2eec87bb325edb9674f4 2661 wpa_2.3-1+deb8u7.dsc ec64742e5b0153cd723e69f414067b7f5f0c6150a5bb7e13ff2703d798475509 94336 wpa_2.3-1+deb8u7.debian.tar.xz 0399a79f957abd9f5eba589261047eac18e62480edacc17119a20988e2fa2c7b 540182 hostapd_2.3-1+deb8u7_amd64.deb 86e3fabdc0d5ec9603ee5ded36fd0028c47c2809c7e4eb808e276284d85614c2 345896 wpagui_2.3-1+deb8u7_amd64.deb 2e2023d0de9938f1f54e24c01cb84f2651c13337335d27646834885a0f6536aa 918088 wpasupplicant_2.3-1+deb8u7_amd64.deb 118bbb3ec722cfdc2b8dae15e4dafa090b7fcc8f977c5152af22f2d03780d184 222898 wpasupplicant-udeb_2.3-1+deb8u7_amd64.udeb Files: ca9a7d7431d5686aa530069bbb1fdfc4 2661 net optional wpa_2.3-1+deb8u7.dsc 3e08862d8bbd2d5c9d25b17f85c6f44b 94336 net optional wpa_2.3-1+deb8u7.debian.tar.xz 5b484d7175e6fad5cdf904571ae46a26 540182 net optional hostapd_2.3-1+deb8u7_amd64.deb 93490e6bf015bc0c005c6e6a07bbdbb1 345896 net optional wpagui_2.3-1+deb8u7_amd64.deb f5b9c6f38f14e216a60697b54e6a719d 918088 net optional wpasupplicant_2.3-1+deb8u7_amd64.deb 96e22e18fb628d11560baa2d08282a7d 222898 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u7_amd64.udeb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlycu29fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkI2YP/3oaOi/aDDmQJufD41yWMiTI8vr4HXM08Hxd EPL1UTzPOG0n9TlpBu1UKYL+leB+oGJBb+82pU3QXIX6/W/I5+sNl4VYAsOX1O/v llTLEVWfH9NjCuVux5FztZ2xXAmJJ5a+TJOqh3GWXD1FWCHBCU5VhcE5NA8PineE WootE4LE0HB+UyPWB6jF5fqtPlxl7TdEL+8ht4dbN+piB0XVY5Ikw2Dvl8B3wHbx bg7qvOLvW4apOXBnmKHNU0WNN4hJoO9N4ZJ7Pm006Yd8IHMwzp+19wXWbqK8jO4q wRiWA0gTUfWneOKUMnaRVzDn2dyAwx9vAbxlM46CF6KBp+LKFrwGz/2hbcXT1jmZ zCWY2pTgvr8HqbuX+taSedgq51jYJFsYvLoFgKAnemJQg0r96WOFBLmsNs7/s74B mQ6Bg4hoG4kd1pX+7xms7KNnmJMPfClS+mfi1WATKaq1zIP0g7ME5o5wUE1aWTpJ 3NFAgJcm5IQQUHsTDGeyEC3ViFo/MqrPcVYClHHjo1q8tB7KHlGXVamgp9lSeoeg hehY392P6/OUS+iTl8BkfO8hHoYY+lnV5omsbAzW8TG7LKQ55l37AvXB0uHG4XrI uMcKYXF3Uc8XBD6VtQ+iLSSgJ9gdioLDv3qmXXutfcU3sFFQvW65I+rDK84PjfJu FPFwHjw5 =R7dx -END PGP SIGNATURE-
Accepted systemd 215-17+deb8u11 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 13 Mar 2019 11:52:10 +0100 Source: systemd Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python3-systemd systemd-dbg Architecture: source amd64 Version: 215-17+deb8u11 Distribution: jessie-security Urgency: high Maintainer: Debian systemd Maintainers Changed-By: Markus Koschany Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon-dev - systemd utility library (transitional package) libsystemd-daemon0 - systemd utility library (deprecated) libsystemd-dev - systemd utility library - development files libsystemd-id128-0 - systemd 128 bit ID utility library (deprecated) libsystemd-id128-dev - systemd 128 bit ID utility library (transitional package) libsystemd-journal-dev - systemd journal utility library (transitional package) libsystemd-journal0 - systemd journal utility library (deprecated) libsystemd-login-dev - systemd login utility library (transitional package) libsystemd-login0 - systemd login utility library (deprecated) libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) python3-systemd - Python 3 bindings for systemd systemd- system and service manager systemd-dbg - system and service manager (debug symbols) systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Closes: 924060 Changes: systemd (215-17+deb8u11) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-3815: A memory leak was discovered in the backport of fixes for CVE-2018-16864. Function dispatch_message_real() in journald-server.c does not free allocated memory to store the `_CMDLINE=` entry. A local attacker may use this flaw to make systemd-journald crash. (Closes: #924060) Checksums-Sha1: eeb9add799cbb2b5ce5ba4f9f3731c766f86f111 4414 systemd_215-17+deb8u11.dsc 7715a60637a0ccfe0ed9938f2f58bf4961c68eb8 245604 systemd_215-17+deb8u11.debian.tar.xz a4901ef74d40a8a08cafb59e4f6e56351d55a54c 2557818 systemd_215-17+deb8u11_amd64.deb 1ebb0086767f4f2dccaf4789c793692dc02553d1 37242 systemd-sysv_215-17+deb8u11_amd64.deb e6ccf2c28daf1d8b5f06d375852fe25a18c4745e 127566 libpam-systemd_215-17+deb8u11_amd64.deb e499a260d5e2f8dd56d1079a0d530015242a73f9 90246 libsystemd0_215-17+deb8u11_amd64.deb 2c99c4d06a01f2d84079be9870cb65098be955a1 96170 libsystemd-dev_215-17+deb8u11_amd64.deb c2f3c7f04df644f5231283dd9ed1403d61cd0886 50496 libsystemd-login0_215-17+deb8u11_amd64.deb 45b0a260f87f1fd91d5c0c8e435f44ccbac5b530 32926 libsystemd-login-dev_215-17+deb8u11_amd64.deb 375ec44e5240b66b63d95b3b48854488e6e4dfcf 39586 libsystemd-daemon0_215-17+deb8u11_amd64.deb 277a7237b96d5fabe634877ce91de152bc9b8953 32934 libsystemd-daemon-dev_215-17+deb8u11_amd64.deb 84d45cd64fcc64e961dec1b52688c4fc689e63c1 75758 libsystemd-journal0_215-17+deb8u11_amd64.deb 5108ddb8515b3217e7a47cf6849b010ce34049cc 32916 libsystemd-journal-dev_215-17+deb8u11_amd64.deb 3b13962ce33f632127bfba03b02b4a0c40d3c221 38524 libsystemd-id128-0_215-17+deb8u11_amd64.deb 0adb73a9b6c06202ebc18544e27d4c7d3cbc9230 32914 libsystemd-id128-dev_215-17+deb8u11_amd64.deb 6d78c3bf545bd326f449573a02d4ef41ae3eb596 876360 udev_215-17+deb8u11_amd64.deb f29506d3b9e125df089ed9c4f8e0932dea8e2003 58558 libudev1_215-17+deb8u11_amd64.deb fc535dd78f48025db026736b61cc8906350c5460 23240 libudev-dev_215-17+deb8u11_amd64.deb 70ad4426642520bf16f82a7f62e71da0598502e1 195946 udev-udeb_215-17+deb8u11_amd64.udeb 6d4e0b26271b2b747288d502c0434370b4cde51c 24738 libudev1-udeb_215-17+deb8u11_amd64.udeb 4d80e3aab38ccfd470193b8c0dc9ccb4b9c1a4d3 43252 libgudev-1.0-0_215-17+deb8u11_amd64.deb c80902c699df0a5cb466e6548dac5a25c582d563 2828 gir1.2-gudev-1.0_215-17+deb8u11_amd64.deb abaaafcc1f76b417eaa7445c9faf4a316f845ce1 24504 libgudev-1.0-dev_215-17+deb8u11_amd64.deb 4db242646a7c90c8279b83bceef37b30d575893a 62726 python3-systemd_215-17+deb8u11_amd64.deb 57790c51261c723af3acdaaed8b605c3770c1dbd 15993694 systemd-dbg_215-17+deb8u11_amd64.deb Checksums-Sha256: a155ce9a3a8c76b4a23795d259fae505f700a73e0bdcbf1fdea213e8fdf53d8c 4414 systemd_215-17+deb8u11.dsc 4e9d765876b1c90a6f1155e4c04e84c9b900990d4c2ef973a35a9cf2fc4f16fd 245604 systemd_215-17+deb8u11.debian.tar.xz 067036fbbd07ee8a8bbe0e6d35d75224ab854cbb50987b1192d9fd25bb75b8de 2557818 systemd_215-17
Accepted zabbix 1:2.2.23+dfsg-0+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 11 Mar 2019 13:16:44 +0100 Source: zabbix Binary: zabbix-agent zabbix-frontend-php zabbix-java-gateway zabbix-proxy-mysql zabbix-proxy-pgsql zabbix-proxy-sqlite3 zabbix-server-mysql zabbix-server-pgsql Architecture: source amd64 all Version: 1:2.2.23+dfsg-0+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Christoph Haas Changed-By: Markus Koschany Description: zabbix-agent - network monitoring solution - agent zabbix-frontend-php - network monitoring solution - PHP front-end zabbix-java-gateway - network monitoring solution - Java gateway zabbix-proxy-mysql - network monitoring solution - proxy (using MySQL) zabbix-proxy-pgsql - network monitoring solution - proxy (using PostgreSQL) zabbix-proxy-sqlite3 - network monitoring solution - proxy (using SQLite3) zabbix-server-mysql - network monitoring solution - server (using MySQL) zabbix-server-pgsql - network monitoring solution - server (using PostgreSQL) Changes: zabbix (1:2.2.23+dfsg-0+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * New upstream release of the 2.2 LTS branch. * Rebase patches for new release. Drop all previous security fixes because they are now included in version 2.2.23. * Fix CVE-2016-10742: Zabbix allowed remote attackers to redirect to external links by misusing the request parameter. * Fix CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. * This update also includes several other bug fixes and improvements. For more information please refer to the upstream changelog file. Checksums-Sha1: 07de8242ace39bedac86bb2340ed617227d0cc25 2952 zabbix_2.2.23+dfsg-0+deb8u1.dsc 1f32037be9457cf7e63f19e938c2e57d2870fabc 6078160 zabbix_2.2.23+dfsg.orig.tar.xz 328bbe1bd8d03fdfe1f3a5fb970906dea77b9906 189656 zabbix_2.2.23+dfsg-0+deb8u1.debian.tar.xz 38688010a6d66167d4ead5e383af5e664679dcfa 340406 zabbix-agent_2.2.23+dfsg-0+deb8u1_amd64.deb f898b01a12fc1b66fe2d7df240b0ef5f802839d1 3069738 zabbix-frontend-php_2.2.23+dfsg-0+deb8u1_all.deb 3f27da7bf59e53bce917ca9bf925849daa20fb34 205564 zabbix-java-gateway_2.2.23+dfsg-0+deb8u1_all.deb 59fee576352b6fa8a183d96708a98273bcd051c9 589982 zabbix-proxy-mysql_2.2.23+dfsg-0+deb8u1_amd64.deb aaf92afd1429bbf485dcfab5915f5e80c326b115 592406 zabbix-proxy-pgsql_2.2.23+dfsg-0+deb8u1_amd64.deb 3557e7089e10948a548845f5a2133b7aa082f2cf 575860 zabbix-proxy-sqlite3_2.2.23+dfsg-0+deb8u1_amd64.deb 02d9f581897dd0dc32176d9fc0f6dd4164b0fb3d 1768486 zabbix-server-mysql_2.2.23+dfsg-0+deb8u1_amd64.deb 4a043cfe5b45931d684709653808bc3b3c9d89ee 1769880 zabbix-server-pgsql_2.2.23+dfsg-0+deb8u1_amd64.deb Checksums-Sha256: b0279209eb3bb6c4694beef4af08ad63384122435d2ee0fe6f2a702098fd0e14 2952 zabbix_2.2.23+dfsg-0+deb8u1.dsc e1c73ea9ea813ca5b77a509dd0796af9293784ae402bbbe7de427faea6742eeb 6078160 zabbix_2.2.23+dfsg.orig.tar.xz 5f4b4a49adfa76449692d09236dead95452e6404baaeba67bd12fe1d1d85afd3 189656 zabbix_2.2.23+dfsg-0+deb8u1.debian.tar.xz 4104b4730463002bb59a114265ec272ee808d91e7865e6735e3517732d75527c 340406 zabbix-agent_2.2.23+dfsg-0+deb8u1_amd64.deb 31e0131d01b9cf2bb6ac77d0167747c55bce0223ee9e581f25ae79598594f6c3 3069738 zabbix-frontend-php_2.2.23+dfsg-0+deb8u1_all.deb 2cee62f0b5655be664f78bf68c7c9de16cb71f7a3d1692ad03de6a2fce9a30b0 205564 zabbix-java-gateway_2.2.23+dfsg-0+deb8u1_all.deb f50a5591ed3d6f8b1b0552e59403e91204441c101838d319bcfda39b24dc1a87 589982 zabbix-proxy-mysql_2.2.23+dfsg-0+deb8u1_amd64.deb 0f30d05068d2181141be21deb4a11035aab4e38acaa8dd197451a8c88d11934a 592406 zabbix-proxy-pgsql_2.2.23+dfsg-0+deb8u1_amd64.deb 087bbc5906bb1eecf48d626530d62b9dc1faed774590962a66579a2f757f967b 575860 zabbix-proxy-sqlite3_2.2.23+dfsg-0+deb8u1_amd64.deb 180d56fcb9fe9acf8da9fa00d3a1113f730d289998f59a2abd6e61432c9b859a 1768486 zabbix-server-mysql_2.2.23+dfsg-0+deb8u1_amd64.deb b62d7a19617c12aecb4b1b75b80aaacdb0046817506324400c756849d3e29e30 1769880 zabbix-server-pgsql_2.2.23+dfsg-0+deb8u1_amd64.deb Files: 85a552b03f384cfa5948d85a2e1dbbfc 2952 net optional zabbix_2.2.23+dfsg-0+deb8u1.dsc 543faf820fd790c7f7ef56d623bafef6 6078160 net optional zabbix_2.2.23+dfsg.orig.tar.xz 9dc874c9291c78e8cd378d7a09adab0d 189656 net optional zabbix_2.2.23+dfsg-0+deb8u1.debian.tar.xz 2e67b11bf51a35b45934150998222bff 340406 net optional zabbix-agent_2.2.23+dfsg-0+deb8u1_amd64.deb 1ed9c9ce310abb6b3733b36b488170d3 3069738 net optional zabbix-frontend-php_2.2.23+dfsg-0+deb8u1_all.deb 679d14966394aef15fc6001eca7d1ee4 205564 net optional zabbix-java-gateway_2.2.23+dfsg-0+deb8u1_all.deb
Accepted poppler 0.26.5-2+deb8u8 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 08 Mar 2019 19:09:06 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u8 Distribution: jessie-security Urgency: high Maintainer: Loic Minier Changed-By: Markus Koschany Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u8) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19058: A reachable abort in Object.h will lead to denial of service because EmbFile::save2 in FileSpec.cc lacks a stream check before saving an embedded file. * Fix CVE-2018-20481: Poppler mishandles unallocated XRef entries, which allows remote attackers to cause a denial-of-service (NULL pointer dereference) via a crafted PDF document. * Fix CVE-2018-20662: Poppler allows attackers to cause a denial-of-service (application crash and segmentation fault by crafting a PDF file in which an xref data structure is corrupted. * Fix CVE-2019-7310: A heap-based buffer over-read (due to an integer signedness error in the XRef::getEntry function in XRef.cc) allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PDF document. * Fix CVE-2019-9200: A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause denial-of-service (segmentation fault) or possibly have unspecified other impact. Checksums-Sha1: 4d3f30331877373c8b80223a19515ae4234b6d52 3525 poppler_0.26.5-2+deb8u8.dsc 4db8518d4b323730751aa43bfa5380634ab85147 43452 poppler_0.26.5-2+deb8u8.debian.tar.xz 261c6432ab18cff822a6fae1f0ab3b3455d2b8d2 1212806 libpoppler46_0.26.5-2+deb8u8_amd64.deb 68dbb7822f056d42d36e29f2028849873fa82041 766740 libpoppler-dev_0.26.5-2+deb8u8_amd64.deb 2f433290a5e5b4edbdcdbef1c34ca0c0853d7280 180900 libpoppler-private-dev_0.26.5-2+deb8u8_amd64.deb 98bbb340e4f741154a35620b8a77293fa1f4194a 122968 libpoppler-glib8_0.26.5-2+deb8u8_amd64.deb 1e44fb63b6048d1a57f7edf0241e74cedfe8e71a 163494 libpoppler-glib-dev_0.26.5-2+deb8u8_amd64.deb 1e3974eede228fddb7155b162b402b4c1b1e4c63 86382 libpoppler-glib-doc_0.26.5-2+deb8u8_all.deb 21f8fbd06584a2f774d903f2b004535943589fe3 34802 gir1.2-poppler-0.18_0.26.5-2+deb8u8_amd64.deb 281d7dd8a5fee82128d3ea4e1d0e0705daef8fdb 128156 libpoppler-qt4-4_0.26.5-2+deb8u8_amd64.deb b2f124b1399def6e4f5946d6e67acf0cd7ef6471 159172 libpoppler-qt4-dev_0.26.5-2+deb8u8_amd64.deb 1ee1ad691037c6c47b866383329ba90b57bb28c8 132334 libpoppler-qt5-1_0.26.5-2+deb8u8_amd64.deb 82b120b83423f0187d1b5fe39c486267e6423469 166506 libpoppler-qt5-dev_0.26.5-2+deb8u8_amd64.deb 92adfe5e81dd2afd4901fbbab8d89ce76a28 45376 libpoppler-cpp0_0.26.5-2+deb8u8_amd64.deb d9e06eae521dc4628fb1dcb1a64832f602f4d1cc 49814 libpoppler-cpp-dev_0.26.5-2+deb8u8_amd64.deb bb809578bae6ca67bf4953303bf4ed884f7f0af4 141270 poppler-utils_0.26.5-2+deb8u8_amd64.deb beb0f1fd771c80cf147ec68f9ad9d89e8994c8c2 7686250 poppler-dbg_0.26.5-2+deb8u8_amd64.deb Checksums-Sha256: 9044230b7937d276b5dd417a9cfcf3bbf83bc77389d7c8463cc9670ee618ae9a 3525 poppler_0.26.5-2+deb8u8.dsc f9131c2e5e236f364659f5addf3ca33e14f4e171cce19d156e767774a239b927 43452 poppler_0.26.5-2+deb8u8.debian.tar.xz 25c7dd68423239fd57535c9784f08ff9cb03359c3ef9b0c8063412e89f2dafea 1212806 libpoppler46_0.26.5-2+deb8u8_amd64.deb d64b50724a181144e2efa97561e971e4bfa3ce7bb916630c3fd6bb0c2d2ff876 766740 libpoppler-dev_0.26.5-2+deb8u8_amd64.deb
Accepted jackson-databind 2.4.2-2+deb8u5 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 04 Mar 2019 10:30:09 +0100 Source: jackson-databind Binary: libjackson2-databind-java libjackson2-databind-java-doc Architecture: source all Version: 2.4.2-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libjackson2-databind-java - fast and powerful JSON library for Java -- data binding libjackson2-databind-java-doc - Documentation for jackson-databind Changes: jackson-databind (2.4.2-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-11307, CVE-2018-12022, CVE-2018-12023, CVE-2018-14718, CVE-2018-14719, CVE-2018-14720, CVE-2018-14721, CVE-2018-19360, CVE-2018-19361 and CVE-2018-19362. Several deserialization flaws were discovered in jackson-databind which could allow an unauthenticated user to perform code execution. The issue was resolved by extending the blacklist and blocking more classes from polymorphic deserialization. Checksums-Sha1: 0acda95edd6e755b3ecfc55d234adfeae5b97a2b 2691 jackson-databind_2.4.2-2+deb8u5.dsc f87ceb854ad19508eb4b9d97a369cd7023b51221 10316 jackson-databind_2.4.2-2+deb8u5.debian.tar.xz 7e90a56108dbb4333832d58e0b7b0f20d4e961f4 986992 libjackson2-databind-java_2.4.2-2+deb8u5_all.deb 9c47545c07e3f45f3a0bc899b8b0d7532460a7d8 4748130 libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb Checksums-Sha256: 8238342f554d307d52bf50a2e39d4d777855ed7d1f5b2758dc83d68c9cfe72f3 2691 jackson-databind_2.4.2-2+deb8u5.dsc 8d2f7dd7f5facfea25cc4b2a80fdbdb1a413b2bbf8c7000e167a034e0a0a12fc 10316 jackson-databind_2.4.2-2+deb8u5.debian.tar.xz 09a3d7a7cb9848d60cbc7a08f330921ff5d1dcc99f26333b3db84b6b537cb2b5 986992 libjackson2-databind-java_2.4.2-2+deb8u5_all.deb 8bf0ecf5437626db9c0ec4307d969e063195f4f009f08d58631b7bb0d37a4226 4748130 libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb Files: f786b0bc50a0c3c86b553658d8365ab3 2691 java optional jackson-databind_2.4.2-2+deb8u5.dsc 7d213399d23387f21b70569e0a78a405 10316 java optional jackson-databind_2.4.2-2+deb8u5.debian.tar.xz d6e5cd84ac5e09b7de2f3e60c965667c 986992 java optional libjackson2-databind-java_2.4.2-2+deb8u5_all.deb 49aa611b4073fd93c48059028338f1ba 4748130 doc optional libjackson2-databind-java-doc_2.4.2-2+deb8u5_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx9Bc1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkz0gQAIKLwh29sBqkkuDgDoCiPhy5YgkD4zjm4BDZ tvDSCWBuTQCzBE5IEECeb5VdOsfMPpnOhrZdqI/oHtvALirXhAzm257y6gAtCgCI K4ceILf1acFXR+jpqIMnY0jdj96mHTzCGbTgLF6wRcDz+OP1HF+swJpZS2ihk058 DD2tJ9FZxcvqY9ovP9D5vKKOeyZqtaeSqwLJ/vPPrLP8y/0oWSbEAzhmBNE+pKdo ebJwtlMpLoHnNuRhw7rL/104IaLf0dAZulljbcmJT7QqqXLi8BUXG36JS5v22kHm gpJYRceM6QtiNkoC4BxRrHxuFt2cm77Tpx12H1vjntGBR7L2btREQe/Ll9y2FPda gg3xYzZ6fKdi1QHHo7eONDcL4xq/qi+CF5FsMm8uhkrSqk9fjI6EJt9+hftdgtRS fWzmeUVS84yBOdHQTUwmH6Fp89jOJyJC5GwkvcAQznTl/Z0HhWoIh3/3GVVLLjRo s6VKwQ0Jw0SDJ80J5ThOYuVTdJmfDO3pXyXLKmlMSBly0GlBAJhl/9Xf4YLd7Xe1 a6/Bxnxo+9V0CCQU+OUI6Hq5UqClqEgYFRC8SykGMWy+eblHUYfH9gYlg1Qv7L7i RnE5HL11osgAGCTOIqmG0yoE30qRff8Nuda4oPG6SyBbxIRIfdW0gV14vL+SdD1o Xv/nCz5U =Zx9c -END PGP SIGNATURE-
Accepted advancecomp 1.19-1+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 02 Mar 2019 21:00:50 +0100 Source: advancecomp Binary: advancecomp Architecture: source amd64 Version: 1.19-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Piotr Ożarowski Changed-By: Markus Koschany Description: advancecomp - collection of recompression utilities Changes: advancecomp (1.19-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1056: Joonun Jang discovered that the advzip tool in advancecomp, a collection of recompression utilities, was prone to a heap-based buffer overflow. This might allow an attacker to cause a denial-of-service (application crash) or other unspecified impact via a crafted file. * The png_compress function in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in another heap based buffer overflow. * Backport two upstream commits to address more buffer overflows. Checksums-Sha1: 73bb2c116475020954ce86e8614f0e83e7a45851 1949 advancecomp_1.19-1+deb8u1.dsc 894c2db01c9fff40257f929496621bdcea77748b 1193228 advancecomp_1.19.orig.tar.gz 078feb34f7683f1c2d01c0dbeee1239ff7d4056d 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz 82b2c84937f7f56473342b10681a9744078b463e 162492 advancecomp_1.19-1+deb8u1_amd64.deb Checksums-Sha256: 8e50bfdab39a3c9c8ee968ac51d63017fddbdacfc64845daf16203aa20d43889 1949 advancecomp_1.19-1+deb8u1.dsc d594c50c3da356aa961f75b00e958a4ed1e142c6530b42926092e46419af3047 1193228 advancecomp_1.19.orig.tar.gz fe89252f7e38842b8e6a8e444254353251f100874a12f41c37e26d0c28b754f1 5072 advancecomp_1.19-1+deb8u1.debian.tar.xz 977c3ef04883507f238b5ee264c643fbf852c37a860ce3b9e6ceed9ea3647a2c 162492 advancecomp_1.19-1+deb8u1_amd64.deb Files: a2c4a32f1bcc10857803b7ec2d2c52ce 1949 utils optional advancecomp_1.19-1+deb8u1.dsc 371548ce4cc38cb452c20414cbd8c4fe 1193228 utils optional advancecomp_1.19.orig.tar.gz 1e8bb01c660ec0aaef372065a3ef3073 5072 utils optional advancecomp_1.19-1+deb8u1.debian.tar.xz 74eb531dae1ab1305c941ede27e6c1ff 162492 utils optional advancecomp_1.19-1+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx68ChfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk3VwP/0EGBUsNFv/0WzvVK1NQDYQ8s6fHHKPgLBxr O9nlyTHqh52zR0G0ZVLl9scCOu5dLU9LjfX0FDzrWMjC5EbK3qx6mjDhGBTlIc8l KmQu/kj1Co+NHZTrY5eopMEjI2geRHedhMeCeSvX56RIgnwF1h2lkaQJP5uZi/Hd X/56k8tlrPo5b8Rx4JrD5B315R1c4ciD0z3gzF7f47NLrAskO8zZkTGk6Ftwp7WQ XC5WZet4uxM0dOVWcrhSvvlo0pq00wN/9SHDv+rvW01NCX/10Cb7UCuT3VGKfAqD qx8COA7wNQmuiAcKYTn5oE1afm7INdBw4OD41xacTT1mz1nZyAfTd0NNn1QxwQNC +VV7jvqdhpVMOblbQ1obRWurtuJFHwaLF01D42X8vO0dY8kOfnq4GnxsZKLJYtxl Bu06vIec+0fDZ54OIHpNm2Uk/Ye6kGLiTJ8dzGiRsVmX0qqI0MjQ9fa3LtUJI+6B ZmaPpg4Zgz43MCKX625nZP32oJlr61mJq6h1zUcjOckfQMIsug8/5PwU/2oyIPHk 0sbfgb+EGOcw49Wl8HZEF6ufJFLNIlTT55oeBIZgqHVRfQ63jc1lUDtzQBHTVVd+ u4Fh6T6DrAlsQyqc12HLiBVwIorN/u8FFKeNogqVdoxNtX7YP9Z1qDRtb6/b5OkV n1jI1AUL =BMla -END PGP SIGNATURE-
Accepted openssl 1.0.1t-1+deb8u11 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2019 16:25:39 +0100 Source: openssl Binary: openssl libssl1.0.0 libcrypto1.0.0-udeb libssl-dev libssl-doc libssl1.0.0-dbg Architecture: source all amd64 Version: 1.0.1t-1+deb8u11 Distribution: jessie-security Urgency: high Maintainer: Debian OpenSSL Team Changed-By: Markus Koschany Description: libcrypto1.0.0-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb) libssl-dev - Secure Sockets Layer toolkit - development files libssl-doc - Secure Sockets Layer toolkit - development documentation libssl1.0.0 - Secure Sockets Layer toolkit - shared libraries libssl1.0.0-dbg - Secure Sockets Layer toolkit - debug information openssl- Secure Sockets Layer toolkit - cryptographic utility Changes: openssl (1.0.1t-1+deb8u11) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-1559: Juraj Somorovsky, Robert Merget and Nimrod Aviram discovered a padding oracle attack in OpenSSL. If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. . In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). AEAD ciphersuites are not impacted. Checksums-Sha1: 59d63557a4494f2db518991bb738fc2740ae6fbf 2427 openssl_1.0.1t-1+deb8u11.dsc 82bbf327e569a70c93c0e85e24cb1ad035905e83 116008 openssl_1.0.1t-1+deb8u11.debian.tar.xz 949e0d12c79dbac67d8b5372b880916213057fa3 1168000 libssl-doc_1.0.1t-1+deb8u11_all.deb 427ae9aecffd26b0b07092278413d89e1234b9e5 664632 openssl_1.0.1t-1+deb8u11_amd64.deb 97c268ee6d8b3abf24cbe01da4d80074d1887510 1046796 libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb c4e389464eedf035e9807b5f02141975b6f1c365 643474 libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb c4d6ec45ec2dd649c2648cfd73aa08dd053833c4 1284940 libssl-dev_1.0.1t-1+deb8u11_amd64.deb 504b2d0ba2f9d81d64a432e815b4a96df682e491 2819836 libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Checksums-Sha256: 1b2ea8314ab20895989a9ca0c1f6a3244baf6e889f9e9563245083ab8525e710 2427 openssl_1.0.1t-1+deb8u11.dsc deaab80273c0a2928a3184576856cbaa37993130a1a938a22dca6d341ffc3deb 116008 openssl_1.0.1t-1+deb8u11.debian.tar.xz ee1d4cdfc57678ed2ba484b2975e28695fdd20c0a0144b2c1f4702978601c79d 1168000 libssl-doc_1.0.1t-1+deb8u11_all.deb c5424c87b93594ce2fdf19ae60eb955a3ed1b2f5518e98706460315e8e38a1c8 664632 openssl_1.0.1t-1+deb8u11_amd64.deb 793926fb2d9bd152cdf72551d9a36c83090e0f574dbe0063de1528465bf46479 1046796 libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb e049b747a8f73584f61b0a971f970b87cdf79ecd9aad8c6869a6283fe3d9bd08 643474 libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb 5c16fd8e8d300ade9456df6ed0e2dda33a0665550bc29dc7da4f22fc12686ea2 1284940 libssl-dev_1.0.1t-1+deb8u11_amd64.deb d666e920683fcd868fd45fcb595b0ce31afa5fd0fa398a2c71ce226aa7ac984c 2819836 libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Files: e04299c1bd9b6c4db50bce0fbfc2af23 2427 utils optional openssl_1.0.1t-1+deb8u11.dsc 1f1c0a5cb858701b9da3983469b10eff 116008 utils optional openssl_1.0.1t-1+deb8u11.debian.tar.xz db028d465a4961addb74f220b8a03d6e 1168000 doc optional libssl-doc_1.0.1t-1+deb8u11_all.deb a865663fe2049f75c50117b33c6210e3 664632 utils optional openssl_1.0.1t-1+deb8u11_amd64.deb 988393d399c0c8776e0e05a505e68fe0 1046796 libs important libssl1.0.0_1.0.1t-1+deb8u11_amd64.deb 4a93fdc96133b55b1bf4b73bebdf355e 643474 debian-installer optional libcrypto1.0.0-udeb_1.0.1t-1+deb8u11_amd64.udeb 83442579b3ec3e01116b8b8b574d1487 1284940 libdevel optional libssl-dev_1.0.1t-1+deb8u11_amd64.deb 6dc81e92c0a1ef8e8693f6bd5407b7dd 2819836 debug extra libssl1.0.0-dbg_1.0.1t-1+deb8u11_amd64.deb Package-Type: udeb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlx5m2NfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkVU8QAMZ/AeA8wo89PQ8wL30Exrl8miDfwX9PPUOI Rqz3+5atE24Z74ktecnv+C9PDDj67hDRsyYCM7BTDtRzfnzNdjMJQVh3PNclbx8J GnV0FpCgE2wDhiBZQogBf4/Z8tA4QBB3WQvyg7Qox0rGLdwqU0UgJPuK+IiPNrzc WXgNvnpcnL68o72fZPv0Re1EhWORCfP9GWPvqGZA/lm4Ux9/otgj3oYfzKH8Pip9 5yIlqr5Ww5n4bzA5cBrhWdyaRy/WN6yOKGmvj8S1ZabeUWF6+ld9OUOMLmyxurlw 8Nx6rVRZ1LunDI0lNgaD
Accepted ceph 0.80.7-2+deb8u3 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Feb 2019 13:13:22 +0100 Source: ceph Binary: ceph ceph-dbg ceph-common ceph-common-dbg ceph-mds ceph-mds-dbg ceph-fuse ceph-fuse-dbg rbd-fuse rbd-fuse-dbg ceph-fs-common ceph-fs-common-dbg ceph-resource-agents librados2 librados2-dbg librados-dev librbd1 librbd1-dbg librbd-dev libcephfs1 libcephfs1-dbg libcephfs-dev radosgw radosgw-dbg rest-bench rest-bench-dbg ceph-test ceph-test-dbg python-ceph libcephfs-java libcephfs-jni libcephfs-jni-dbg Architecture: source amd64 all Version: 0.80.7-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Ceph Maintainers Changed-By: Markus Koschany Description: ceph - distributed storage and file system ceph-common - common utilities to mount and interact with a ceph storage cluste ceph-common-dbg - debugging symbols for ceph-common ceph-dbg - debugging symbols for ceph ceph-fs-common - common utilities to mount and interact with a ceph file system ceph-fs-common-dbg - debugging symbols for ceph-fs-common ceph-fuse - FUSE-based client for the Ceph distributed file system ceph-fuse-dbg - debugging symbols for ceph-fuse ceph-mds - metadata server for the ceph distributed file system ceph-mds-dbg - debugging symbols for ceph-mds ceph-resource-agents - OCF-compliant resource agents for Ceph ceph-test - Ceph test and benchmarking tools ceph-test-dbg - debugging symbols for ceph-test libcephfs-dev - Ceph distributed file system client library (development files) libcephfs-java - Java library for the Ceph File System libcephfs-jni - Java Native Interface library for CephFS Java bindings libcephfs-jni-dbg - debugging symbols for libcephfs-jni libcephfs1 - Ceph distributed file system client library libcephfs1-dbg - debugging symbols for libcephfs1 librados-dev - RADOS distributed object store client library (development files) librados2 - RADOS distributed object store client library librados2-dbg - debugging symbols for librados2 librbd-dev - RADOS block device client library (development files) librbd1- RADOS block device client library librbd1-dbg - debugging symbols for librbd1 python-ceph - Python libraries for the Ceph distributed filesystem radosgw- REST gateway for RADOS distributed object store radosgw-dbg - debugging symbols for radosgw rbd-fuse - FUSE-based rbd client for the Ceph distributed file system rbd-fuse-dbg - debugging symbols for rbd-fuse rest-bench - RESTful bencher that can be used to benchmark radosgw performance rest-bench-dbg - debugging symbols for rest-bench Changes: ceph (0.80.7-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-14662: It was found that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. * Fix CVE-2018-16846: It was found that authenticated ceph RGW users can cause a denial of service against OMAPs holding bucket indices. Checksums-Sha1: cf71ee1fb70cbe7262c62e548349089dba0afaf7 4562 ceph_0.80.7-2+deb8u3.dsc 3db33986291c8fc8fb572099ec2915690d88512b 4036009 ceph_0.80.7.orig.tar.bz2 9c32d277a2a9cd9e86afeaab2b71b2e58af76246 50616 ceph_0.80.7-2+deb8u3.debian.tar.xz af1380315bb12ff3b239bb2daba69a2d6b19ed87 5349724 ceph_0.80.7-2+deb8u3_amd64.deb 97398579eea48606e33a63e9796ae9d64e6f2747 95202298 ceph-dbg_0.80.7-2+deb8u3_amd64.deb 90557755096687bb3e8d1ba9485a56811f75 4355010 ceph-common_0.80.7-2+deb8u3_amd64.deb 6ddc03fcc7c76b614d54febbbe0b810ae4ca096d 69646874 ceph-common-dbg_0.80.7-2+deb8u3_amd64.deb b42066621d08a0a610d3711f86c0c1c766771c42 2214046 ceph-mds_0.80.7-2+deb8u3_amd64.deb 6b7bb37c0cacaf3dac8f038cfffe46714534133d 34724826 ceph-mds-dbg_0.80.7-2+deb8u3_amd64.deb 21ca2a170d1d8ae698d7817379c2946df68ad909 1406026 ceph-fuse_0.80.7-2+deb8u3_amd64.deb bfd309751e32253831744510ded577dc63281931 18333000 ceph-fuse-dbg_0.80.7-2+deb8u3_amd64.deb 3ccca9c62de155793965c8ed778ca2f634219c79 26278 rbd-fuse_0.80.7-2+deb8u3_amd64.deb dc58098b6d1d69888ea85e9bd2188925f54b5621 33910 rbd-fuse-dbg_0.80.7-2+deb8u3_amd64.deb 291d9fcaf134e36882203febd129f880d060e4f0 38994 ceph-fs-common_0.80.7-2+deb8u3_amd64.deb 76483a07044bfa82ca5e6b3cc8cecd40d412e15b 82534 ceph-fs-common-dbg_0.80.7-2+deb8u3_amd64.deb 6e3846643bb0efc073e1de5782842ef026a5911b 21428 ceph-resource-agents_0.80.7-2+deb8u3_all.deb 49a0a87f83a7625969f20a2a31b397cee896ca1d 1598710 librados2_0.80.7-2+deb8u3_amd64.deb 9119d60f59729e59bb9873da008e43f161731d16 20684386 librados2-dbg_0.80.7-2+deb8u3_amd64.deb c9a27a8cefdd102e34a69247248855994ca158d2 1846876 librados-dev_0.80.7-2+deb8u3_amd64.deb 62007526a8458b4bda117050d260c6e3bd9da07f 361918 librbd1_0.80.7-2+deb8u3_amd64.deb 0f86c529971be0ce1e1eab07b2f0edeaeca8e96f 4733802 librbd1-dbg_0.80.7-2+deb8u3_amd64.deb 464d2dc4e7f6a32f3a0ccab5d1c10aa72d27c0e0 5294712 librbd-dev_0.80.7-2+deb8u3_amd64.deb
Accepted unbound 1.4.22-3+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 Feb 2019 15:34:06 +0100 Source: unbound Binary: unbound unbound-anchor unbound-host libunbound2 libunbound-dev python-unbound Architecture: source amd64 Version: 1.4.22-3+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Robert S. Edmonds Changed-By: Markus Koschany Description: libunbound-dev - static library, header files, and docs for libunbound libunbound2 - library implementing DNS resolution and validation python-unbound - library implementing DNS resolution and validation (Python bindin unbound- validating, recursive, caching DNS resolver unbound-anchor - utility to securely fetch the root DNS trust anchor unbound-host - reimplementation of the 'host' command Changes: unbound (1.4.22-3+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-15105: Ralph Dolmans and Karst Koymans found a flaw in the way unbound validated wildcard-synthesized NSEC records. An improperly validated wildcard NSEC record could be used to prove the non-existence (NXDOMAIN answer) of an existing wildcard record, or trick unbound into accepting a NODATA proof. For more information please refer to the upstream advisory at https://unbound.net/downloads/CVE-2017-15105.txt. Checksums-Sha1: 96bb78ea0294a53ff954adb337b273d6001366a7 2470 unbound_1.4.22-3+deb8u4.dsc a56e31e2f3a2fefa3caaad9200dd943d174ca81e 4735801 unbound_1.4.22.orig.tar.gz 8725d6ffb511b4f85c6f898e66597c40e08a183e 21752 unbound_1.4.22-3+deb8u4.debian.tar.xz 39148ac64c9ac48a02dd669ddcceffb389dbcf96 486106 unbound_1.4.22-3+deb8u4_amd64.deb 5e65a89aa3dbee8ad99b089fc7ddd2adbf3f774d 98412 unbound-anchor_1.4.22-3+deb8u4_amd64.deb e2aa66a88c73afaa86d0464ee84eef19c624a5b2 100304 unbound-host_1.4.22-3+deb8u4_amd64.deb 54fc7466b29a13c8bfe7e3ab6d058bf9ee43c374 301226 libunbound2_1.4.22-3+deb8u4_amd64.deb 6713c3d4eeabf4de1e84761d45caa30f4834fc0d 4700464 libunbound-dev_1.4.22-3+deb8u4_amd64.deb 9420b345b36ae1b9f62f55f1f392cabea375c9fe 24 python-unbound_1.4.22-3+deb8u4_amd64.deb Checksums-Sha256: ab9b06970675d273c7d5eb390591aeb5580dcebd22e527122ea455e767e90824 2470 unbound_1.4.22-3+deb8u4.dsc 1caf5081b2190ecdb23fc4d998b7999e28640c941f53baff7aee03c092a7d29f 4735801 unbound_1.4.22.orig.tar.gz a669d24771029609fd184cd0a70294e846fd6465ba29b8dc3c0b777e54766dc7 21752 unbound_1.4.22-3+deb8u4.debian.tar.xz faf7a5108cb6229ea3db98cf91e42bc09def02e373f7d185d81a1c359b8f9920 486106 unbound_1.4.22-3+deb8u4_amd64.deb 879e29492c69acb399c6fa5dc0a78369d7b85357d05a846b04b40abf81e8 98412 unbound-anchor_1.4.22-3+deb8u4_amd64.deb 7244b4851ef8704f2d5b06c76febc28ea619046dc09b368cf538d4dd5f16cb2f 100304 unbound-host_1.4.22-3+deb8u4_amd64.deb 30423da90c821a480b26007bee2c72870447080a5258cf798711a53d887aac67 301226 libunbound2_1.4.22-3+deb8u4_amd64.deb ffbccb7167fcd29ee22bd4bd83a6465548308f9245fda188b53d726483f0a5db 4700464 libunbound-dev_1.4.22-3+deb8u4_amd64.deb 9e3b2ec2979e04e182e9e6e0164ec6513f62bda608a5172b3eac8776791885dd 24 python-unbound_1.4.22-3+deb8u4_amd64.deb Files: 2735bbba1c8e87a4f31134356af62730 2470 net optional unbound_1.4.22-3+deb8u4.dsc 59728c74fef8783f8bad1d7451eba97f 4735801 net optional unbound_1.4.22.orig.tar.gz cca93940eef0283e109db149bdcb078e 21752 net optional unbound_1.4.22-3+deb8u4.debian.tar.xz f57a4aa17dcf494f81b6c93042024b78 486106 net optional unbound_1.4.22-3+deb8u4_amd64.deb f5e2ddfb145095ae89cf91e138fef099 98412 net optional unbound-anchor_1.4.22-3+deb8u4_amd64.deb 0bad3e4ec782eed433944cdac8927562 100304 net optional unbound-host_1.4.22-3+deb8u4_amd64.deb b0d6c538c60f5bda685cdfda5daa8ed8 301226 libs optional libunbound2_1.4.22-3+deb8u4_amd64.deb 1b4aee5291899f9a6d625558dd0b32df 4700464 libdevel optional libunbound-dev_1.4.22-3+deb8u4_amd64.deb 1a15aded786133147785931d5deedfe0 24 python optional python-unbound_1.4.22-3+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxlv0pfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk5sYQAIG7ZWVFPNHs+TWxD8lpi3ATlEVMGrbvyVj2 VcldysnJbr7EdOf+D6a1aw87oIfqX9FLcg9BS0koKRpPxCUYvNSKetKpbV73kqr+ KpuxB1I06mPUkQrUTjbwKPx2fiEz2IoB4lPq2tk63ZPS4kLAEcCbem9PrPmqTUJB v/iupiXJs34Rk3RXcv6mKCkoxIi2WBDEs55nG4iZNyau9raIt3HH4FUtGFjKoO+n Z6F5JFB2CEBMVfncCg442/xN8n+QAOlzsNtWy62+UsbjbXwTuBOSQZT79HpHoJIj VqjmCJ+BFBUCpXXgwFRTVLegvf+9NhnuM06HSPLEUJEXL9eftYKQ2/zica9tEAyE fm2E7EOHGyupvq1OBYFM5UbSCizBL0hvN9+hyXFw5uzpc7sV5CCXI5MZ1uZE9XgG HbhMB9bdCdrMbTfpGUKEnzKN5dXqr2oB/JOk6PxH8rAFWsjqVyBVv9YoVX5iIZMQ VlAnWvtL+NxMt4sFb3/a0qZk5mRqfxogfVWAQ6OcITkNQ54rIpBBdw9VTQLHcL66 Mxs6bgmfJsVNyWFvoRfjOPPlVh52h43P9dYc15z/vKNEZ6gsDEhZvWkWPLghnsWJ O0U0CLAsvHrixaj6M3RJM156Wxu78ocl4Fx36CdXTXn/5YwfUaku/KSWF5YMiZXa 2eV+9Ip8 =YT8b -END PGP SIGNATURE-
Accepted python-gnupg 0.3.6-1+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 Feb 2019 13:26:00 +0100 Source: python-gnupg Binary: python-gnupg python3-gnupg Architecture: source all Version: 0.3.6-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Elena Grandi Changed-By: Markus Koschany Description: python-gnupg - Python wrapper for the Gnu Privacy Guard (Python 2.x) python3-gnupg - Python wrapper for the Gnu Privacy Guard (Python 3.x) Changes: python-gnupg (0.3.6-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-6690: Alexander Kjäll and Stig Palmquist discovered a vulnerability in python-gnupg, a wrapper around GNU Privacy Guard. It was possible to inject data through the passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() functions when symmetric encryption is used. The supplied passphrase is not validated for newlines, and the library passes --passphrase-fd=0 to the gpg executable, which expects the passphrase on the first line of stdin, and the ciphertext to be decrypted or plaintext to be encrypted on sebsequent lines. By supplying a passphrase containing a newline an attacker can control/modify the ciphertext/plaintext being decrypted/encrypted. Checksums-Sha1: 82aa3a81bc8b7837caaf12e0c1d7a8d01793e0e4 2308 python-gnupg_0.3.6-1+deb8u1.dsc 4661039e19e357bfd310bd067b212475c8fffb7e 20855 python-gnupg_0.3.6.orig.tar.gz 6d90f9c352485b88c8ac6546c98484d3daeaf405 5828 python-gnupg_0.3.6-1+deb8u1.debian.tar.xz 2b6ecc5a5e27bbcf35fe366cb974f7d56f7454f1 15230 python-gnupg_0.3.6-1+deb8u1_all.deb 89943ad8ff6d854fdd336ce91665f6f318a133b4 15322 python3-gnupg_0.3.6-1+deb8u1_all.deb Checksums-Sha256: 7c1b77d3f4d48badc71460db6a5553f4262b5675b1dd08ddc61daeaf10b13272 2308 python-gnupg_0.3.6-1+deb8u1.dsc ffdfad1824fbde8ab94c50e08040edd6a82b4095c187994954471a38c45a094a 20855 python-gnupg_0.3.6.orig.tar.gz 03e3e5fc82a81e5f5c9c6ea7d273aabb17a1478609bdb33d107eb07cba296b3c 5828 python-gnupg_0.3.6-1+deb8u1.debian.tar.xz a4313678e392f320561af98246f9741179a5f47e85e37b236e0ce55e7d3db42b 15230 python-gnupg_0.3.6-1+deb8u1_all.deb ed5056179509de233b373800f541887e1344196923401126726797e341609d7d 15322 python3-gnupg_0.3.6-1+deb8u1_all.deb Files: 443335e38f99c7e517635cfdc2a8768a 2308 python optional python-gnupg_0.3.6-1+deb8u1.dsc 27415bead227e8c6906900b7c777120c 20855 python optional python-gnupg_0.3.6.orig.tar.gz 1eea4a4caa1ffef1ecbd6e8e977a2a8c 5828 python optional python-gnupg_0.3.6-1+deb8u1.debian.tar.xz 957f93f7717b8dfb216f862413d7177d 15230 python optional python-gnupg_0.3.6-1+deb8u1_all.deb df6f2cc4f0c7b580bc64489df4f898e1 15322 python optional python3-gnupg_0.3.6-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxlbdlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkOZYQAJzyKa8o9sb5eo8KNtUWh729LlUrSXOR2zch COOt6+ldWIjCjziY+XTV6qykMga06/TlRFHcLhBXYD7zi13Ie09B81f4S3ourRrH Q4uKKU4ooQgfhJpNeh+QA2qACZMHUZDrEvC9I1bTaVLkOMXnZrPPpsbUt/zbyAB3 WoVBdeyoAHM0F8ToqkDtk61S/JKWZCGvmA+yv0gDTwctNzuIIx94fUb0vBPMazf6 LjOPBw7kGI1apLz37t3k4210rS7+MyC9EYGf6AsYVUSqZHkZH1rmzXmighiMC7d2 qBvFptpbrX9BfY3+JTKYwVjIp1VmMDNZouQrN0IifZkAMlg4zJ8q15lOOYoIuFYm fIr0r98yBokJ32F+eFlrdATvAJYZ75Xmw8AU2nUaNPj5PVlkjDLCQYxiQE8+Pver jXQ5LM70TUmV+J9baY6FGUO2m71tj/HssUao4A3bd7/T1f5HQov99uebo53bxLvM 4xpUo4ND+WAQSIS30+uiIfv3FpFVJICg7WU3Cbv0Zl2DlYK4gKz98ieDVYQjAlsI rESRErbMITq5kgGraVizZ2/8soZ87iL9qmCkRycsntFn7YoboOfXTaKIBX8dVtF8 5qbWtr70b4H66/ZnU8LmlWY/4+1nu+6GTLcu43oppncP2ln8ZbIvzPADhxAxvyJG 0jbDlsCT =8z82 -END PGP SIGNATURE-
Accepted wordpress 4.1.25+dfsg-1+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 11 Feb 2019 12:13:40 +0100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1.25+dfsg-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Craig Small Changed-By: Markus Koschany Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Changes: wordpress (4.1.25+dfsg-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-20147: Authors could modify metadata to bypass intended restrictions on deleting files. * Fix CVE-2018-20148: Contributors could conduct PHP object injection attacks via crafted metadata in a wp.getMediaItem XMLRPC call. This is caused by mishandling of serialized data at phar:// URLs in the wp_get_attachment_thumb_file function in wp-includes/post.php. * Fix CVE-2018-20149: When the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. * Fix CVE-2018-20150: Crafted URLs could trigger XSS for certain use cases involving plugins. * Fix CVE-2018-20151: The user-activation page could be read by a search engine's web crawler if an unusual configuration were chosen. The search engine could then index and display a user's e-mail address and (rarely) the password that was generated by default. * Fix CVE-2018-20152: Authors could bypass intended restrictions on post types via crafted input. * Fix CVE-2018-20153: Contributors could modify new comments made by users with greater privileges, possibly causing XSS. Checksums-Sha1: 0ca0da43ce7d929aa522771e1d2c3ead15e4aecb 2719 wordpress_4.1.25+dfsg-1+deb8u1.dsc 389202ec93bf5f4c19864ea7e3fde92f63902927 4654708 wordpress_4.1.25+dfsg.orig.tar.xz f7a828a8a0acff1a58557147309ecf8893e46dd1 6001556 wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz e5c1700dae5e13187597818139ba4ec78e5ec3cd 3071998 wordpress_4.1.25+dfsg-1+deb8u1_all.deb 3fb4c7337249a5628f5114769542a4cc1b7e88b2 4247354 wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb 3da794d467ec338bfab7178339a44a4014beb0b7 505168 wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb 4463d3f08aeb2283055ed13cab5628f24cd42279 804258 wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb 5d6b5bb106ae709b9f0aaffa1fca4790aea0b494 323604 wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb Checksums-Sha256: 4ed07610705779ba6e7b7b3366b070f603d48e096e22ba1ac571cdcca848e19f 2719 wordpress_4.1.25+dfsg-1+deb8u1.dsc 8672b14c8b657ac6fe8c758a01a53e7cc877ab7c25efe9f00fb851730aa9f70d 4654708 wordpress_4.1.25+dfsg.orig.tar.xz 29c72f77f65eb48ed669786fe904ce4b66448f6582c387473e99cabc4d12 6001556 wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz 9d6e0ff1f6569e910bf4128462adfeb57426f0abff6feac94e5658966000b884 3071998 wordpress_4.1.25+dfsg-1+deb8u1_all.deb d31852b3652cbf1f56884caa51ddb44ad4a6863da75e976808c88f0a3af92ab9 4247354 wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb f99a316ab5965b741db6c524fcbf84fb5c840c2a54f22a7254985314296a11ba 505168 wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb 167bd69ba279f0e9b5ab5f8943c3109d8701c8086cea46b0158d95c634ae06d4 804258 wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb e2a9e0ddaddb79e2381c099348744aad718f52da263382d9645b094b87d91eee 323604 wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb Files: d9bb7f64a9d8d8a6d7e8e46e8863faca 2719 web optional wordpress_4.1.25+dfsg-1+deb8u1.dsc 3108f8890179a86bd8b8af59a078b1f5 4654708 web optional wordpress_4.1.25+dfsg.orig.tar.xz 63016705a1b2f22cf3ab0c848c32ec59 6001556 web optional wordpress_4.1.25+dfsg-1+deb8u1.debian.tar.xz ca108c3419bc17ccce299e30aeb852d6 3071998 web optional wordpress_4.1.25+dfsg-1+deb8u1_all.deb 8199d83df897971e7a0e93c976b905b7 4247354 localization optional wordpress-l10n_4.1.25+dfsg-1+deb8u1_all.deb acb74bc9c967ae3eb87ed47b5ee09b13 505168 web optional wordpress-theme-twentyfifteen_4.1.25+dfsg-1+deb8u1_all.deb 34d620c8601de515905286cf7bbfa019 804258 web optional wordpress-theme-twentyfourteen_4.1.25+dfsg-1+deb8u1_all.deb dc4ebb93ba63f2264d4f6a50574fd0c9 323604 web optional wordpress-theme-twentythirteen_4.1.25+dfsg-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxh4U9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1
Accepted libthrift-java 0.9.1-2+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 06 Feb 2019 19:04:12 +0100 Source: libthrift-java Binary: libthrift-java Architecture: source all Version: 0.9.1-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Markus Koschany Description: libthrift-java - Java language support for Thrift Changes: libthrift-java (0.9.1-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1320: It was discovered that it was possible to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. Checksums-Sha1: 86cb9a53aed68d11d7ccd6ba33305bcaa708874b 2321 libthrift-java_0.9.1-2+deb8u1.dsc 986c7879e16cf1968e62073473667eeed8b69c45 132137 libthrift-java_0.9.1.orig.tar.gz 2448d87c6645a3f280691d4411336982394608ec 3260 libthrift-java_0.9.1-2+deb8u1.debian.tar.xz 735d0f8d3f496e7c6419c5f649a8d03f3e1966e9 323264 libthrift-java_0.9.1-2+deb8u1_all.deb Checksums-Sha256: ca16c2d7e66eb57db13092ca12b8aa516e0c2977106d682170634b3d5fd805ae 2321 libthrift-java_0.9.1-2+deb8u1.dsc 8cb6af03b29e6b3ba5bcd06a6cf7681222c1e606fbae2e3ae617e06710cd7998 132137 libthrift-java_0.9.1.orig.tar.gz 3bcd7bae90b7d03be4fa237fdfd0e81f749484b071019d12add212882dba90ed 3260 libthrift-java_0.9.1-2+deb8u1.debian.tar.xz 7de1d653dc319d82facb4e9b510de6bc6b28c1c1844cd44e010341c1f97247a4 323264 libthrift-java_0.9.1-2+deb8u1_all.deb Files: 5ca0815d4904d4b599f31fc8c42a3fa6 2321 java extra libthrift-java_0.9.1-2+deb8u1.dsc b8140af7eaa842551c2476706a66aeed 132137 java extra libthrift-java_0.9.1.orig.tar.gz 44635ab401160b4c4703fe8ea8728013 3260 java extra libthrift-java_0.9.1-2+deb8u1.debian.tar.xz f1c8fa9c0ac2775f8f12c37672a600b5 323264 java extra libthrift-java_0.9.1-2+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxbKuVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk6PMP/1X2DrTBwTNFAYdITJp5X38HdAQUFjKP3fYN xGYdXffuObuwDBt5xLhti0NkPjpXUV5x5UpsENHbfitLmad3caBfzfq9Qr7VT7pD eDvAJAd3W1GXDMPADd/5GJTYaylwFLwM3wlMklMa6Z6E8XDj78AJaMz2BTetWt0Q cVgdz5/tVvRxSxfi47p5A/Zdr2pyobX4ujn+d54yQ2jk5+BVOwUKllvWZaicQ2p+ Qw6D8WH7LHuAriAvIr3CrwA6D9Hssc0TizrRYey77QADtQATmEO5Do456Mb8KENb ZRyyun9G+ujCBZvtnkJWb/GaS6BRX+jeCZO18mz4MUJ0NPJ9l3zwCgXDcssfR+hi 2PfosVIy1tRzPw0zhc3ZUpvWkrz0Ku+RL0IjCgahqMz4KCjngAfiQvvCvqCgClKc OL0Novn7M6Kn+UPpnf5sjrRHZEafx0SpjTLzoJEVclMTKCceFuy0aNXON/oR3zLw DdLM0eAwPZmaup0NQpEYKa3DC4tqNuiPWF8YQGM+whc02e/9xRR52r1Q0eDk/gBq v4tRi25KYx69e/fPT29dZuuvg0fJNXbMgUfMbNl3c7K3mEB//VC73IParu9Ua9UJ 61T0cLJYjuw864J5NZC2C1v+khp+giJxabZp9r6njilHOB5KuKK6ZkN+P7hSvPys lAV7IKbF =Mpwz -END PGP SIGNATURE-
Accepted exactimage 0.8.9-7+deb8u3 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2019 11:32:48 +0100 Source: exactimage Binary: exactimage edisplay exactimage-dbg libexactimage-perl php5-exactimage python-exactimage Architecture: source amd64 Version: 0.8.9-7+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Sven Eckelmann Changed-By: Markus Koschany Description: edisplay - fast image manipulation programs (image viewer) exactimage - fast image manipulation programs exactimage-dbg - fast image manipulation library (debug symbols) libexactimage-perl - fast image manipulation library (Perl bindings) php5-exactimage - fast image manipulation library (PHP bindings) python-exactimage - fast image manipulation library (Python bindings) Changes: exactimage (0.8.9-7+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Rebuild against agg 2.5+dfsg1-9+deb8u1 to fix CVE-2019-6245. Checksums-Sha1: 886c19e1501de4f634d44515b0a4bc191d114ac8 2714 exactimage_0.8.9-7+deb8u3.dsc d5cb671386d4ca8203f68f6caf01199b05467032 334305 exactimage_0.8.9.orig.tar.gz d9c9ed5cb72c9ec6684a5a1fd7a5690a932b7d72 32012 exactimage_0.8.9-7+deb8u3.debian.tar.xz 0d9b92d7f53b3737f0b82674639b4332cc53db7e 1003906 exactimage_0.8.9-7+deb8u3_amd64.deb b1e1c926e106e6df2ace2123b985325d03927d01 325114 edisplay_0.8.9-7+deb8u3_amd64.deb 58370c8065d5bb81a159725b35ebe642f8eed42c 11915944 exactimage-dbg_0.8.9-7+deb8u3_amd64.deb f86dbced0897b9c622516dee72cde8dac2017138 612060 libexactimage-perl_0.8.9-7+deb8u3_amd64.deb 94cab619d7d9d3c228017543ad0132cfea663594 591202 php5-exactimage_0.8.9-7+deb8u3_amd64.deb 1f699e6725a6c4a3a6471e24d0e5fea6f3f1da16 601510 python-exactimage_0.8.9-7+deb8u3_amd64.deb Checksums-Sha256: 8c1354d141e50775dd011b85778f42646891356524b6817aefa95614574e1e21 2714 exactimage_0.8.9-7+deb8u3.dsc d2ac52a7fc3057bad5ad6cd8a9f084362da5b6f340ac3714cb5fd6162dbd2a7d 334305 exactimage_0.8.9.orig.tar.gz 99812707c0c2f8235dba38e20d5232307c69a64760c518aee71e617615079bc2 32012 exactimage_0.8.9-7+deb8u3.debian.tar.xz eb6c42ebaf5b3f7fbd48513e66eb6d4e32ebaae9f9207796d84c896fefb6cc38 1003906 exactimage_0.8.9-7+deb8u3_amd64.deb 3b399ed3f862a64dfc0409cb02666fcf84d4ce6542b1517884f3437166ea605f 325114 edisplay_0.8.9-7+deb8u3_amd64.deb 8480880505c201a6657fca441325f5b6b3346e077eb79a5593954ce8521ffa91 11915944 exactimage-dbg_0.8.9-7+deb8u3_amd64.deb 0799116244782d2fc86e1f51a761f4a7f8c836baf010507d9e3a6de7e6b7da2d 612060 libexactimage-perl_0.8.9-7+deb8u3_amd64.deb f94fc4e9eaf07883be2cb4c9e9cdf8ed44a3116d60eb0f0c3fcb15cae901e5fc 591202 php5-exactimage_0.8.9-7+deb8u3_amd64.deb 409c6ba15f52c08a3f8e9290f6189e3901761e37809d6a3ec50cc8cbef5bb27f 601510 python-exactimage_0.8.9-7+deb8u3_amd64.deb Files: 7e325c5631156c12ddda0e4bc4465718 2714 graphics optional exactimage_0.8.9-7+deb8u3.dsc 56d297cbaa9fb0755714316bf420b1bf 334305 graphics optional exactimage_0.8.9.orig.tar.gz 6c6f46b49f9002ff14c835bf8b5e56dc 32012 graphics optional exactimage_0.8.9-7+deb8u3.debian.tar.xz d527ea5e80c62ae0cf6dbb7de38aff04 1003906 graphics optional exactimage_0.8.9-7+deb8u3_amd64.deb 6eb347095e43b0aeeed7ffa1b73f6eff 325114 graphics optional edisplay_0.8.9-7+deb8u3_amd64.deb 8c805e43b6037b12d7b42138c6120744 11915944 debug extra exactimage-dbg_0.8.9-7+deb8u3_amd64.deb 12610688ac50ea20e044f4043406a166 612060 perl optional libexactimage-perl_0.8.9-7+deb8u3_amd64.deb 98221e8e86b8e60a8ec1afb5699ebace 591202 php optional php5-exactimage_0.8.9-7+deb8u3_amd64.deb c4a3f47141bc7bb2ba2e8463415bcebe 601510 python optional python-exactimage_0.8.9-7+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxUIxJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkI6cP/0SSaI2pryAn5NIXjdnKstMgzrLYGdbdrIts iiq/rZz1gXB9ncd7Aoe6yorMGIC5ldp3LvAsQ8mjxTbQ6PKEdZGQeMZxVm4QX9xQ yK4eZnlA6OhZJTojDiQ/VHCFN1q/WmFjI8GuKsjFnPLmxOmKIDAeKTjtCqI270q2 IPP6DqneXo+RZcPmJ6tunu5A6eyVBhH76BP1bEbSVclrexrTsxllJ4RmXsr59dOy Qs8DCefgI1kYAuJ2NSQhq/bb7jJ5dlvrwxf+dWTcDbffgWQD2Qnp7FqQ7k5tsbRH pZ6B2Y+fIgaW4jZUVuOj/wwbKPt8MJw9WjnvZmAnn+ykCg31jf/MW69QcDjCu8MX q/QL75rVXzydJdeF0TMJCPXfCE6QWiA7p+aeNesuj+qisOBAeGXlg0hp4r79m31H FA1B7bi/JSKIbK6nfsHnbUL0PQCLdLmo5bVEoGwg+FK3bK8S2eFVRS6DO1+e0EQG k2TJVfZonOLUAFksDZJjJlCX2m4ewzOaaw4qc6KREAhXCS3SDzry+FUnaDGvbVJR wItmaxuIhRKyW77WDZPER2G98YeaCnU21+Gt3d/i1jYFSa+cxS7LM04BhLYXZ14r LOl8uXP67eTy25gmLnIgkbfgKehJLiYjfU4VhybVELfrYILiyQeIL3lEfzOeWHZx 2qP316Uy =U0/E -END PGP SIGNATURE-
Accepted agg 2.5+dfsg1-9+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2019 10:55:37 +0100 Source: agg Binary: libagg-dev Architecture: source amd64 Version: 2.5+dfsg1-9+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Andrea Veri Changed-By: Markus Koschany Description: libagg-dev - AntiGrain Geometry graphical toolkit (development files) Changes: agg (2.5+dfsg1-9+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-6245: A stack overflow vulnerability was discovered in AGG, the AntiGrain Geometry graphical toolkit, that may lead to code execution if a malformed file is processed. Checksums-Sha1: b15d4150c3065124ab00f6e839f98c688f6222b7 1961 agg_2.5+dfsg1-9+deb8u1.dsc 484d78dd65a489bf1131abf4838dca1d652d2db4 528968 agg_2.5+dfsg1.orig.tar.gz 048a70b0b2a0ead68612eecbf439017b44d4 7096 agg_2.5+dfsg1-9+deb8u1.debian.tar.xz ed554a6396dc09c16be07a365ff19c7da7914f05 287982 libagg-dev_2.5+dfsg1-9+deb8u1_amd64.deb Checksums-Sha256: 5d6446b684eeea49a26a9ca58c43ce10e2d35e232ec222a96889e4a2e5e0c7c9 1961 agg_2.5+dfsg1-9+deb8u1.dsc 85490909fba93bae78d384adb8e7ec742996f33d25486ea0b28a8713fb90a31f 528968 agg_2.5+dfsg1.orig.tar.gz 4ebce7d1cd97d0d8088a15d2301c4a0f789a0ff285f8289e8e68b619daba776a 7096 agg_2.5+dfsg1-9+deb8u1.debian.tar.xz 090e05f0561d122370443088771062c21121dfb6e7a450b856cd1d6236236d48 287982 libagg-dev_2.5+dfsg1-9+deb8u1_amd64.deb Files: fd16ebf2ea2dbb57a06a467ee6e69bbf 1961 libs optional agg_2.5+dfsg1-9+deb8u1.dsc b6dc8d86367f89ba5a6ca0c01716c5f3 528968 libs optional agg_2.5+dfsg1.orig.tar.gz 7fdd74e0dbf9e1501dfc4da98cde6289 7096 libs optional agg_2.5+dfsg1-9+deb8u1.debian.tar.xz 3e0a9336e0bd46eb75e35f395f287f6b 287982 libdevel optional libagg-dev_2.5+dfsg1-9+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxUHJ9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkMg4P/1KsByT1h3OlZCIWaOi78hx4avKVQasIqIlk N91Ve6g+1XEEqgO1AxfVB53boOnBjX4jSIJWoMxHaCREhArvO+iSbxU9absjL4KV uCG8rAa6/aIue0AVfL/KE5F2LSTXEONw5NF0d0NoaEGs14t3oZJ50g0S8AtYpwkm LfJ30tV7OGAjrEWYmVSe1sR4jbNvjJq8V8wsZRS4odJm1WCnyOZODhgTztAv9dm1 ACl0UqUim/m3GaJhNUVliJPLb66ZAsa3K+ciyaqrcwURapc+aXNFEDD8Icvg+INp cBkw10XazBT/+3hKDTLBDY4oa3/xVG5MPX5rnk1AVr256+nFkYyf14uxLAULfE+/ 7jkvcALgFbpmhdPACTXq6nC37wDAlTcEzwgC1oSby6BrzXcPvFz5Jjje6WqlaUiv 6ju4vWhnUlLXCwUaPtG7OEXF9DyxRwfcmAL0UytFLn1NzbQa+a6yjSSSOzVr9feK sGDaQHPDxSHMVlmMOqvydyVBWcEblvwv3NK0UUt2RRwsc7bkXGLvbdExRCsSSbjN 2s3xgDhdIMBzpY0P9bvquBX1PiBH62jKmzSuP1ffrwn9qeYViSee34NHs8M9jBoF bgLza4Gn2RbH9D/6nLW9GMmLyQrLW9lgAon3vrfVOuaR6bYjd/GQRa4llOTSUxTI EW1HXxlL =nXwF -END PGP SIGNATURE-
Accepted desmume 0.9.10-2+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Feb 2019 11:24:38 +0100 Source: desmume Binary: desmume Architecture: source amd64 Version: 0.9.10-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Games Team Changed-By: Markus Koschany Description: desmume- Nintendo DS emulator Changes: desmume (0.9.10-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Rebuild against agg 2.5+dfsg1-9+deb8u1 to fix CVE-2019-6245. Checksums-Sha1: 5a56eb19b2fe6c0cdfcdd79c0974370b25c3e4f4 2265 desmume_0.9.10-2+deb8u1.dsc b59ba03f0e74b0da2522ac25316e8a75ef1bb361 4141586 desmume_0.9.10.orig.tar.gz 15cbf881cc4b43512e695eb8da5c5f59f6309778 11608 desmume_0.9.10-2+deb8u1.diff.gz 715789db287084ed44f7a1302d36920f059ef086 1258750 desmume_0.9.10-2+deb8u1_amd64.deb Checksums-Sha256: 4f92e2db337afe39f720f03c4044718b8833522924c63e7951d5cad57d4fe593 2265 desmume_0.9.10-2+deb8u1.dsc 8900a7a1fc849fdd33b014748dd97a6cda4c32548b8d2e06511e6ed8d5ba7445 4141586 desmume_0.9.10.orig.tar.gz f7671d959db7a7c782a7a59b3d2d4d521be9e1ffd9975ef7ed7bc338c9a65d9b 11608 desmume_0.9.10-2+deb8u1.diff.gz 0e5387918ad65eeab20d2a4df2df679a79a1ca7cfdb3f93a59a32643b2763883 1258750 desmume_0.9.10-2+deb8u1_amd64.deb Files: 3ae95e7a0f35e6a94fcae608c2373889 2265 games extra desmume_0.9.10-2+deb8u1.dsc a6aedfe5d6437d481aa9ac5fb5aebbea 4141586 games extra desmume_0.9.10.orig.tar.gz 5b2b83e8e2553a1aa31a18b434d8f676 11608 games extra desmume_0.9.10-2+deb8u1.diff.gz 59bf69263e7a215a19dcaac9e55162d4 1258750 games extra desmume_0.9.10-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxUH+dfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HksDoQAIJ/yGPm7RBYMeykTfUCVGrxp/bNSnSEJg5d rWpRpBBSc9mmrZ2KTmUcU6ciU1rh/AHvEzq31oBChnzQ1xqus0r6JuQ7EqEFDnPy 0axzRvcrc3xNFeRqr7v7oD4lFOXjv6fIGF17fdMIlcdwWJO47wtJjDf/eBkcNDeu AceI3D1dsexIJXEgG79vUlIPPVik8/0hikIpPXGice0WlRlOjpnUqAKQVEzpivxS ik7Ge7ebsnjuB/RzNKizyUcSmLgdgdH4FfP07xUOm7PpETWPNODMK1Wnix4jsoAq W3FJIzWXIzrO7cpxblRsWbDupz4FE7RPchH0TMGQ1G8vL0KnDEBFrc5HfNlC400R 0l4e9+0dFgIWneiDaJZVhekLWo67IOaxIUo4G1hPsuOk0ARFnfS7IkZ7Hqffql4w yHQMi7a0g60Ng6Dx5hOCQGkk59kVkKhEmQLnvPd+Vu9Sf7bUqss1QgUF7byucqJU Z6+Wjwr3hAmbs4MfskYbu0br3nNyk8cI8w45Zd27RQ8634IsqKC9Qdh/l0CrhM5r 6c1pXWdlb+wQBBLFWG+eMibgL8fFhJBesIGLiG7bDbWcbIfZAvY06ZFMdwuTudIR pF0KdNXneFqARCOps49zSwqoAxzmcH6wcb9XNvomqHYpEBuiIvupjVCXQB/5QrHI MyyLCMNc =qoFa -END PGP SIGNATURE-
Accepted rssh 2.3.4-4+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 30 Jan 2019 18:34:46 +0100 Source: rssh Binary: rssh Architecture: source amd64 Version: 2.3.4-4+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Russ Allbery Changed-By: Markus Koschany Description: rssh - Restricted shell allowing scp, sftp, cvs, svn, rsync or rdist Changes: rssh (2.3.4-4+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Backport security fixes prepared by Debian's maintainer of rssh. * Validate the allowed scp command line and only permit the flags used in server mode and only a single argument, to attempt to prevent use of ssh options to run arbitrary code on the server. This will break scp -3 to a system running rssh, which seems like an acceptable loss. (CVE-2019-118) * Tighten validation of the rsync command line to require --server be the first argument, which should prevent initiation of an outbound rsync command from the server, which in turn might allow execution of arbitrary code via ssh configuration similar to scp. * Add validation of the server command line after chroot when chroot is enabled. Prior to this change, dangerous argument filtering was not done when chroot was configured, allowing remote code execution inside the chroot in some configurations via the previous two bugs and via the mechanisms in CVE-2012-2251 and CVE-2012-2252. * Document that the cvs server-side dangerous option filtering is probably insufficient and should not be considered secure. Checksums-Sha1: 7aad9051e9d88dbc0d5aa6c651c3d53f071dfb6e 1986 rssh_2.3.4-4+deb8u1.dsc e13ae1fdce4b0c89ef70f4695689139c8409e2e8 113315 rssh_2.3.4.orig.tar.gz fd776aae14e97b865c122b9ada6b73be5a3a2f3e 28864 rssh_2.3.4-4+deb8u1.debian.tar.xz 6de2d548b31d39032d9e705f39671c2e4c4a4d6f 55404 rssh_2.3.4-4+deb8u1_amd64.deb Checksums-Sha256: 2df136db1ad2d6b944e90becd74e215038558e67060fedab902d65bf212c65ae 1986 rssh_2.3.4-4+deb8u1.dsc f30c6a760918a0ed39cf9e49a49a76cb309d7ef1c25a66e77a41e2b1d0b40cd9 113315 rssh_2.3.4.orig.tar.gz 61c5fcea70f4aa48d6e5029db9de939489c596bcbeb40ad5d53c4f75f76fcef9 28864 rssh_2.3.4-4+deb8u1.debian.tar.xz 7c49a550f3f9411f2c1624e52948d093915a24b281bc58de0ddc957d9ec13e77 55404 rssh_2.3.4-4+deb8u1_amd64.deb Files: 5eb930c8d20b839badeaa021386e22df 1986 net optional rssh_2.3.4-4+deb8u1.dsc 5211f5fe206704f813a3cec61f487042 113315 net optional rssh_2.3.4.orig.tar.gz 0c6371b846d07c2c1be5504a55917748 28864 net optional rssh_2.3.4-4+deb8u1.debian.tar.xz fbf5e413c2c9afbf073f6bce562bf96e 55404 net optional rssh_2.3.4-4+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxR6RFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkrRkP/1mkeY76oteP9FOhgySeET+4Mh+4ZR3YR3oP qk/cE5yuJCekRDwmvbZ1qhU0e2XEMM63KaNY6KAjR/sm8ybLAVdVDvEePeu7EfUz 790CuYiQna404EusbHIh/Sh2CZqLJjuq2NPoD3r0XyDKg8lHKb3XrExBItUK1UsB DnziLPn5g7zIYGMBe4LbhV2nMXVVO3VFa5rJLhk5NyUTVVOVBwIStQqHF8uqP1yG 4nWZwPyHypw01uEa/DNjale7gvh7wag3pva/YmPwz5os6zdvx6YXvqJkWIaAy1gj lRhu7q/c5wrKqDFF394Dv9S+GTFYUUG8u90SRY7bc8/I4wuVA7dFzV0JoZnI9X7R QjWf7Gzx73coCXnHimW7CGkv5aLOBoUkmL2tXL8EhxOGx5j1KNxqpB+DMFrD/9+Y 2kEWatNUy5tuQRUYt9GJB0uEXqTwAy63EUoiebKAKRrEL40/dZlLF6N0orf/QmX8 +bB9yvyuoFb0I9085/Ka+O3h9Twn/wbjNesEG4OZ3a6HG9vEL7ujUzSJYX/0Wlvo 2O4pbXG8+Wy+vVEfXD5l04+hFkxeJqRsFOYVot3R4lT8RolhPZnfw95GMHtohZHf nW0rwiouSGLwjxuMiYouAktPeeDb8LGUQuG24x2LkKojQyQTk1n3VQ+0TjpvsfQh v53EPFgF =TcwR -END PGP SIGNATURE-
Accepted sqlite3 3.8.7.1-1+deb8u4 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 11 Jan 2019 14:43:33 +0100 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: source all amd64 Version: 3.8.7.1-1+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Markus Koschany Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-0-dbg - SQLite 3 debugging symbols libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3- Command line interface for SQLite 3 sqlite3-doc - SQLite 3 documentation Changes: sqlite3 (3.8.7.1-1+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2018-8740: Databases whose schema is corrupted using a CREATE TABLE AS statement could cause a NULL pointer dereference. * CVE-2017-2520: The sqlite3_value_text() interface returned a buffer that was not large enough to hold the complete string plus zero terminator when the input was a zeroblob. This could lead to arbitrary code execution or a denial-of-service. * CVE-2017-2519: Insufficient size of the reference count on Table objects could lead to a denial-of-service or arbitrary code execution. * CVE-2017-2518: A use-after-free bug in the query optimizer may cause a buffer overflow and application crash via a crafted SQL statement. * CVE-2017-10989: SQLite mishandles undersized RTree blobs in a crafted database leading to a heap-based buffer over-read or possibly unspecified other impact. Checksums-Sha1: 15561e93aa6ae920b255d9caba0d94aee2428cb9 2705 sqlite3_3.8.7.1-1+deb8u4.dsc 8f7bc583cfcaa92ffed570dfd47b1689394c45b9 24436 sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz 5f2499c7a696b8b13571af32858413b3b47c9dad 2986650 sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 55926feaa86c46900a2781aec6b7ef9070b83c33 117638 lemon_3.8.7.1-1+deb8u4_amd64.deb f1c1d3402b9680c4d51576ad398a50dedabfa2ff 102012 sqlite3_3.8.7.1-1+deb8u4_amd64.deb 37755fd52c990af2c31a5e5af0311c331c529e78 1008816 libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb 21a302e183141672b929082f34968f59a9b12f74 438656 libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb 33b45138ccec4f1c39f86ff7a30860afef24759b 538268 libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb 61fa4eeb62c2cc46f5055b27f6615b5479de267c 88032 libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb Checksums-Sha256: e4b52b1144ea546f92e1f7e7239b1f45a6ff83732bd03d5b549ab953274ee293 2705 sqlite3_3.8.7.1-1+deb8u4.dsc 8d9be049e9abe6221b39f84d564ff310ecbbd328bd5876b672f8294e55ba1953 24436 sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz b3ae3921ac56bcde6ecefbffdf0c7234af91b61311c7e6caad72a76c42eff16a 2986650 sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 832f24cb25c017bf19a713a403c57d1c6b3e3a2f4c838f521d313f18bf1abcbb 117638 lemon_3.8.7.1-1+deb8u4_amd64.deb 55bd1f23d7d027d25e0327ae034722eed6b2a990cc8c939ef56d6abffe0964f8 102012 sqlite3_3.8.7.1-1+deb8u4_amd64.deb c7dafd3a4eeae89adb9324e753f154266ec5a7053f4967f3e7be912e4bf5f487 1008816 libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb c55fc11aac51c1d3e878ffd61d371962687dd9031100e5f7c9a5c2a964d0a7d4 438656 libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb c7bc076b5d625005ae225c0502bcc5171d3560233c05a07c862586d76f8c663e 538268 libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb 64e4beca7105b2d7d3e232d4f88dbec8e6a9c30d462b44e605835a75ed8e807e 88032 libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb Files: c6c1abeb166147a5b481e540059bea4b 2705 devel optional sqlite3_3.8.7.1-1+deb8u4.dsc afb81df01b10c8e0c8d7a602e89093b6 24436 devel optional sqlite3_3.8.7.1-1+deb8u4.debian.tar.xz c6a65fdf25638c12ff2bffc260ad0f87 2986650 doc optional sqlite3-doc_3.8.7.1-1+deb8u4_all.deb 6849e2e9b6f0aa7d8648886018199d95 117638 devel optional lemon_3.8.7.1-1+deb8u4_amd64.deb c47ee00da961b6498c6e315c8339f3a3 102012 database optional sqlite3_3.8.7.1-1+deb8u4_amd64.deb 0c8d5848098648c5a31e8e45fdbaaee3 1008816 debug extra libsqlite3-0-dbg_3.8.7.1-1+deb8u4_amd64.deb 952400feabcbbcb9355fd9c8c58e8cac 438656 libs standard libsqlite3-0_3.8.7.1-1+deb8u4_amd64.deb 840d75f3a4eb859e58fa8c19f64bd371 538268 libdevel optional libsqlite3-dev_3.8.7.1-1+deb8u4_amd64.deb ef3d7118635dc9f0059cbf707ad5d479 88032 interpreters optional libsqlite3-tcl_3.8.7.1-1+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlw4spxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk2tUQAMnr4mplRNmGI1p4r8W6+bkZHKDPYNNn8SYz CvO5OCuJwYGXZmQuI/mCG/G9O89WZQcylbfPnk1MCbn9yjvDnt2vvChh0NW3a9+f rbsaUYIwwGdm+6kKKvkfYIomyUI0NrOr9yDOe+G9jY5umBQG2Xzz/i+BCWQ4lcnZ UZfDnn+AM5/p04nGfsmq0SDxBdqyWUiI/fvNByQXCxx58zhCCsH1GRhuXpkgn/kA gFbp9R0m+C6QXPk8JOCWDELBSovjWppJ0BcrnOuF2BYD4vNWoMz+9INlVuRQHHXu VI5SAL0M6lzUBqKNJUO2fdnO0IuUqqwnvVNJx1zY8sr6NO6bFFRRYeBpg9YrM/m0
Accepted libcaca 0.99.beta19-2+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 09 Jan 2019 22:44:10 +0100 Source: libcaca Binary: libcaca-dev libcaca0 caca-utils Architecture: source amd64 Version: 0.99.beta19-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Sam Hocevar Changed-By: Markus Koschany Description: caca-utils - text mode graphics utilities libcaca-dev - development files for libcaca libcaca0 - colour ASCII art library Changes: libcaca (0.99.beta19-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-20544, CVE-2018-20546, CVE-2018-20547 and CVE-2018-20549. Several vulnerabilities were discovered in libcaca, a graphics library that outputs text: integer overflows, floating point exceptions or invalid memory reads may lead to a denial-of-service (application crash) if a malformed image file is processed. Checksums-Sha1: 04ca053f80a26c268d60794ee11ba8de22573959 2347 libcaca_0.99.beta19-2+deb8u1.dsc ed138f3717648692113145b99a80511178548010 1203495 libcaca_0.99.beta19.orig.tar.gz 9908338aea83ed5c02c3ebac1d90981139137915 12316 libcaca_0.99.beta19-2+deb8u1.debian.tar.xz 4dc3819d05762cb83abe0b542f57c2e5cae404c5 840292 libcaca-dev_0.99.beta19-2+deb8u1_amd64.deb 9dedce5b1f586796da1b7c296f186b584a1869dc 347122 libcaca0_0.99.beta19-2+deb8u1_amd64.deb 92d1a72e2b07b1dba77e3d77b3056951467d5240 196188 caca-utils_0.99.beta19-2+deb8u1_amd64.deb Checksums-Sha256: ef39d175eba4bb060f79a3223be361ab84c9917275014bddff54e68626aebf73 2347 libcaca_0.99.beta19-2+deb8u1.dsc 128b467c4ed03264c187405172a4e83049342cc8cc2f655f53a2d0ee9d3772f4 1203495 libcaca_0.99.beta19.orig.tar.gz 0980d7f8a56a1cf62f768e6c5315adc347ecebf9140090d0ee8459eb91721b86 12316 libcaca_0.99.beta19-2+deb8u1.debian.tar.xz fca9498d4ab2eff50e30873f05d7ec35b9327868e851d36247b57626f982715b 840292 libcaca-dev_0.99.beta19-2+deb8u1_amd64.deb 7bc84d81c1efbeb661f87618e3ce2396819cc48b3942b0c577c5a7260c6ed3b1 347122 libcaca0_0.99.beta19-2+deb8u1_amd64.deb b0ad8385c9e3cdbb76b803ce06fd10c9f8a687ecd1074878e851f8982cee1302 196188 caca-utils_0.99.beta19-2+deb8u1_amd64.deb Files: 191e2111450d95832416aac7181e41f4 2347 libs optional libcaca_0.99.beta19-2+deb8u1.dsc a3d4441cdef488099f4a92f4c6c1da00 1203495 libs optional libcaca_0.99.beta19.orig.tar.gz baced43ba814573d06a4ee6e46b70ebe 12316 libs optional libcaca_0.99.beta19-2+deb8u1.debian.tar.xz da07687afbe8575647f3b273fd60a15c 840292 libdevel optional libcaca-dev_0.99.beta19-2+deb8u1_amd64.deb 106acfc940e5af27499973cc958c9b8f 347122 libs optional libcaca0_0.99.beta19-2+deb8u1_amd64.deb bb185f5dcd7a496d5d784e5fcb4e6171 196188 utils optional caca-utils_0.99.beta19-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlw2batfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk8X0P/j64PNq0quTMy6ErDCSNDxNB0yYyibUxsIxd eCPnW2XUWmuOv8XgMC2bIAwQrOePqDgrZYx429p25J493xMPouWDFjT1FJ28+3oi 7jJQE/mlEk3UAAHOEma7SaNIdtRAA4ymvEu9DFpXr9Zzc9OOPmN6De6QTSYtHL5e pMLBwi+AqGpuv2dMSFSJMnO/7V3HDXjhVQJf+uhDBudphO0DTT/jf4p61s2YeLTw a1cOvq8yNCvk2qX8CDWLHIwl+PQ3zWOSg3ol3iv38g9dDL0C7d8medjtn3cydhTa 7nJ+q+UMlqQWuefNzcy5hINNDr6BJ7DeJ8cikIvCPBNYoz2Y6Vr4gKEx5ZjzRhkN 4djMJxlZByV5PrZULa1riDH3sCIW+/V0eJWOZ6WmBdQrydFy+nSZDXM0vU6axP/x 9cbDHWVlpeOG8LWYSIMkBFtfnu2D5MpCF28NlvhUJn2FoYu2Ayx3eYg6B0UloWzj tASlkjRe18gRe3b+EWlZ1OJPaez65o4w3kKGoTdICLCwybF5qu9TwFQnKGMpEBM4 D+LuNLZv2AD0MtkY5zF5jPad7LO/2exhST8bts9gjOjByOlEXFj/x8H5QJagTYmK R0ygBn3oYVU9sS7EpiFQIXqf1EUU6sYspd+Jh3MDQzE6Vyv+eU28S6hnhBPIpplJ EpVUu5FL =/2/w -END PGP SIGNATURE-
Accepted libav 6:11.12-1~deb8u4 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 07 Jan 2019 19:45:12 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Markus Koschany Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. * CVE-2017-14056: a DoS in rl2_read_header() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. * CVE-2017-14057: a DoS in asf_read_marker() due to lack of an EOF (End of File) check might cause huge CPU and memory consumption. * CVE-2017-14170: a DoS in mxf_read_index_entry_array() due to lack of an EOF (End of File) check might cause huge CPU consumption. * CVE-2017-14171: a DoS in nsv_parse_NSVf_header() due to lack of an EOF (End of File) check might cause huge CPU consumption. * CVE-2017-14767: The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c mishandles empty sprop-parameter-sets values, which allows remote attackers to cause a denial of service (heap buffer overflow) or possibly have unspecified other impact via a crafted sdp file. * CVE-2017-15672: The read_header function in libavcodec/ffv1dec.c allows remote attackers to have unspecified impact via a crafted MP4 file, which triggers an out-of-bounds read. * CVE-2017-17130: The ff_free_picture_tables function in libavcodec/mpegpicture.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to vc1_decode_i_blocks_adv. * CVE-2017-9993: Libav does not properly restrict HTTP Live Streaming filename extensions and demuxer names, which allows attackers to read arbitrary files via crafted playlist data. * CVE-2017-9994: libavcodec/webp.c in Libav before does not ensure that pix_fmt is set, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the vp8_decode_mb_row_no_filter and pred8x8_128_dc_8_c functions. * CVE-2018-14394: libavformat/movenc.c in Libav allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file. * CVE-2018-1999010: Libav contains multiple out of array access vulnerabilities in the mms protocol that can result in attackers accessing out of bound data. * CVE-2018-6621: The decode_frame function in libavcodec/utvideodec.c in Libav allows remote attackers to cause a denial of service (out of array read) via a crafted AVI file. * CVE-2018-7557: The decode_init function in libavcodec/utvideodec.c in Libav allows remote attackers to cause a denial of service (Out of array read) via an AVI file with crafted dimensions within chroma subsampling data. Checksums-Sha1: d0be3dd86c0996f53638e4be5532f41d0f4d213d 4145 libav_11.12-1~deb8u4.dsc 603425013a3ebf3173a2d9d8969e983e08c1f892 69220 libav_11.12-1~deb8u4.debian.tar.xz 05ac62b70f2bd6d55ea9c8cbca1f069717578a82 18571366 libav-doc_11.12-1~deb8u4_all.deb c721679119cedafcc6f86cae64e6cc683dff6836 66374 libavcodec-extra_11.12-1~deb8u4_all.deb cedc766605df2210bdd02342cc4c5836d9120dcd 474780 libav-tools_11.12-1~deb8u4_amd64.deb
Accepted jasper 1.900.1-debian1-2.4+deb8u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 02 Jan 2019 22:59:23 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.4+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge Changed-By: Markus Koschany Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-18873, CVE-2018-19139, CVE-2018-19539, CVE-2018-19540, CVE-2018-19541, CVE-2018-19542, CVE-2018-20570, CVE-2018-20584 and CVE-2018-20622. * Multiple issues were found in the JasPer JPEG-2000 library that could lead to a denial-of-service (application crash), memory leaks and potentially the execution of arbitrary code if a malformed image file is processed. Checksums-Sha1: 8c358e318ce7861a4c1edb702f5c910215926e8c 2120 jasper_1.900.1-debian1-2.4+deb8u5.dsc 0fdce78855994a340e9daf1ba52a40a46f8bbdc2 40220 jasper_1.900.1-debian1-2.4+deb8u5.debian.tar.xz ecc642ab2115172b751be28af5e16329cf92e873 135374 libjasper1_1.900.1-debian1-2.4+deb8u5_amd64.deb caffb0059b282eaee45fa9ebde273386ee53febc 525636 libjasper-dev_1.900.1-debian1-2.4+deb8u5_amd64.deb aff483e29b546f95edfb5e20b83a8909e457c9fd 23776 libjasper-runtime_1.900.1-debian1-2.4+deb8u5_amd64.deb Checksums-Sha256: 5977b748da5ced64de8abcf0b31efc015ed4fdb626266c98207873a634397ebc 2120 jasper_1.900.1-debian1-2.4+deb8u5.dsc 56f624ee083d13ae8a779266458023f82356a8cc114ce713d668755a3069438a 40220 jasper_1.900.1-debian1-2.4+deb8u5.debian.tar.xz 7a486c870df7fe0f7ced60399dd28cdaba749446fb2e0f895608f9360288efa3 135374 libjasper1_1.900.1-debian1-2.4+deb8u5_amd64.deb 07142f06bd6624232862b070aa7656efe56dabb060028a2999de9b65eb3e0d0f 525636 libjasper-dev_1.900.1-debian1-2.4+deb8u5_amd64.deb 11a2bc8015dbaa639815a10d8b201e2f179256ed6b9a9f400cd981bfed703f39 23776 libjasper-runtime_1.900.1-debian1-2.4+deb8u5_amd64.deb Files: f0d53c6641ec01c8b9dfb3ae605fce37 2120 graphics optional jasper_1.900.1-debian1-2.4+deb8u5.dsc 1d29e49e80a382b698cd04f7e6f7db58 40220 graphics optional jasper_1.900.1-debian1-2.4+deb8u5.debian.tar.xz 321e94ff89554353e91533cb2ac0f783 135374 libs optional libjasper1_1.900.1-debian1-2.4+deb8u5_amd64.deb 67fe2525521d7c94811f41d1fdc7e99c 525636 libdevel optional libjasper-dev_1.900.1-debian1-2.4+deb8u5_amd64.deb d00dea3a5309d4aaed43bf956a2f3658 23776 graphics optional libjasper-runtime_1.900.1-debian1-2.4+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwtNhxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRoAP/jz3raCvnt48ppN8em32Hog8Dao9XF4da1fN 3xgcpvfzxTScXiAWFJkNwF0YEA3b+pSazjUqd6XACgzr5fVIWqMBRt0plKKd5oHN v9JgC79nEw6T3gJS2G+/kYxWOBrH3YaugRLgHr1D1teHoXazi3apIk2oB8K+v8ir QwEh1JsJiCcg8Ku+qMSSgqKPbCvbQTszp+aloacc6NK9/gV8NUiArmQmSSCW1A45 qn5uGx2AIz9DMY3qpkdcg+KsYI0LUNKUeI2BK04zHiYE8vYCC8nosMbSW8RQRWmG l1BWzb3S2KA4k0HCLPNNAdiesocxM4OZyO6XM4w+sVmmZbJ7QtzsDEulTzee50P/ dlDKmO09pcEn+BXAYtCaP50bKLevn8Ed/Vmi6FXhBo+70RyOMZbbfgRW+ZfxmG65 yDmYMBEiuoral3YRilvWi5Yf1YCfaI/8h6/EI0GrO5EC2p6EXvnm1C2+Z06FZ2WZ mlWfYv+cHyackbHD6nVEQdWVFSm9glU2yeVstjXiIpPquvTBj8LnqApEyqUKdxp7 tp1LXs5DsHBuAHqloDmApYpdnCpO6w8jkbeVuDwDHUzmoyoQEMUBD/mIBe4o4daS Hb3+pNOXPBVboLZe/l+f5iYz0Yymo94Tr8bScZF6kAnhepZVolJlsp0c2F1q+4BD 2W11GwQl =sZEL -END PGP SIGNATURE-
Accepted c3p0 0.9.1.2-9+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 28 Dec 2018 18:41:05 +0100 Source: c3p0 Binary: libc3p0-java libc3p0-java-doc Architecture: source all Version: 0.9.1.2-9+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libc3p0-java - library for JDBC connection pooling libc3p0-java-doc - library for JDBC connection pooling (documentation) Closes: 917257 Changes: c3p0 (0.9.1.2-9+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2018-20433. A XML External Entity (XXE) vulnerability was discovered in c3p0 that may be used to resolve information outside of the intended sphere of control. (Closes: #917257) Checksums-Sha1: 17dc7a9cba3249f72749e681c59ff15f192c2d7e 2302 c3p0_0.9.1.2-9+deb8u1.dsc 95da49a025a38b1fc59ef98516d19a29a8a2e24d 322519 c3p0_0.9.1.2.orig.tar.gz 748b74b70f4bfec97c311771053952395d39307d 10608 c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 48a96f92158c3f720164e637ba393842f4010f02 590844 libc3p0-java_0.9.1.2-9+deb8u1_all.deb d672718cde73c146c6209666417541bcb8e14224 87060 libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb Checksums-Sha256: cb98bbd1d77474cc51a903e779d3fdd7816df9f1545acd74c570654a2ba50740 2302 c3p0_0.9.1.2-9+deb8u1.dsc c3652787589b62a0da07a40c2387c5b01089631211bfb666cc634610adc1bead 322519 c3p0_0.9.1.2.orig.tar.gz c0b0516801af58cda7fb0dd4ba99311913c54666877732691eac126b6121b936 10608 c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 3b3fba2eec6f40ced4a4d04f9a8ef23df1043f1addb1764e9fc5809823393e40 590844 libc3p0-java_0.9.1.2-9+deb8u1_all.deb af5723dc7acd1b606106ef3dccd52b3ac72e007f6134487769bf894fa5d2ee50 87060 libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb Files: c17aa819c361c70690ad384847fa4328 2302 java optional c3p0_0.9.1.2-9+deb8u1.dsc fb3241db43d41728895c66205de3aa78 322519 java optional c3p0_0.9.1.2.orig.tar.gz a330a2656ccd897911d07ad807d634df 10608 java optional c3p0_0.9.1.2-9+deb8u1.debian.tar.xz 211edcb017f978ca5a131e3001a9 590844 java optional libc3p0-java_0.9.1.2-9+deb8u1_all.deb 8b3b6f865ac658ff658a26ffd93b5f69 87060 doc optional libc3p0-java-doc_0.9.1.2-9+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwmaV5fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkV8MP/iIWr13pkjxj448dTNFJbVitj0RuEN2aKRzs F8RnRmLLbdzlxkL8SJtjBAnhoqGqqPecGyq7AmRvAa0gTkUWUnrNfEYrd/7kRL02 ynLYjlZR1LUW1mxjKVGxtCHoPSQSXxusOMzXPxDutlGaqeVOtht0RcJTW/uPyqEf MFtiVYZ2u9EQbTtUBvqaBGeSbJ+X8Tjz9tQYD9YuaIP4caBpIJpm1WjE+3/UfCVk 60HUzWQ199sHt2Ojxr/iKe6WOcO2nPaPQavot60fXWEl/hKhesAni3fHct8e5KzB p0wXHyAyiUq2QvAIieJ7L2q1s5DbFmx97s553IDJY2Ln3tJmb3SGAGdgxZrGEfi2 xTuZEjN4NtGSC08LigLlha6XZGTdyiQQSvOof1qO7pgNGhaGZY411J8zfo2mtVdG FkckrJrLvS+oR3nauBKgGObNIC5o73j1kyrdMc5lJwsa593h7/9R5eO+Z5kSueiV pEUi5dT1cseSrhsB48OlIuIP2Mq/0VWnXrOZogbgMkK34Vfg3xzltZfBAzRcbHHT zBxZxk4XO61kYRiUaR5N+W7FE1toVkunaNGMcBdh2HggFtHf2ujOGyzj4+A+UvVj +35AaWDrVl1QSrrZPJXMrSGyeixZI52tXCwjBOMAU7cJyoH5QtMO3aKehTjnDa5g 9nEho2ZA =rt0S -END PGP SIGNATURE-
Accepted libextractor 1:1.3-2+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Dec 2018 17:36:27 +0100 Source: libextractor Binary: libextractor3 libextractor-dbg libextractor-dev extract Architecture: source amd64 Version: 1:1.3-2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Bertrand Marc Changed-By: Markus Koschany Description: extract- displays meta-data from files of arbitrary type libextractor-dbg - extracts meta-data from files of arbitrary type (debug) libextractor-dev - extracts meta-data from files of arbitrary type (development) libextractor3 - extracts meta-data from files of arbitrary type (library) Changes: libextractor (1:1.3-2+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2018-20430: Fix out-of-bounds read vulnerability in common/convert.c * CVE-2018-20431: Fix NULL pointer dereference in OLE2 extractor. Checksums-Sha1: eb9c535709184c35c0be79230a121613a6723d99 2694 libextractor_1.3-2+deb8u4.dsc dc3bee56e0495e18313e811a2b11cf2c77512dfc 18000 libextractor_1.3-2+deb8u4.debian.tar.xz 8716194c3c53d4b639232367fe07aaee2385a370 113056 libextractor3_1.3-2+deb8u4_amd64.deb 1c72faa431d12c88c5f92af1eb38f4bfcc735922 450368 libextractor-dbg_1.3-2+deb8u4_amd64.deb e020c4375f31c76dc3a067b1c6a779c2fe1a7c6a 26060 libextractor-dev_1.3-2+deb8u4_amd64.deb 22997eaba38c1e7f610bfac66d55397e57f686e0 90500 extract_1.3-2+deb8u4_amd64.deb Checksums-Sha256: 77676f0e03f99f1f723b7b06a5aa673eecd77e24c1b9235e17f2221ee492d3c7 2694 libextractor_1.3-2+deb8u4.dsc e83fd2d3970538d4c2aff1398cca01f336c194a618563722098df25fc493d2de 18000 libextractor_1.3-2+deb8u4.debian.tar.xz 08067555d98db6095a8d2c5d4b9e45609ca5d13df46483cc1e240a0da24185d6 113056 libextractor3_1.3-2+deb8u4_amd64.deb 6f2cb43e6eadfba73609eafd3ad429c8919384d68738a8b941f21ecd43cc339a 450368 libextractor-dbg_1.3-2+deb8u4_amd64.deb fc7c5da30aa03189f988168f77986253a177da2fa1a61f9a743de9ec0235e800 26060 libextractor-dev_1.3-2+deb8u4_amd64.deb a3d6e76ad0e2e84eb7e9f75849b124f5ab34d11424f1293cbd1701f1bfa2df37 90500 extract_1.3-2+deb8u4_amd64.deb Files: fb66b95e2acad8d60691f0dbd73653c6 2694 libs optional libextractor_1.3-2+deb8u4.dsc 1c897268de32839f3f086c7fdd636d65 18000 libs optional libextractor_1.3-2+deb8u4.debian.tar.xz 32920d6fb83ba2190d7ddef967e67a62 113056 libs optional libextractor3_1.3-2+deb8u4_amd64.deb aba171deddc197578d42187a084291ea 450368 debug extra libextractor-dbg_1.3-2+deb8u4_amd64.deb 7be4e53dd916a3619bee47511f8a4706 26060 libdevel optional libextractor-dev_1.3-2+deb8u4_amd64.deb 64c90d49ddea603ed5f6b9461e309cec 90500 utils optional extract_1.3-2+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwhDy9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkIikQAK3nRSP15nOBwVLd/+xkTuHewxmuw9R44GGN 5zHuZLxVmNkORchrc2qVd+arSFTSqSzTk3Jsk4ko34P3Y+UTLBr/UnJXxlfD3/bJ BfUyqXY1mqN30weSwP51OFKP7N2N50SqeLJ01ibriaw74KiD4a+bkUl77X1noTHs M9XkoynrTGYyYc3ggL5hIeYglbrUdJfLE3YeDLE/2iNkMyjvu1xDbysdqPtXji4Y lWkFiqg7spSZfASiKcAwZLv5c9ERO/WSzqbma55+KhXyNWeomoX3fqXb3hXms/6A qnVk7kBrU+/81Di4ievT9rchlB8orz7q9g/o4l6UNBxDiM0pzpudOl8FKtbgfv/5 jyRIw3Okd/kTudt1tGxC5JGwhTtTEVK+pBKHWPe4h033THPPtQZquyKF7FbEGR36 MEPf4Qdo2UoVxRrWPnuLP7K8pzhAn5fBbNbC89V1tqC2qV9EcvbWGCbyzQXOzCCJ r+luSDYNqGW4DHHOCU6+V9PRFSNo9dG4KEYkUpD+4nTjGfiAfvFQ2B1+pF6KzAxw hAjwEiXzKQq999GY4N6iSJ2GqAIDEbv3l3AyS2f/iyx9vOjC8D1VTEiTFoO7x9vT OdQaWZNTTwhFeBcOHYTimKYdxREJBAJopwbgg9y41HpIqsmGjYWS+Z8r+XVI6dD3 a14Spgyj =hJnO -END PGP SIGNATURE-
Accepted nagios3 3.5.1.dfsg-2+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Dec 2018 16:23:03 +0100 Source: nagios3 Binary: nagios3-common nagios3-cgi nagios3 nagios3-core nagios3-doc nagios3-dbg Architecture: source amd64 all Version: 3.5.1.dfsg-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Nagios Maintainer Group Changed-By: Markus Koschany Description: nagios3- host/service/network monitoring and management system nagios3-cgi - cgi files for nagios3 nagios3-common - support files for nagios3 nagios3-core - host/service/network monitoring and management system core files nagios3-dbg - debugging symbols and debug stuff for nagios3 nagios3-doc - documentation for nagios3 Changes: nagios3 (3.5.1.dfsg-2+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: - CVE-2018-18245: Maximilian Boehner of usd AG found a cross-site scripting (XSS) vulnerability in Nagios Core. This vulnerability allows attackers to place malicious JavaScript code into the web frontend through manipulation of plugin output. In order to do this the attacker needs to be able to manipulate the output returned by nagios checks, e.g. by replacing a plugin on one of the monitored endpoints. Execution of the payload then requires that an authenticated user creates an alert summary report which contains the corresponding output. - CVE-2016-9566: It was discovered that local users with access to an account in the nagios group are able to gain root privileges via a symlink attack on the debug log file. - CVE-2014-1878: An issue was corrected that allowed remote attackers to cause a stack-based buffer overflow and subsequently a denial of service (segmentation fault) via a long message to cmd.cgi. - CVE-2013-7205 | CVE-2013-7108: A flaw was corrected in Nagios that could be exploited to cause a denial-of-service. This vulnerability is induced due to an off-by-one error within the process_cgivars() function, which can be exploited to cause an out-of-bounds read by sending a specially-crafted key value to the Nagios web UI. Checksums-Sha1: 61ba0c7b306aae180ff39d76abde485d846c10ed 2601 nagios3_3.5.1.dfsg-2+deb8u1.dsc 7edc71aee5a5073438c65a3023b78f2142ef577a 1729143 nagios3_3.5.1.dfsg.orig.tar.gz c3b7c713a6b45e8132fb0de4af1db8a64f33b2a1 73256 nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz 82b2e293078dc20cdc0b26e3edc14b7ef1dd6c8e 832778 nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb 1269c598ccf0aac1bcb0699e6b3c9be43ebc8ac9 1554 nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb 85911e61446918a53e96302def55426c62c395c5 236384 nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb cfaef853377402af5053f975a411e8a327e24647 1568748 nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb 9442e079fc428156a5e054605377003195e51008 77130 nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb 582d3785a68738a293d901fc8cc831f2d12d20b1 27918 nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb Checksums-Sha256: 09157f87a986e7113d44c7cb88b92317db111e1ad4d63b259712c114f0b293f7 2601 nagios3_3.5.1.dfsg-2+deb8u1.dsc ec27cb8b2047071cca4be22fcec6edb7a7fb0ac131173d978cb3103ce6a1062a 1729143 nagios3_3.5.1.dfsg.orig.tar.gz 7f37769c2fe2281784d3d517adb38c85791fbdba7e9b58f52a4a81333fad2111 73256 nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz fc311b22ada2a1bceb7fda0d7dd35aee85db6b34167d3598c8b263f77c78420b 832778 nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb 927d2c9679aadcca64926284247f5df7a52e0b6e792be5265e24f147f907ee44 1554 nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb b8b1985b3c835626bc37a6c1488b2155d325d08b4569e78fdb5d354a3a645d9d 236384 nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb 87fb74e28d2daab3120322d486fa6a62e019941b511f5c2e1d84cca41cc4fc4f 1568748 nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb a4e261a6b110ff8cc683fc93dd5feb5980b75796aea47028869804e2a1bc8366 77130 nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb 47c2038fdd44e47edff0a166b96f2145633fc71bc082d0677ad3e962f723e9cb 27918 nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb Files: 968710c4f81f0ce0522dd4d4d93bb357 2601 net optional nagios3_3.5.1.dfsg-2+deb8u1.dsc 0ef4eb603ad991ac9bb6686d83e3cbb9 1729143 net optional nagios3_3.5.1.dfsg.orig.tar.gz ee2c741122e8f31f53547445ddcc0a69 73256 net optional nagios3_3.5.1.dfsg-2+deb8u1.debian.tar.xz 04d68bc7ebbcd65d63f1838cc1429cf5 832778 net optional nagios3-cgi_3.5.1.dfsg-2+deb8u1_amd64.deb 89e1e16e3701e397cd42c318665c838c 1554 net optional nagios3_3.5.1.dfsg-2+deb8u1_amd64.deb 34e40eefb2a38eba889ca3cb6f469d5a 236384 net optional nagios3-core_3.5.1.dfsg-2+deb8u1_amd64.deb 565c34763ed68a9e11ef8d904ef905bd 1568748 debug extra nagios3-dbg_3.5.1.dfsg-2+deb8u1_amd64.deb ddb8432394cb06766dd7a96712272d40 77130 net optional nagios3-common_3.5.1.dfsg-2+deb8u1_all.deb fea1eccaa2eff9d0de5cb9a40f0089dc 27918 doc optional nagios3-doc_3.5.1.dfsg-2+deb8u1_all.deb -BEGIN PGP
Accepted libarchive 3.1.2-11+deb8u6 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 21 Dec 2018 22:24:50 +0100 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source amd64 Version: 3.1.2-11+deb8u6 Distribution: jessie-security Urgency: high Maintainer: Debian Libarchive Maintainers Changed-By: Markus Koschany Description: bsdcpio- Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u6) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-1000877 and CVE-2018-1000878: Daniel Axtens discovered a double-free and use-after-free vulnerability in libarchive's RAR decoder that can result in a denial-of-service (application crash) or may have other unspecified impact when a malformed RAR archive is processed. Checksums-Sha1: 589f03cfd9fa1530fc06f1d535149f61c318712a 2478 libarchive_3.1.2-11+deb8u6.dsc 20ef768dfe86bdce78b05aaac2588cf39049e23f 41104 libarchive_3.1.2-11+deb8u6.debian.tar.xz d4e25525725fa27260b0c8e1639751931d431ddd 435030 libarchive-dev_3.1.2-11+deb8u6_amd64.deb b8437bb8efa1e54ad9f2b7ae22c913f36cafa6d9 271164 libarchive13_3.1.2-11+deb8u6_amd64.deb fed4361be1e157926451e844aba060d6740909d6 54458 bsdtar_3.1.2-11+deb8u6_amd64.deb 3156f4d83548f70713d411e8389d4f90ec9f7a84 40024 bsdcpio_3.1.2-11+deb8u6_amd64.deb Checksums-Sha256: 38deb2c4c25602111e9f8906860d557855c2eaa0c732f765cf9390709e1c84ca 2478 libarchive_3.1.2-11+deb8u6.dsc 308e29d84eb5f140c4a6aa9942f4c48c4d8a4f3b5cd6fc2780f6b5e13f65032f 41104 libarchive_3.1.2-11+deb8u6.debian.tar.xz 07e353f785dfb3b23d6bcd1aa017d8c0b50f2db318e7dd7ed84eef05f501606a 435030 libarchive-dev_3.1.2-11+deb8u6_amd64.deb 5577570095336e291e8b194af38a25d77fc68ed1730f00d0f14f7726013a7a2e 271164 libarchive13_3.1.2-11+deb8u6_amd64.deb d3168b4b3e6f77cf211c0914badd90b4b9ebe7dc42506b3e88ffdbb8f04138c9 54458 bsdtar_3.1.2-11+deb8u6_amd64.deb f0d5611e1c30532ac33784d2df769bf07a3cf13f346fce6e252e575970ceeff8 40024 bsdcpio_3.1.2-11+deb8u6_amd64.deb Files: ecacea1ddc66cbbe9b37fb43923123be 2478 libs optional libarchive_3.1.2-11+deb8u6.dsc f7e5d1ffa6b524f6f81e13723dd4044b 41104 libs optional libarchive_3.1.2-11+deb8u6.debian.tar.xz cf3b723da513c4bd2720e8d6d3abede5 435030 libdevel optional libarchive-dev_3.1.2-11+deb8u6_amd64.deb e931a857aeb4d94239cd261d5a0179bb 271164 libs optional libarchive13_3.1.2-11+deb8u6_amd64.deb 164763a33b641093fdbd78e5f122aa21 54458 utils optional bsdtar_3.1.2-11+deb8u6_amd64.deb df741a3798bb2256f793f5e0cbf03289 40024 utils optional bsdcpio_3.1.2-11+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwdYQ9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkv9AP/juo5Q/YRWtj9s6GnVkD0XrlQ0ocJuwO22DT fLBDnlr/tbx0Ot/gzVFERbX1/RU1V+dyKsgqMkJ9myQ9KNLTX2ZUWITKq5fI4B7l v4h+2oGAtuG64WQ7ra6NaB1xqIykaTnJzDnHR8Vu99eeiMKth73eavI4PmBVShFs tm+v7BpwVZ7yrnxqAkRoMI7VHvuDd/ID5Hh38OfOXnfSeVHTpT8eM+R0Ch9UcyTf ZjB8GD1/Rc9xarN3TifdlMU5ALarpOQ3yjRLLL+eh9rvvD/Mdp/+cc60kLCKVsS+ u1MmDU0YcE1cTqgDVGlBi7cPcEjotqd6/O98eHXMQ/Lgb4RDHDM/enjlqndDx396 AlQzwsNHrcbqUg8YCzkX97dauhpqVp1XUnDi1ekWI7lfM4DMhZ1Y8KgABMxKbVh4 vWYB2L9pDlhiYHlYHkY0GwivuYizvNJs4FP+pspQ2OImNhpUBKe4D2u1s7EnRVgb XjPRDl2MXlSExPxB1DSeBtWZjKYkLAj3zyvNu8psgDmKDc0JXtI5iNfMmCL0+Naf CeZ1QKlNm0Pqs6kUrsXubc8xw2+6uNz9RUoO+u1boo3EtCdUmd7gAOBcU11aHiPr 0oJYIlv+WWtHYx7kyle0Mh0xgplNxWZVKdBfp1gkdeVpZ96163z+kaaFCDV3Wskz ITsQBlTC =6dyQ -END PGP SIGNATURE-
Accepted suricata 2.0.7-2+deb8u3 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Dec 2018 19:49:33 +0100 Source: suricata Binary: suricata Architecture: source amd64 Version: 2.0.7-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Pierre Chifflier Changed-By: Markus Koschany Description: suricata - Next Generation Intrusion Detection and Prevention Tool Changes: suricata (2.0.7-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: - CVE-2018-6794: Suricata is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual. - CVE-2017-7177: Suricata has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. - CVE-2017-15377: It was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default). - TEMP-0856648-2BC2C9: Out of bounds read in app-layer-dns-common.c. On a zero size A or record, 4 or 16 bytes would still be read. Checksums-Sha1: a2ba03e4bcd8a0e52fd8499efc7c13408d915af8 2287 suricata_2.0.7-2+deb8u3.dsc e4ef98d0ccd5952c5ec8a295a0b708bba2acf71d 14668 suricata_2.0.7-2+deb8u3.debian.tar.xz 1bd43a14db4d71b20e41ab6eb294ea2b95441c79 775080 suricata_2.0.7-2+deb8u3_amd64.deb Checksums-Sha256: d3afeeffd480c0d2875813f1091d6d2590a220b5b1398bd23061f253a5bc7819 2287 suricata_2.0.7-2+deb8u3.dsc 40aaa498bc6d10966228f4ef22a36aa848a7213b199ca86cb60cfa0e83b340bd 14668 suricata_2.0.7-2+deb8u3.debian.tar.xz c79d5801285888f5056b130aff86eb0b6dc245fa87e0d097544bf03866fe5273 775080 suricata_2.0.7-2+deb8u3_amd64.deb Files: bf559d996f4b017be381b73bf0899317 2287 net optional suricata_2.0.7-2+deb8u3.dsc 0a4c773431011df9dca023c98a5ce9e2 14668 net optional suricata_2.0.7-2+deb8u3.debian.tar.xz 449dc8b45bc69761c69c764ab99453e7 775080 net optional suricata_2.0.7-2+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwGzzVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPZMP/35Hir3/WNS3iB74V7Pu/84Slj20o3azIpPJ CqHuj4ew+WBi0HSxWo/s+fhlQp4jSPMo9cvlmHU0sNMkyGDOq2i2WW54xmooUlZ4 zUbulF+0nKO7SoJ0TuLuOeIKuSN+M/B9LDLbh+YKYgdYa5153U61oZ1mkZsRH1HV qi224u6O2QsxukgAMlqDD0seEeS3whnpu61kpGjtyG8czZ+L92nRyyeZS1fNTNWw k5zKEbLJrC8ev67jn7i1oIsSIOnXTKyfZEBtr107HbGu8GPQns1uGjzUY8MSlzyZ QJ3pXnyNvgaU8UEdh9KABspFZXXIkD/DUHYdDmEusWvaBTWOJpgLYiDbEhDeYAVV g/1atrQ6CMCH77hB2x5ACWscNrO6MfcDfJ54/yc3oWmKFhlHCWa7y/Ti38MEd8wR HZ36vXViLVv8NGMP7cgd65Q/nsRQpnyOcZE/IUELzCOg/l8USHKUTvIf01vVCRtn K0Xp8DnWnuX8sP/AlSf9E2hpRaLhkuiWlsi85R/uUU5hKt0guyInTCoUSq2HkBkO Qv6rmO8SbJPgT7mR+MHMP4AfL1vPU6IwgF+VbbDjMmw+RgWW8SqmG4DV87Gi6rGs EnR4FnpZcEEwRxcqy2VCsMqFik+VU9XObWFyDXRmzwJoZCYI6GGOdLW/Kqefk8cQ 4j1j7GZS =wYlh -END PGP SIGNATURE-
Accepted libarchive 3.1.2-11+deb8u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Nov 2018 21:01:09 +0100 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source amd64 Version: 3.1.2-11+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Libarchive Maintainers Changed-By: Markus Koschany Description: bsdcpio- Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Disable the tests on armel to prevent a possible FTBFS on antheil. The tests pass on a different armel porterbox (abel.debian.org). Checksums-Sha1: 9c1b5b3a2cb714c85437871e30cc89aa181a7937 2478 libarchive_3.1.2-11+deb8u5.dsc 62642d2d44b1db6d6a2bc404cd2c971399db54b3 40336 libarchive_3.1.2-11+deb8u5.debian.tar.xz 468e8ba8d98d81563f9a1f3e1a4691fe3c43847c 434804 libarchive-dev_3.1.2-11+deb8u5_amd64.deb a76d30fa5460bf4a9ba25cd517d66f65cf37dd05 270552 libarchive13_3.1.2-11+deb8u5_amd64.deb 311f70c54a635bfb379d77c05380cdfdbb0cea5b 54320 bsdtar_3.1.2-11+deb8u5_amd64.deb 1a06773dda97e8f2d9a9647ffb7c3fbf3c37bd78 39874 bsdcpio_3.1.2-11+deb8u5_amd64.deb Checksums-Sha256: 6daf957b2db6540b56c2173400ba5844cd37a7bea12929e271d2dc670ee2e190 2478 libarchive_3.1.2-11+deb8u5.dsc dea71d74864dad5bf46e67320a366f91ad4fbddc111be2f7e1f036fa35d0bdbf 40336 libarchive_3.1.2-11+deb8u5.debian.tar.xz bfc72710b74cfe2c609a4caa626b0f75c48516cf81b5a768e968b0841d9408db 434804 libarchive-dev_3.1.2-11+deb8u5_amd64.deb 93eb2069ee62e0006b2a321dee557c8c43ef976a34612a64b0a4736fc8b0e62c 270552 libarchive13_3.1.2-11+deb8u5_amd64.deb 743a49dd4693e02116027b17106d28d22114fbb3fe4eed611239a2d55971433b 54320 bsdtar_3.1.2-11+deb8u5_amd64.deb 1ea21b7c7ca541af86a26ea8075d64cb9963f1b281d39bcd598a2008f98392a0 39874 bsdcpio_3.1.2-11+deb8u5_amd64.deb Files: 48c16cf822ec9019ee3bed3ede734e98 2478 libs optional libarchive_3.1.2-11+deb8u5.dsc 74cfeb97849f027e8e05e2b54350a3d2 40336 libs optional libarchive_3.1.2-11+deb8u5.debian.tar.xz 1425d4553f8a42f09b34003def3ea105 434804 libdevel optional libarchive-dev_3.1.2-11+deb8u5_amd64.deb b0aa925ba19391cd1c2dcfa3c325ef73 270552 libs optional libarchive13_3.1.2-11+deb8u5_amd64.deb 1c67e6f173012ca198fdd45d3c473fd2 54320 utils optional bsdtar_3.1.2-11+deb8u5_amd64.deb 7c02f926e35d319f98b3d01cfe78c6df 39874 utils optional bsdcpio_3.1.2-11+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwAS7tfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkKkMQAIc0FIlGtxzKoVNdfVf5a3cBAZ1/4+Ow3Mpd TwWmxc7+rVE8gFapUBLnWlC2zd8nArCXpdt6xWLxdHjOQqIRKXzDV9rgMB537NBT xRAm/PkWawngNJmTCIIQCq+EaT69Y8VC6204JlQfUFj6gKrqCofhXg47hQEgcvG5 d0n+zdWYLD1qtDWxa0b9zOcFuBmLO7wdbQwgzzCxi66GGmtSAhDq2aj6908vbfUi NNpoYXexYSCbbxyj3ypvZMtwEz0NrrpNlypYqT57wrkK8uFatYoMdL8bOHl3rBw7 KC2a4Wi3s3e+a+fgYZVz3qjXmKqKL+fAUsjr7HVPRRT7cgEqGd3462Z+TJqJWJi8 aF2khyRLa2QwDA/hj8EsawZkFx3Lm67RnJ02NhYKm6Or13qJX3OMCC4snG+Mb7d9 F9Xkk3dR+5kfXixe3UmVbOuyoGw83nNZUOIc9Krgol6vIcuZZdh5llCTD7iAKeTc ozzVEdlr3EyDROacocAwvorYs+lXuC/fIiGb9SZRhRs41DtlmdMftpnr/BhOm2Wc 72wjtNkrTUX59m+HE4gSx9D/CPwby66Jm6iSrsR+Uk2lrepTYFxMPJT7LkPouI7Z 2aMMjJqLHWpFuInDYbMCQE22r24Py1xRFBoZToN8eS1BIJzljBsl5U1hwuWZ0HUI Rr5ZecpN =qmAJ -END PGP SIGNATURE-
Accepted libarchive 3.1.2-11+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Nov 2018 18:31:17 +0100 Source: libarchive Binary: libarchive-dev libarchive13 bsdtar bsdcpio Architecture: source amd64 Version: 3.1.2-11+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian Libarchive Maintainers Changed-By: Markus Koschany Description: bsdcpio- Implementation of the 'cpio' program from FreeBSD bsdtar - Implementation of the 'tar' program from FreeBSD libarchive-dev - Multi-format archive and compression library (development files) libarchive13 - Multi-format archive and compression library (shared library) Changes: libarchive (3.1.2-11+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: CVE-2015-8915, CVE-2016-10209, CVE-2016-10349, CVE-2016-10350, CVE-2016-8687, CVE-2016-8688, CVE-2016-8689, CVE-2017-14166, CVE-2017-14501, CVE-2017-14502, CVE-2017-14503, CVE-2017-5601. Multiple security vulnerabilities were found in libarchive, a multi-format archive and compression library. Heap-based buffer over-reads, NULL pointer dereferences and out-of-bounds reads allow remote attackers to cause a denial-of-service (application crash) via specially crafted archive files. Checksums-Sha1: 9e35b9207eb792ab402208719fe5d5524ac53e37 2478 libarchive_3.1.2-11+deb8u4.dsc c050fcc6e4a13334eaaee4c49c7fba3904d816ff 40212 libarchive_3.1.2-11+deb8u4.debian.tar.xz 283da740f7df538b7dd7700a1f1b3b32c6fb6b4e 434688 libarchive-dev_3.1.2-11+deb8u4_amd64.deb 9ea59ad8de3a1511210ee29758ac33cbe5abb0f1 270546 libarchive13_3.1.2-11+deb8u4_amd64.deb 2df1c818593d5e4ee1009dd67bf7e798d2e9a48a 54246 bsdtar_3.1.2-11+deb8u4_amd64.deb 4c8fa8c96d127ae4abb8fd0505f801f076f99e26 39760 bsdcpio_3.1.2-11+deb8u4_amd64.deb Checksums-Sha256: 9d6b58a15aa47b31430e5ab66e7109930ea76f575fcfbcedde7f94ff6cae3589 2478 libarchive_3.1.2-11+deb8u4.dsc cf947d4709166bd243e141990b080548f2bf6fe26d37ebc5d488e6a32a54d685 40212 libarchive_3.1.2-11+deb8u4.debian.tar.xz e456ead09382464b54e26f53ab1e81147c3feca9711f3d88b122394d3cd534a5 434688 libarchive-dev_3.1.2-11+deb8u4_amd64.deb bb897dfb0b8be0f82345000e575290e649e78a5f2cfa64d8e40615e3df4fcfa5 270546 libarchive13_3.1.2-11+deb8u4_amd64.deb acf28552c58c02885b3d03d1586c2e6316b354e4a5c4a0e3be123f0f24e9f19c 54246 bsdtar_3.1.2-11+deb8u4_amd64.deb e31ffde43e9ff0a79a2ac4c3b02f818c20fbfa92fafd65b551824eac825e14ec 39760 bsdcpio_3.1.2-11+deb8u4_amd64.deb Files: 693cc47d76aff5c7bda4c278d7a5609c 2478 libs optional libarchive_3.1.2-11+deb8u4.dsc 1f66a19b77019148a88c524b47ec5b95 40212 libs optional libarchive_3.1.2-11+deb8u4.debian.tar.xz e8db8a602f32cc51060506872d8c77ec 434688 libdevel optional libarchive-dev_3.1.2-11+deb8u4_amd64.deb ce3a8f029779b5bf2fd58a2f59b80fc6 270546 libs optional libarchive13_3.1.2-11+deb8u4_amd64.deb 8c898dbf2775ea9c27bd0fcd2de3b0c5 54246 utils optional bsdtar_3.1.2-11+deb8u4_amd64.deb ff983dd1efdb810738167a704e306e71 39760 utils optional bsdcpio_3.1.2-11+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlwAI5lfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPbkQALILthocWTa0zwkaXH4ywzRShF8YOUvjISPq Yn3hQiV7M68Fqk1ni41wubD8oWGL2edvPQu020H7QwjV8QTR4caimZgiSDtM7waW YW0WOafe05vkR1KtJGiu6GObLveojjEQBbD0+bDxmi9c8WF8BBbsByo1rOomf+Rp 39gSnxKd6yzzLuhzw/fyBaGJIG1acvWXaS/cybEP8Zz87LoF9acQedAwAfwVRQiM 6i4H+9+bPoUlS7n19TiYRawUzcUxRtkwUJZKkrRKrY6ULh51/7ayyzclCiWyIioa NtANCnVpS9kNEG8jheBNtXivboeojJXrET4q1tbOR815mN+y3DphjR9h4JBeoop0 Ke0yb0zzhEoniZJVJaM3uRLtDgVCIwUnPDjcXG9lKFHAF8QOIQ1LwOAWeWbM0oC0 Q6gvxqN165M3/av33OuGnMwvrc8WsdAF/Os/aRPWPCVJUsEdff0gSTwF6FkvFhM9 LS7rraJGfASQ8QmlSSN1nDlwc7cYVCD1tfzJq6nnRWxaGRxkwnALEAw08ignwryL OITns56pyxLel9kNMMXyTX6t7+p4o55VLuZedWxNZwbrkQ75UPb9sSmFdWUCj2uL UJwXE4Y6k8ZW/333AdgWUHbtCUMLXYV1MPCEOggX6dvxvM2eVBGjGoQ8v8sBxWO6 cp1R4yIe =ArsF -END PGP SIGNATURE-
Accepted ghostscript 9.06~dfsg-2+deb8u12 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 28 Nov 2018 14:41:28 +0100 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.06~dfsg-2+deb8u12 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Markus Koschany Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u12) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19409, CVE-2018-19475, CVE-2018-19476 and CVE-2018-19477. Several security vulnerabilities were discovered in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). Checksums-Sha1: 1847e284be1870b0347aa99206bff8e66fb22ede 3047 ghostscript_9.06~dfsg-2+deb8u12.dsc c081446726986daa14306bef5dca2ff75438cd0b 151104 ghostscript_9.06~dfsg-2+deb8u12.debian.tar.xz f13aa94a37f1629099fed538240fe13249dbd4d0 5160470 ghostscript-doc_9.06~dfsg-2+deb8u12_all.deb dc3f0554c91b29d971772853dff5de4b8292b6c7 1972882 libgs9-common_9.06~dfsg-2+deb8u12_all.deb bcdbaa2668b774cee79ad702b9f206c4b87aed6d 85712 ghostscript_9.06~dfsg-2+deb8u12_amd64.deb b2114a2a437effe74e81a8ed1b8433bf8041dd05 76574 ghostscript-x_9.06~dfsg-2+deb8u12_amd64.deb a62a6e52af6f8a026c58174962f20facc701c489 1917030 libgs9_9.06~dfsg-2+deb8u12_amd64.deb a51d78598d3e2c617a0c74a5ab22aeb4648bf671 2123310 libgs-dev_9.06~dfsg-2+deb8u12_amd64.deb 0da6c3941d5ee618e04bae82d8e4db3fbea38063 4884240 ghostscript-dbg_9.06~dfsg-2+deb8u12_amd64.deb Checksums-Sha256: 099ef5410740d818b350e1b955bb10f17c684b8f9e97a376b882942249f4f65b 3047 ghostscript_9.06~dfsg-2+deb8u12.dsc 904fef43a003ce5e9601d6cfd72b8a615aed689070a08b510b0d7505b8a10b70 151104 ghostscript_9.06~dfsg-2+deb8u12.debian.tar.xz 6d4e6db7c322f6831797d8b9a03a2830ae53ed61388c2041f12cae87d3297695 5160470 ghostscript-doc_9.06~dfsg-2+deb8u12_all.deb 9bcd393a6d8d803df405f1527c78af1c209fd7bb990c5a929946f7361002314c 1972882 libgs9-common_9.06~dfsg-2+deb8u12_all.deb 1011efe7a7f3d390b13d7d1be0ea3238dd33b5236dd46785c7766d20b5089ba0 85712 ghostscript_9.06~dfsg-2+deb8u12_amd64.deb 9e2fcb09e0c44d14e3c730a175a97d8fc58640d03851240989c6ffbd4a7f2b97 76574 ghostscript-x_9.06~dfsg-2+deb8u12_amd64.deb 08131fe54bccbe0aaa77d340d80832a692faf83dda5aa3a3b4d70813d94b9abc 1917030 libgs9_9.06~dfsg-2+deb8u12_amd64.deb 6535167fe23d2e006fcdd4e2031e020135c4e336c0faf62aa74e422dc051a273 2123310 libgs-dev_9.06~dfsg-2+deb8u12_amd64.deb 6639a068fc1b6a7d7b1af16e283ade7f90721742d93f60299310bf5824d3af00 4884240 ghostscript-dbg_9.06~dfsg-2+deb8u12_amd64.deb Files: 103e4e6bc8d3c795ead27567a96c5919 3047 text optional ghostscript_9.06~dfsg-2+deb8u12.dsc 42c1df5c7ee6d3f925991bd1665df08b 151104 text optional ghostscript_9.06~dfsg-2+deb8u12.debian.tar.xz 7ef993d9a80e7650e8197323367d7f3a 5160470 doc optional ghostscript-doc_9.06~dfsg-2+deb8u12_all.deb 15e53139d02bc41e426941bf5ef4cdcb 1972882 libs optional libgs9-common_9.06~dfsg-2+deb8u12_all.deb e23bb542fd9ba0dbc268bf9b0632e740 85712 text optional ghostscript_9.06~dfsg-2+deb8u12_amd64.deb 3fa7b5cbc79f13f343a61671c961cf87 76574 text optional ghostscript-x_9.06~dfsg-2+deb8u12_amd64.deb e1c9ab15a9aeabf80939a20d0ae4b8c7 1917030 libs optional libgs9_9.06~dfsg-2+deb8u12_amd64.deb 079df11abc00f37fc05b00883b813bdd 2123310 libdevel optional libgs-dev_9.06~dfsg-2+deb8u12_amd64.deb 4e07fdba05aa0020264d32eb84b8d58d 4884240 debug extra ghostscript-dbg_9.06~dfsg-2+deb8u12_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv+nwFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkomoQAK77oNGySdv+Cenl+/eoEwProYYZAAA9eHCT zKMAaDMWr8Lu8tqRjhGaFmj19TzGOnfj7GggelcCjVzzuytfvnotQeB+eUqrKPSm xAQGi7vnLA3JpY9IKS0pBvzPyXEGOx4jQ/jfxBjgZIRdzKDHMH40Z8BHxM+lObZv QgwIkpKKj+R0gPV3RjQCs9Xsy3XfWABTcOlKE2VG5aneIMhPGSDJKOJbv+3MVRpM PB+Hd3MElg7EamrpHC83h6gdmQ5SI/Sa38V3HB0XUgf4lY8wam79Hg60lUpYPX4A GnML+vhamyRjcgr1QYHJUQ5e4hv5DPJCstIOK6A5dXZhz3sKJUj0KKDDzy2GzAHx D3Q+fMrWXE84tFv+KXbxCzQ8FO/GWVzXwgl9XGUPdA8D+uwSwUirIFb8DgoeBhWI e6hHqLUCz8SdFOGL+WeoTPQ0WgzcOy1CaTO3Q9nUis
Accepted phpbb3 3.0.12-5+deb8u2 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 24 Nov 2018 14:52:11 +0100 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.12-5+deb8u2 Distribution: jessie-security Urgency: high Maintainer: phpBB packaging team Changed-By: Markus Koschany Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Changes: phpbb3 (3.0.12-5+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19274: Passing an absolute path to a file_exists check in phpBB allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions. The fix for this issue resulted in the removal of setting the ImageMagick path. The GD image library can be used as a replacement and a new event to generate thumbnails was added, so it is possible to write an extension that uses a different image library to generate thumbnails. Checksums-Sha1: 9c98618606e361533d2fa8dae5989d22e603b9ad 15560 phpbb3_3.0.12-5+deb8u2.dsc 28f50ae101cba9c5eb514b301eae665377f2039e 150440 phpbb3_3.0.12.orig-l10n-ar.tar.xz 0e0bede2e8ea68a8ee3592dd562b701d8b3326ff 161732 phpbb3_3.0.12.orig-l10n-be-u1.tar.xz af242014b3338551ac7f60312ab81e34f8740220 141164 phpbb3_3.0.12.orig-l10n-bg.tar.xz 1b433e5c4532ba0a87805748f8a435160770af2d 152340 phpbb3_3.0.12.orig-l10n-ca.tar.xz 47de8d1847d33db3889643678b038e7034f46539 153992 phpbb3_3.0.12.orig-l10n-cs.tar.xz 01e88a705de7d965ae4c6aa89297511ca1ea76ff 151352 phpbb3_3.0.12.orig-l10n-da.tar.xz 988664237f0f0ca8f7aa557be45e030f61d6d7b2 157028 phpbb3_3.0.12.orig-l10n-de-x-sie.tar.xz 6606d88c5361c9211b1bc3ec9ab401ada89aa7ad 157052 phpbb3_3.0.12.orig-l10n-de.tar.xz a12fb100a4d840ae2babab037d13ea408402b617 169884 phpbb3_3.0.12.orig-l10n-el.tar.xz aff914c4f8c801075991633ce7bca7445c39edf1 141216 phpbb3_3.0.12.orig-l10n-en-us.tar.xz c0e8c0bdd6302b4eae3b727dda7172d66bb63dc3 148028 phpbb3_3.0.12.orig-l10n-es-ar.tar.xz 067e689768d5cf121f36fce1e39a88c33affe9cb 147764 phpbb3_3.0.12.orig-l10n-es-mx.tar.xz f3c500f8be11cd90aa498f8a75219c870db16988 148180 phpbb3_3.0.12.orig-l10n-es-x-tu.tar.xz abdc9ff622cde02154772880dd943ab248c61db8 147572 phpbb3_3.0.12.orig-l10n-es.tar.xz 0b912b44ccb8d8ac6a96ed093a05c58fa9f9b433 139888 phpbb3_3.0.12.orig-l10n-et.tar.xz da00ba9c799a7b2dd25a2709b8517d1412b7685f 149136 phpbb3_3.0.12.orig-l10n-eu.tar.xz 93dfe7f4af74717373f6a0a2b6ca99b232d15b0c 164048 phpbb3_3.0.12.orig-l10n-fa.tar.xz a721e0c00e96a194b080ef0fb2da5d6308276e12 151072 phpbb3_3.0.12.orig-l10n-fi-u1.tar.xz e62b2c81a9a004ef67238c30cf683767bcb0764c 156668 phpbb3_3.0.12.orig-l10n-fr.tar.xz a0d9614082648fc959e0613e4b335f4ef3b081fd 145760 phpbb3_3.0.12.orig-l10n-gd.tar.xz da6136103cae67231d8e5e9bdc423541b2e62035 153988 phpbb3_3.0.12.orig-l10n-gl.tar.xz cd7a2c21773e8a54d59f01ed8a7f83b344a782b0 153252 phpbb3_3.0.12.orig-l10n-he.tar.xz 5b567a49e88e74bd7e3e6eca49a8634fc0454c2c 150224 phpbb3_3.0.12.orig-l10n-hr.tar.xz 288744e2b2cbe703918702fdaba6a1a0ca936a35 159084 phpbb3_3.0.12.orig-l10n-hu.tar.xz c86015473fbb1c0364ecad3d1470ec1e6cbb772c 147116 phpbb3_3.0.12.orig-l10n-id.tar.xz b3d8cdaab56b02886efd441846dca837f46c7553 147808 phpbb3_3.0.12.orig-l10n-it.tar.xz c5cf1ea0c415c3646276c3d1335fa04829a64a1f 144812 phpbb3_3.0.12.orig-l10n-ja.tar.xz 3c17ec1abb729032491b9a9112e95fb6911af2ea 152620 phpbb3_3.0.12.orig-l10n-ku.tar.xz c178479a096bd7784887e68de5cfb33e69ecc01f 140464 phpbb3_3.0.12.orig-l10n-lt.tar.xz 9b9748171558a69dff5b427575c8baa062111359 164912 phpbb3_3.0.12.orig-l10n-mk.tar.xz 05238c9d126029dc7dd0370e9d875bb04bcd945d 158796 phpbb3_3.0.12.orig-l10n-nl-x-formal.tar.xz cb12326832bad7c460a706808ca92ccf64e0a20a 148384 phpbb3_3.0.12.orig-l10n-nl.tar.xz c8674f55b0d7954f32cb1b6d3181c5321a9ed7c1 147688 phpbb3_3.0.12.orig-l10n-pl.tar.xz a0ad441afb8069e1df38c50b13a472bc19d17460 152744 phpbb3_3.0.12.orig-l10n-pt-br.tar.xz f2d05b2cb5066289d93179b5c00aaa998745f5dd 153028 phpbb3_3.0.12.orig-l10n-pt.tar.xz 495e514d22a83f6982b2b8f67eb4924cedad 165348 phpbb3_3.0.12.orig-l10n-ro.tar.xz a7afc24a35e0f49c79f7f437e6f045dd65b4c6ae 157856 phpbb3_3.0.12.orig-l10n-ru.tar.xz 2ee9cdfd8aafcc65bbd1f6e039b6d038a40f6eea 155108 phpbb3_3.0.12.orig-l10n-sk.tar.xz e1460959c043a302b56ef375fd63cd49b1646b88 153536 phpbb3_3.0.12.orig-l10n-sl.tar.xz a27e0f436083a37b7fd018d707e40cdf0a2faedc 153132 phpbb3_3.0.12.orig-l10n-sr-latn.tar.xz a2dd7dc72a1a2e728cfdb651d8176c9ed44c60c5 154936 phpbb3_3.0.12.orig-l10n-sr.tar.xz 65053aae51d4b064b233f08f91ed3006e88da8d1 148004 phpbb3_3.0.12.orig-l10n-sv.tar.xz c4dbdac680ef6e566a1cf83d8577958cb74ceb63 145708 phpbb3_3.0.12.orig-l10n-th.tar.xz 1dae370259d6b8415c53e41e086e11089ebe21de 154648 phpbb3_3.0.12.orig-l10n-tr.tar.xz 97bc1d4887161f2c80fb43a79d53dbea89cef32e 144628 phpbb3_3.0.12
Accepted otrs2 3.3.18-1+deb8u7 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 23 Nov 2018 17:50:17 +0100 Source: otrs2 Binary: otrs2 otrs Architecture: source all Version: 3.3.18-1+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi Changed-By: Markus Koschany Description: otrs - Open Ticket Request System (OTRS 3) otrs2 - Open Ticket Request System Changes: otrs2 (3.3.18-1+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-19141: An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS * Fix CVE-2018-19143: An attacker who is logged into OTRS as a user may manipulate the submission form to cause deletion of arbitrary files that the OTRS web server user has write access to. Checksums-Sha1: 95259cc80e354af94756b2fb754d649fce70bca4 1971 otrs2_3.3.18-1+deb8u7.dsc 52ef919954820811877bb1de994658637dd0b370 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz 2e3a774bc6e5c723efbae0294abb0c9753469e4a 5682230 otrs2_3.3.18-1+deb8u7_all.deb 9dafbbb4b09fd420dcf6e5059b82f29086d05aaf 189716 otrs_3.3.18-1+deb8u7_all.deb Checksums-Sha256: 02e4b885dd7e1489939d841592606350ff0578b715e923ead173a465ff35567e 1971 otrs2_3.3.18-1+deb8u7.dsc 6d6861a268a1079f77a82047561672218011fdf84f1ea869a3b5dca5dc22d270 47920 otrs2_3.3.18-1+deb8u7.debian.tar.xz 77cdab05387ea24b4467e9db0f7f11d02afb15b4e6a82281f467eb7875a886a8 5682230 otrs2_3.3.18-1+deb8u7_all.deb 57b5513f3b86f4dd7ebc3523b16b506e3a1d5f147bddd5a8d48a772f3b72a9bb 189716 otrs_3.3.18-1+deb8u7_all.deb Files: 56beb4bf3859ff65bfbcf753cb288c3d 1971 web optional otrs2_3.3.18-1+deb8u7.dsc 3745d2b76ea0d2a27f16f1087f84fc2c 47920 web optional otrs2_3.3.18-1+deb8u7.debian.tar.xz 6834c9d4dc4f79282e51b7767a4c79b8 5682230 web optional otrs2_3.3.18-1+deb8u7_all.deb f827b15ef72d642308824faaedd44852 189716 web optional otrs_3.3.18-1+deb8u7_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv4P8tfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJxYP/0gEimyEjkWIRUBGhXYh4QENVhE7bn9NDbf6 HBaciPpXx5i1uOOs+6dU/LShGQFBG3T+2VaxTznhA4/+0fW2nOlPwkZzrf5BUhEE /3OYyjZ3nVYHz9HP97lQEkpHUenQ5pcmyUX5qviHEfuFapNvAEI8LXQXPybVkPwu zyTHhwn0csPamCBjpJMRBBHQfvLqKuwuEHlcgz4ZBzbysiveb0C24IEeYpdoQruQ 4Dx3Ju1kROPMQS11ZE5ddDJlBpdMYbYoDv43pSEQheuVRVEt3a0CXUKyG70ET/rJ zuzwVhOvSuSy0S4epqtwgZjFxilTrR1jErsugYwTfYWsRSHejCzVJ7FSvNs86mpT EJmSxNT7/U5qxrDIGzx8/vmC0YXujkwMavXclOvdUZuR1x46pbJtKUFXWEpWf3z0 N06FVH8DdfRve+hDf62Qe4egV8eEcVjbdqyO4i17fjrvnJvNaXKMpS0K28ohfybF 3L8Vf0K5+qTmPIObvLdLxZFfmUqQdX6DYV5ulWkyU8tP5EvWlzehpBCgiPBDqZJn TI0LXiVVR6hQEc+3MeEMLHHS6D+61p7s+3jaNs18xpBR4S+U7kbOlHQMCID3TVO4 rzcnV5WGQK7sKqHJ0omn8SdGEVi8u0fgpc7Pjm2tQgnziEVIeX375MZ2t7f4Z26n 81UmWMh8 =ym/o -END PGP SIGNATURE-
Accepted jasper 1.900.1-debian1-2.4+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 16 Nov 2018 18:44:08 +0100 Source: jasper Binary: libjasper1 libjasper-dev libjasper-runtime Architecture: source amd64 Version: 1.900.1-debian1-2.4+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Roland Stigge Changed-By: Markus Koschany Description: libjasper-dev - Development files for the JasPer JPEG-2000 library libjasper-runtime - Programs for manipulating JPEG-2000 files libjasper1 - JasPer JPEG-2000 runtime library Changes: jasper (1.900.1-debian1-2.4+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2015-5203: Gustavo Grieco discovered an integer overflow vulnerability that allows remote attackers to cause a denial of service or may have other unspecified impact via a crafted JPEG 2000 image file. * Fix CVE-2015-5221: Josselin Feist found a double-free vulnerability that allows remote attackers to cause a denial-of-service (application crash) by processing a malformed image file. * Fix CVE-2016-8690: Gustavo Grieco discovered a NULL pointer dereference vulnerability that can cause a denial-of-service via a crafted BMP image file. The update also includes the fixes for the related issues CVE-2016-8884 and CVE-2016-8885 which complete the patch for CVE-2016-8690. * Fix CVE-2017-13748: It was discovered that jasper does not properly release memory used to store image tile data when image decoding fails which may lead to a denial-of-service. * Fix CVE-2017-14132: A heap-based buffer over-read was found related to the jas_image_ishomosamp function that could be triggered via a crafted image file and may cause a denial-of-service (application crash) or have other unspecified impact. Checksums-Sha1: ed57c56c08f28c3e756c4a1ff52fa26c19f36772 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc c5f29ef54f199162a831421883f1a37e9fe8c646 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 3a08a58e87137625e09b1a035b0319945cdc4b97 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb cc376554eb8ec1250aee5006329d495e08791dbf 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb fd2c35468abacd64a722d42f207920ff045e9d86 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb Checksums-Sha256: d10770e6fbffd6a63f554af5c1f49e7fe8415e43a618f80b2a8bcf713ba72c47 2120 jasper_1.900.1-debian1-2.4+deb8u4.dsc 1edc8a12d963e129cadd43dc15010595eebf60af2cc1c30866508b891764f47b 39040 jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 7675065f12000e62d7a0c203b41987476c487e99594f2d5ca1a46bdaa66fc2cc 135364 libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb 60260062587c29113e413e0c5726c2bdb6f104a840d9891abb0f673ed7bebc64 525390 libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb e5783904cc06fd90f8881889ae57418a8f72c34ada8085c20b99b0e5feffe718 23590 libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb Files: 0886221e4521e1d065db8616eda4b995 2120 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.dsc ed80bf016e9d501fe760a46648890cd7 39040 graphics optional jasper_1.900.1-debian1-2.4+deb8u4.debian.tar.xz 5827f950d1215cb08733affd8fced5a0 135364 libs optional libjasper1_1.900.1-debian1-2.4+deb8u4_amd64.deb 9b21ba41b4919e233665969633b77ece 525390 libdevel optional libjasper-dev_1.900.1-debian1-2.4+deb8u4_amd64.deb 497659888a8a03b445a05d5638048241 23590 graphics optional libjasper-runtime_1.900.1-debian1-2.4+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlv1XutfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkIWIQAKELhMft588ve5b3PhjJ52nKzL49tfX/TgBC C3elch+sSs6Qfhzn/gMyjmmlBI3dpYFdliIsIz/DFn9iXV2FugeEkDTnWjmjFpjg Igz0hu5W03UbaxDqe428226V0i9iL9nxcQPln+aY74l5hDoaSHU8IaUc7BkBq4/n STrH56VMJnFF4T1NKujeg1Kqeoyv1Cf+9WGPnUr1yNicdUlBQRGYYWITzLW3Yc81 9abFi7L82YlSY/IoQCSO5Ga+P/DXVLuovDnZcn/yeCqNcSycSQY08LFEyTgOJbxp V4TMO50JCps41+00CwUNWkHDVHTp0iGjepiY0T0CV6E4YiM2YZUE/eVpDbvBNXpi ZKzUv21Qt/DBVPreiwEyRAHn/YA8eZr5z6aMrlybw60hNL7eYR/gIalvrXpmlr/q sJoNSPYHv8UtEfCAvGtik0d3zcat9X2KQOCPnIKimJ4CX33kmc+jE0tUxc4Wqckn Eb9DkjVmqfF1cqmHdAgQCFJgJIKy92WhCsFSPpLN23rapAMqXTdbt3z/V7eTRrt8 KrPqPw0eMzBhiQLLoRnT1/ylwuFby0E04JUmOphuhsgs24+3SVuwQohG+sAhDfsC p7JR2jS+F/0j7QsHylo0NFAY2VgdaGlyrnaNVTLYItF2Yh7Lj87KKDYevOoNKAOO KndazIAq =kpSF -END PGP SIGNATURE-
Accepted curl 7.38.0-4+deb8u13 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 06 Nov 2018 19:01:46 +0100 Source: curl Binary: curl libcurl3 libcurl3-gnutls libcurl3-nss libcurl4-openssl-dev libcurl4-gnutls-dev libcurl4-nss-dev libcurl3-dbg libcurl4-doc Architecture: source amd64 all Version: 7.38.0-4+deb8u13 Distribution: jessie-security Urgency: high Maintainer: Alessandro Ghedini Changed-By: Markus Koschany Description: curl - command line tool for transferring data with URL syntax libcurl3 - easy-to-use client-side URL transfer library (OpenSSL flavour) libcurl3-dbg - debugging symbols for libcurl (OpenSSL, GnuTLS and NSS flavours) libcurl3-gnutls - easy-to-use client-side URL transfer library (GnuTLS flavour) libcurl3-nss - easy-to-use client-side URL transfer library (NSS flavour) libcurl4-doc - documentation for libcurl libcurl4-gnutls-dev - development files and documentation for libcurl (GnuTLS flavour) libcurl4-nss-dev - development files and documentation for libcurl (NSS flavour) libcurl4-openssl-dev - development files and documentation for libcurl (OpenSSL flavour) Changes: curl (7.38.0-4+deb8u13) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2016-7141: When built with NSS and the libnsspem.so library is available at runtime, allows remote attacker to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. * CVE-2016-7167: Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl allow attackerrs to have unspecified impact via a string of length 0x, which triggers a heap-based buffer overflow. * CVE-2016-9586: Curl is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any applications that accept a format string from the outside without necessary input filtering, it could allow remote attacks. * CVE-2018-16839: Curl is vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. * CVE-2018-16842: Curl is vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Checksums-Sha1: b34b966d02729261ecec96877371ddad1ab8d0d7 2824 curl_7.38.0-4+deb8u13.dsc ad36f716a2f43fe565c7bdaa0da0d3503d45bb31 56740 curl_7.38.0-4+deb8u13.debian.tar.xz a6ccebec9a142450aa562a0fe8fc7a1b553ba29c 201444 curl_7.38.0-4+deb8u13_amd64.deb d858fba70db29130d80d152657364f4fd0871060 260726 libcurl3_7.38.0-4+deb8u13_amd64.deb 992765bfcf6f21afb514bbd214e202089b17bf9e 252808 libcurl3-gnutls_7.38.0-4+deb8u13_amd64.deb d11605fd4fb549d83b36fd8662c700393875348a 264186 libcurl3-nss_7.38.0-4+deb8u13_amd64.deb 40fb2ddb28e0787b045195faee50d77330420cc3 338002 libcurl4-openssl-dev_7.38.0-4+deb8u13_amd64.deb c4ede5faf66c115bf9ad6941ce9950e8706cb3be 329630 libcurl4-gnutls-dev_7.38.0-4+deb8u13_amd64.deb da04f86e2560f32864d4873994d12268c563951d 342072 libcurl4-nss-dev_7.38.0-4+deb8u13_amd64.deb c75a656c4b818df9a1d0341bb7b55c00307ef671 3375356 libcurl3-dbg_7.38.0-4+deb8u13_amd64.deb d6c10ee74789621cf91b1814393a47dbd72d8920 1067858 libcurl4-doc_7.38.0-4+deb8u13_all.deb Checksums-Sha256: 0e3a424bd1c09fc2cd35711e521e2b288ef0ec6c06d899597d52a589a5e012e0 2824 curl_7.38.0-4+deb8u13.dsc 26e740e89fe36a1ed4503b0e946dd1f8bcae23b7a7d6515986c5600b3bb352d1 56740 curl_7.38.0-4+deb8u13.debian.tar.xz 8008eea9f79cf522064160c9599019ae5d239a8b67d4d15ce8f88ccfc1882ab3 201444 curl_7.38.0-4+deb8u13_amd64.deb 63e0e48132d2933420c7a98cae62f1644ff6aba148dd91c7c723508534051638 260726 libcurl3_7.38.0-4+deb8u13_amd64.deb 326beadc4fb48a27fc1e2a83c49c9094ffcbffcde5ef66ef8b8e5d359aea47cd 252808 libcurl3-gnutls_7.38.0-4+deb8u13_amd64.deb 9e54214aa4e04aa6a0c8717c63df1022633759449728067556ed808ae657a865 264186 libcurl3-nss_7.38.0-4+deb8u13_amd64.deb c43dc3df54530d1c449ac59918e8b5c1b4a8ea76b79978e804aa29e9caff23b1 338002 libcurl4-openssl-dev_7.38.0-4+deb8u13_amd64.deb 6abf3996558014b87e606abf607f7e40f15ed431043fd0e2e870caa779927909 329630 libcurl4-gnutls-dev_7.38.0-4+deb8u13_amd64.deb 84ed2be793d877e46322f7f6c6ac0af316f7d9abb2bf14c44251651c6dec192e 342072 libcurl4-nss-dev_7.38.0-4+deb8u13_amd64.deb 0224e5ca37af2389dd9eeedc948fb12960f17531010243e28bb8049eb89c1d07 3375356 libcurl3-dbg_7.38.0-4+deb8u13_amd64.deb e474b15ed88426d9d2923d976910156ff21328f5000a2240e5c53de5fc0b85d3 1067858 libcurl4-doc_7.38.0-4+deb8u13_all.deb Files: 2c592f28d8393c8ac6df790514b9d6d6 2824 web optional curl_7.38.0-4+deb8u13.dsc c0361514d5d5c08393c1c748cea2caaf 56740 web optional curl_7.38.0-4+de
Accepted glusterfs 3.5.2-2+deb8u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Nov 2018 16:44:26 +0100 Source: glusterfs Binary: glusterfs-client glusterfs-server glusterfs-common glusterfs-dbg Architecture: source amd64 Version: 3.5.2-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Patrick Matthäi Changed-By: Markus Koschany Description: glusterfs-client - clustered file-system (client package) glusterfs-common - GlusterFS common libraries and translator modules glusterfs-dbg - GlusterFS debugging symbols glusterfs-server - clustered file-system (server package) Changes: glusterfs (3.5.2-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-14651: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths. * Fix CVE-2018-14652: The Gluster file system is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' function. A remote authenticated attacker could exploit this on a mounted volume to cause a denial of service. * Fix CVE-2018-14653: The Gluster file system is vulnerable to a heap-based buffer overflow in the '__server_getspec' function via the 'gf_getspec_req' RPC message. A remote authenticated attacker could exploit this to cause a denial of service or other potential unspecified impact. * Fix CVE-2018-14659: The Gluster file system is vulnerable to a denial of service attack via use of the 'GF_XATTR_IOSTATS_DUMP_KEY' xattr. A remote, authenticated attacker could exploit this by mounting a Gluster volume and repeatedly calling 'setxattr(2)' to trigger a state dump and create an arbitrary number of files in the server's runtime directory. * Fix CVE-2018-14661: It was found that usage of snprintf function in feature/locks translator of glusterfs server, as shipped with Red Hat Gluster Storage, was vulnerable to a format string attack. A remote, authenticated attacker could use this flaw to cause remote denial of service. Checksums-Sha1: 7489d08a300513ee04c6df8f399e3890f5688569 2374 glusterfs_3.5.2-2+deb8u5.dsc d9dba84684bc2c35c9063409f288bddd61589dc1 29428 glusterfs_3.5.2-2+deb8u5.debian.tar.xz 66bd6bc4c4e6afe396751b90890d147209f224b1 1914310 glusterfs-client_3.5.2-2+deb8u5_amd64.deb 44c9200645897233babde2cf3086d3b3f535bb20 1997338 glusterfs-server_3.5.2-2+deb8u5_amd64.deb 510c078e52800dcf2773519795365e12073e0a2e 3829596 glusterfs-common_3.5.2-2+deb8u5_amd64.deb 8651c1aa5eb5abed30123fb55d0225cef34982e4 8625462 glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb Checksums-Sha256: 3bad437345a1124b61a657e5ed0e8dde5b3271549db583dda9d3e2cb5b0626f4 2374 glusterfs_3.5.2-2+deb8u5.dsc 37952e076f1417e723c4743e34e516cf6ea8da8c5eeb4b23b3c25d93d8e03548 29428 glusterfs_3.5.2-2+deb8u5.debian.tar.xz b9f5e0999eafad83edcf7cd719e0978bc9f73e51463b532149a8bc413ffa0562 1914310 glusterfs-client_3.5.2-2+deb8u5_amd64.deb 1de125aea7eb71968167cb8e0bf311ab5e6457ed9b3f4edf2d9453b1b59d6ee7 1997338 glusterfs-server_3.5.2-2+deb8u5_amd64.deb 24a15dad53230f1502e504329531fa9d9f62d25499de65b2af700ba5e2645560 3829596 glusterfs-common_3.5.2-2+deb8u5_amd64.deb 5d8d400051c31e883654509f30181221c1f425c572799f7fc06fd00be99400e5 8625462 glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb Files: c627594b095e5b6c318f740a074b14eb 2374 admin optional glusterfs_3.5.2-2+deb8u5.dsc 0aed52ee7957f7cdd9ba5e2a167b63e4 29428 admin optional glusterfs_3.5.2-2+deb8u5.debian.tar.xz 55bcbb0eb1a7051f0b38cf1251f5e94f 1914310 admin optional glusterfs-client_3.5.2-2+deb8u5_amd64.deb 87e2dda6dee5df6a4f52705d1fbc22b0 1997338 admin optional glusterfs-server_3.5.2-2+deb8u5_amd64.deb 17959a0b46e19f8dd4b0bdba38180fd4 3829596 libs optional glusterfs-common_3.5.2-2+deb8u5_amd64.deb 3444dbfdf2d8fe724389e622d0e3a4fb 8625462 debug extra glusterfs-dbg_3.5.2-2+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvgb5NfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk80cQANICLx0v3Fkk2acOBWS+jBrgPxJkiBdrX1fu k7ABBzCq6oXp8ja+1b2P1qR4jMn3e3NZErgAdd5a5dMUr6Rd8CT+VDNKBn03JWLj GRQI3sE0ZgDrdFydf+9KxX6KCBMhYR5LzbeH7UdaskHnB+JDrumOgIVt4JvTI5TB m0KZa7mPbnZ9rKnq2XeNUtxOYZufr/r/KTq05xV9ADDv9nRRESUI4udgBui2pa/k e/6zmb0RAZWHWxsqeOj4tXhMxgE/1tAka+wa/ft5UBbbrGns7reCOeIu+N11xTVr xIVevRrzTo0dAJyz3UOD7YpDxhpfHv91mjB66hcRFO7tvpHAS92yudLM6LFMeQSA m7wwHO1SwqGsQtvdY65eCUNiimLKv8jZdZHvr4KlEq/2quvqDo0+Tzs+tJmIUn6V r
Accepted mono 3.2.8+dfsg-10+deb8u1 (source amd64 all) into oldstable
-sqlite4.0-cil libmono-accessibility2.0-cil libmono-accessibility4.0-cil libmono-cscompmgd8.0-cil libmono-ldap2.0-cil libmono-ldap4.0-cil libmono-microsoft8.0-cil libmono-microsoft-build2.0-cil libmono-microsoft-build4.0-cil libmono-microsoft-build-engine4.0-cil libmono-microsoft-build-framework4.0-cil libmono-microsoft-build-tasks-v4.0-4.0-cil libmono-microsoft-build-utilities-v4.0-4.0-cil libmono-microsoft-csharp4.0-cil libmono-microsoft-visualc10.0-cil libmono-microsoft-web-infrastructure1.0-cil libmono-peapi2.0a-cil libmono-peapi4.0a-cil libmono-relaxng2.0-cil libmono-relaxng4.0-cil libmono-debugger-soft2.0a-cil libmono-debugger-soft4.0a-cil libmono-tasklets2.0-cil libmono-tasklets4.0-cil libmono-windowsbase3.0-cil libmono-windowsbase4.0-cil libmono-xbuild-tasks2.0-cil libmono-xbuild-tasks4.0-cil libmono-webmatrix-data4.0-cil libmono-system-io-compression4.0-cil libmono-system-io-compression-filesystem4.0-cil libmono-system-net-http-webrequest4.0-cil libmono-system-windows4.0-cil libmono-system-web-http-webhost4.0-cil libmono-system-xml-serialization4.0-cil mono-dbg mono-mcs mono-gmcs mono-dmcs mono-devel mono-2.0-service mono-4.0-service mono-xbuild mono-gac mono-2.0-gac mono-4.0-gac mono-jay mono-csharp-shell monodoc-base monodoc-manual Architecture: source amd64 all Version: 3.2.8+dfsg-10+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Mono Group Changed-By: Markus Koschany Description: libmono-2.0-1 - Mono JIT library (Default version) libmono-2.0-dev - Mono JIT library - Development files (Default version) libmono-accessibility2.0-cil - Mono Accessibility library (for CLI 2.0) libmono-accessibility4.0-cil - Mono Accessibility library (for CLI 4.0) libmono-c5-1.1-cil - Mono C5 library libmono-cairo2.0-cil - Mono Cairo library (for CLI 2.0) libmono-cairo4.0-cil - Mono Cairo library (for CLI 4.0) libmono-cecil-private-cil - Mono.Cecil library libmono-cil-dev - Mono Base Class Libraries (BCL) - Development files libmono-codecontracts4.0-cil - Mono.CodeContracts library (for CLI 4.0) libmono-compilerservices-symbolwriter4.0-cil - Mono.CompilerServices.SymbolWriter library (for CLI 4.0) libmono-corlib2.0-cil - Mono core library (for CLI 2.0) libmono-corlib4.0-cil - Mono core library (for CLI 4.0) libmono-corlib4.5-cil - Mono core library (for CLI 4.5) libmono-cscompmgd8.0-cil - Mono cscompmgd library (for CLI 2.0) libmono-csharp4.0c-cil - Mono.CSharp library (for CLI 4.0) libmono-custommarshalers4.0-cil - Mono CustomMarshalers library (for CLI 4.0) libmono-data-tds2.0-cil - Mono Data Library (for CLI 2.0) libmono-data-tds4.0-cil - Mono Data Library (for CLI 4.0) libmono-db2-1.0-cil - Mono DB2 library libmono-debugger-soft2.0a-cil - Mono Soft Debugger library (for CLI 2.0) libmono-debugger-soft4.0a-cil - Mono Soft Debugger library (for CLI 4.0) libmono-entityframework-sqlserver6.0-cil - EntityFramework.SqlServer library (for CLI 4.0) libmono-entityframework6.0-cil - EntityFramework library (for CLI 4.0) libmono-http4.0-cil - Mono.Http library (for CLI 4.0) libmono-i18n-cjk4.0-cil - Mono I18N.CJK library (for CLI 4.0) libmono-i18n-mideast4.0-cil - Mono I18N.MidEast library (for CLI 4.0) libmono-i18n-other4.0-cil - Mono I18N.Other library (for CLI 4.0) libmono-i18n-rare4.0-cil - Mono I18N.Rare library (for CLI 4.0) libmono-i18n-west2.0-cil - Mono I18N.West library (for CLI 2.0) libmono-i18n-west4.0-cil - Mono I18N.West library (for CLI 4.0) libmono-i18n2.0-cil - Mono I18N libraries (for CLI 2.0) libmono-i18n4.0-all - Mono I18N libraries (for CLI 4.0) libmono-i18n4.0-cil - Mono I18N base library (for CLI 4.0) libmono-ldap2.0-cil - Mono LDAP library (for CLI 2.0) libmono-ldap4.0-cil - Mono LDAP library (for CLI 4.0) libmono-management2.0-cil - Mono Management library (for CLI 2.0) libmono-management4.0-cil - Mono Management library (for CLI 4.0) libmono-messaging-rabbitmq2.0-cil - Mono Messaging RabbitMQ library (for CLI 2.0) libmono-messaging-rabbitmq4.0-cil - Mono Messaging RabbitMQ library (for CLI 4.0) libmono-messaging2.0-cil - Mono Messaging library (for CLI 2.0) libmono-messaging4.0-cil - Mono Messaging library (for CLI 4.0) libmono-microsoft-build-engine4.0-cil - Mono Microsoft.Build.Engine library (for CLI 4.0) libmono-microsoft-build-framework4.0-cil - Mono Microsoft.Build.Framework library (for CLI 4.0) libmono-microsoft-build-tasks-v4.0-4.0-cil - Mono Microsoft.Build.Tasks.v4.0 library (for CLI 4.0) libmono-microsoft-build-utilities-v4.0-4.0-cil - Mono Microsoft.Build.Utilities.v4.0 library (for CLI 4.0) libmono-microsoft-build2.0-cil - Mono Microsoft.Build libraries (for CLI 2.0) libmono-microsoft-build4.0-cil - Mono Microsoft.Build library (for CLI 4.0) libmono-microsoft-csharp4.0-cil - Mono Microsoft.CSharp library (for CLI 4.0) libmono-microsoft-visualc10.0-cil - Mono Microsoft.VisualC library (for CLI 4.0) libmono-microsoft-web-infrastructure1.0-cil - Mono Microsoft.Web.Infrastructure library
Accepted ghostscript 9.06~dfsg-2+deb8u11 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 22 Oct 2018 12:50:48 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.06~dfsg-2+deb8u11 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Markus Koschany Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u11) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-17961, CVE-2018-18073 and CVE-2018-18284: This is a follow-up update for the recently discovered -dSAFER issues reported by Tavis Ormandy. Tavis Ormandy discovered multiple vulnerabilites in Ghostscript, an interpreter for the PostScript language, which could result in denial of service, the creation of files or the execution of arbitrary code if a malformed Postscript file is processed (despite the dSAFER sandbox being enabled). Checksums-Sha1: eb7ceab92aa459e2a31e6a2063a7ce021891a6a3 3047 ghostscript_9.06~dfsg-2+deb8u11.dsc 5c2abc0159af39446c79a0581dd95e2474bba977 148852 ghostscript_9.06~dfsg-2+deb8u11.debian.tar.xz 84e0f9e46270581fdfee35dd2568062a82881731 5160490 ghostscript-doc_9.06~dfsg-2+deb8u11_all.deb af2d85f95f65fe6583c80930f91f5b9a482d38ca 1972742 libgs9-common_9.06~dfsg-2+deb8u11_all.deb ad2e5978c18fca2fcf4efe2eea00eeef67a62b0c 85642 ghostscript_9.06~dfsg-2+deb8u11_amd64.deb 31ea314a53d3b9927a5a80632019422246f573ff 76718 ghostscript-x_9.06~dfsg-2+deb8u11_amd64.deb 5f0497a0ad482455010c158c96ba9812d9ef5642 1917418 libgs9_9.06~dfsg-2+deb8u11_amd64.deb 21b322848db6f2ad45cf891815f94486eadfa5e6 2122660 libgs-dev_9.06~dfsg-2+deb8u11_amd64.deb 0922c3e49215b97a6d78ee6aa059a91b3c8c71e6 4879750 ghostscript-dbg_9.06~dfsg-2+deb8u11_amd64.deb Checksums-Sha256: 1b0b489edc2efd46ac8ae29a1db931ce8a9f54c2eda7b63460a1862a9d8f27eb 3047 ghostscript_9.06~dfsg-2+deb8u11.dsc e65e5c0cc016eefc17b0d472b6e5e24bd96cbc9b722fde949366fb991c13fe6b 148852 ghostscript_9.06~dfsg-2+deb8u11.debian.tar.xz 7295bbd796f644de8f50f68cd4734b1273ed5bf00efed4fa5f496fb35fb26b74 5160490 ghostscript-doc_9.06~dfsg-2+deb8u11_all.deb 8fc81ec479dd1b417e54184c5a0349a9c18f36e87f4a57ec682befcc14c50289 1972742 libgs9-common_9.06~dfsg-2+deb8u11_all.deb 5d0a80034b57789861415840f29c3bcd1301575ebff2eb7a831c5fa795dd55da 85642 ghostscript_9.06~dfsg-2+deb8u11_amd64.deb becb8d444aa9c8852383df2c39b8bba9b5e23f5a93d1f45b6a84355c7ddc1863 76718 ghostscript-x_9.06~dfsg-2+deb8u11_amd64.deb 6dc6733b61734610783283341b4977c330a77f1021267686a0394eb2cecd1b69 1917418 libgs9_9.06~dfsg-2+deb8u11_amd64.deb 6fc161d72b8090462b5ef10fca525c8ed61c80d043061e09102b249923210c65 2122660 libgs-dev_9.06~dfsg-2+deb8u11_amd64.deb e8d9930465b65f253c16c3cb09b22f61ff0dc914a62c133e6facd63b70d101f4 4879750 ghostscript-dbg_9.06~dfsg-2+deb8u11_amd64.deb Files: b8b5c2ecdc68b07142c1e71353c72c26 3047 text optional ghostscript_9.06~dfsg-2+deb8u11.dsc 5f9bed931882691647ab4e724fb07f87 148852 text optional ghostscript_9.06~dfsg-2+deb8u11.debian.tar.xz cb942e3d3d6a356f535ee0a2ee2edf81 5160490 doc optional ghostscript-doc_9.06~dfsg-2+deb8u11_all.deb d2f33960f8f4568df892e2e3224850f2 1972742 libs optional libgs9-common_9.06~dfsg-2+deb8u11_all.deb 373d1df3630a57a54515080d021859e4 85642 text optional ghostscript_9.06~dfsg-2+deb8u11_amd64.deb 8bd0ae2e257f9d4d2d3c15ff2a856a75 76718 text optional ghostscript-x_9.06~dfsg-2+deb8u11_amd64.deb b14c8362ef4e019503a1311cbfca1bef 1917418 libs optional libgs9_9.06~dfsg-2+deb8u11_amd64.deb 99ff58e14065f8c553d1ad0f046f450f 2122660 libdevel optional libgs-dev_9.06~dfsg-2+deb8u11_amd64.deb c8b9c8e81d0ccdae3e299f973e3add2f 4879750 debug extra ghostscript-dbg_9.06~dfsg-2+deb8u11_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvNrkNfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HksewP/03z3BzEuCb3DgsqF/n3dC0QhWcAfA3PoqG1 taBazwbpk17ZnoY47RS5F+5h+uPCCq/o+a6VLl62PkLdv8ThbkMLR+56gsCsjQ3v OwGPPt8qp8JZZRTvqpS24dYCmuxoKZ1hz4PIsUpQ+mzOxfn7jALwqH1v9CDzAzde tVCfXff9jws6G9e7rbaRQFu9pRrJjsCxtWHX5qaTboMrlvgyfl0fTgKIxK1XwlvG 1i2pWO06R78vDJziWMOV7oFqXCbsRzQAGDS4jWzuSMzkjkE0gg8KfPFSGSjzZYoy ilFkBr3hJWqBmOGjg9PMoHxoYoCxgbKxMX4yH40DBjPkBIqYahnKEkvuExJ2lVYU N7u2Eun/hKt
Accepted moin 1.9.8-1+deb8u2 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 15 Oct 2018 19:23:10 +0200 Source: moin Binary: python-moinmoin Architecture: source all Version: 1.9.8-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Steve McIntyre <93...@debian.org> Changed-By: Markus Koschany Description: python-moinmoin - Python clone of WikiWiki - library Changes: moin (1.9.8-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-5934: Nitin Venkatesh discovered a cross-site scripting vulnerability in moin, a Python clone of WikiWiki. A remote attacker can conduct cross-site scripting attacks via the GUI editor's link dialogue. This only affects installations which have set up fckeditor (not enabled by default). Checksums-Sha1: 4dbefaa5463460ee4469688295c1c0cd13602af8 2044 moin_1.9.8-1+deb8u2.dsc 9929627c8b5bb52aea705f7cf7c09e4e8c2fde82 149688 moin_1.9.8-1+deb8u2.debian.tar.xz 082445056a26b64c9a9b82c271131bffb906f8bd 7996448 python-moinmoin_1.9.8-1+deb8u2_all.deb Checksums-Sha256: 400a3402de219b44d945d9db2895cd8c4c718a27d68ce554b1fcb0d55d75 2044 moin_1.9.8-1+deb8u2.dsc 184251bc723544d84d93bd55665bf9cc9780aa5b53ae739087ac4a0bb1fe1e8c 149688 moin_1.9.8-1+deb8u2.debian.tar.xz b0870d201cf91cdc439d99cc151c130abf99d5e4a6e596911ec3466fe349b378 7996448 python-moinmoin_1.9.8-1+deb8u2_all.deb Files: d7f86c044ae15eea29358f0833b407b3 2044 net optional moin_1.9.8-1+deb8u2.dsc 9548bf8b96fa2db4d35193738e1bc473 149688 net optional moin_1.9.8-1+deb8u2.debian.tar.xz b00990411962d5b15e0292fb27220c0c 7996448 python optional python-moinmoin_1.9.8-1+deb8u2_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvE9sxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkqpIP/iauXZ1a6mgzUOlMKK6cIXQMBaa47Vg89B5E TrOar9bK0R8UQLWyU9ULhZvgyAtZc9Twb8z+7Ev61JRmn8L7scjtKBOqxF3JXEK3 9+9QaOSdqMzxScoBsWmpQJO86GME8b4pPcs0Mmli/JXSJ0X0KwNcr5tJI4ne8fRn ljV34hyKh8noW3UDSUMZpcjAh5i3itcT3UNClKVxJnSmPP/Ew1B7CK5Qs1NwW8kw w+VsqIlFrFJOIV+x2snjCNkjeKsiZQodvHfy3Nn1GaYufuH2tSJ4oBmfCM0I/iD2 YjnUB7ZY12hnpOLwuKAS60oyHTN0g8GurXFNDzdTpKvMZdE+nhGuWJxqQINd47QA PJVCzAjGh+OURgM8Ci/0MCy6Wvw+tCqnkaugfC9aCl24+3jxPULB+ausjr4HTXlP 9OVPh8HL9zbcy35sbqmUeNYQklwDCZUcxNQN9sFk3WLnwen+nXfhVwLlCk0SuUCm Sq3KYeJ7mF9hD9ST7Iu7S0tcD/kWIrzjMfX3Uz81zbnrYm1aeXM4JhTUuROPyNWu XLnFG0pzl0UsGQ+WGymJ45lGXJmpNJzBWF8e7FEtLpc4QhW+DmWVvetuxT67uhfC VglKduQ3f85p3+asiYAaDrt6OXZg3yb24CfpBVBVdlGnd5LStTqyo5HLJ/nonOtb tH0UZvuo =0duE -END PGP SIGNATURE-
Accepted tomcat8 8.0.14-1+deb8u14 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 15 Oct 2018 14:03:25 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u14 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8- Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.14-1+deb8u14) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-11784: Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Checksums-Sha1: 483bd2b2c0b26b9d4aaba5b973cb6f04f02ac0be 3013 tomcat8_8.0.14-1+deb8u14.dsc 386cde1ba24e2b35b910dff32d9cc3ab7f8195ed 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz e5cedf46b9ec9180944a4eec0a9282412aac0214 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb 64a1525eb33f8c478560c109558f1c8ce59db2c3 48936 tomcat8_8.0.14-1+deb8u14_all.deb f93d431280b9752ee58ffdc776dba62fe830bb0b 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb 9dd8db299c38f5dd1411751e18e048ec29c35e6a 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb fc9cda1b97edb504d8d21cb76772f38bb23afe70 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb 8a54097693c6625fe33576bc73f834dc9c8bfc5a 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb f0fca34ff7506ceb84c8f9a676154af9a4dfd9d0 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb c622c2a7e6398fe5153fb7e53947204d78a785d9 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb 8dd5a377f9c682ea50c34ade4973779299a21173 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb Checksums-Sha256: e2c2423481bd85e92aa36fba817c30ece577ebc18eb6979e9401a2934ea1c532 3013 tomcat8_8.0.14-1+deb8u14.dsc 442f04ad5ee3f95bd45f9dbd5150abd27700514b11c437ab9cf2384ae6da395f 83496 tomcat8_8.0.14-1+deb8u14.debian.tar.xz dc7a757ef96de370dcff43665cfdbf484be76fe9b7105ccd9b2c27e5760897f3 59290 tomcat8-common_8.0.14-1+deb8u14_all.deb 1c829d3de94ad175f5a2ebb5d5340eb73cce9f7dc265ff6b13c1683e818f2f73 48936 tomcat8_8.0.14-1+deb8u14_all.deb a024135f3d7bfb0c24b942ab27d97398fd6494f6ee0481d910f348fd75153cd0 36376 tomcat8-user_8.0.14-1+deb8u14_all.deb e50f8a639c4ea95cfa531fa4b71d882543c4364f3f5e72e4e9842a7c5c202c7d 4593594 libtomcat8-java_8.0.14-1+deb8u14_all.deb 0fc511340e82e1a020681cdb0cf096d911c4cd8ed124c0e716e2dc7699c31a4b 393962 libservlet3.1-java_8.0.14-1+deb8u14_all.deb ef139eb546bddc4368190d890a90d867e62e94bf0a26d434c636b4add794486c 249606 libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb e0871b7c740d51c4f1501013d7dc0e7d105d8a3c30e676a51c81abc077b3ba8f 37742 tomcat8-admin_8.0.14-1+deb8u14_all.deb 063a2970950c7c135a210a9ac818fc579ad05e986fec3515d6ad1c658af65357 195998 tomcat8-examples_8.0.14-1+deb8u14_all.deb 822a137d052ebc85127f73d70b5d1b93451d95b6ca6628afd373cf5d0c2a4b32 691472 tomcat8-docs_8.0.14-1+deb8u14_all.deb Files: 71c81dd1bfa3cf6e2e4152dfb2509e48 3013 java optional tomcat8_8.0.14-1+deb8u14.dsc d43a3a875d44d7c09fd65cc232c33e85 83496 java optional tomcat8_8.0.14-1+deb8u14.debian.tar.xz 58cb5a3f4978cc2fa46d786f0de4a1a8 59290 java optional tomcat8-common_8.0.14-1+deb8u14_all.deb 6e50478115aa2b0ec6cf1f1325737fc0 48936 java optional tomcat8_8.0.14-1+deb8u14_all.deb d7b461f9384d6394d6b8387c7639dc50 36376 java optional tomcat8-user_8.0.14-1+deb8u14_all.deb 49fdd2fdf18af38885aef5d71ede9c07 4593594 java optional libtomcat8-java_8.0.14-1+deb8u14_all.deb 57c90210da0d50df98d2378d9ff5765a 393962 java optional libservlet3.1-java_8.0.14-1+deb8u14_all.deb 0a15081777f61963f71c6472b42c1492 249606 doc optional libservlet3.1-java-doc_8.0.14-1+deb8u14_all.deb a9fdad03f03b8f1aad3e7b819e7a0865 37742 java optional tomcat8-admin_8.0.14-1+deb8u14_all.deb bab2fca7699716779adbb0afdc824543 195998 java optional tomcat8-examples_8.0.14-1+deb8u14_all.deb 4a15fcfe0b317103e6d9a62c55f1a1fc 691472 doc optional tomcat8-docs_8.0.14-1+deb8u14_all.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlvEr+lfFIAALgAo
Accepted tomcat7 7.0.56-3+really7.0.91-1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 14 Oct 2018 20:04:48 +0200 Source: tomcat7 Binary: tomcat7-common tomcat7 tomcat7-user libtomcat7-java libservlet3.0-java libservlet3.0-java-doc tomcat7-admin tomcat7-examples tomcat7-docs Architecture: source all Version: 7.0.56-3+really7.0.91-1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Description: libservlet3.0-java - Servlet 3.0 and JSP 2.2 Java API classes libservlet3.0-java-doc - Servlet 3.0 and JSP 2.2 Java API documentation libtomcat7-java - Servlet and JSP engine -- core libraries tomcat7- Servlet and JSP engine tomcat7-admin - Servlet and JSP engine -- admin web applications tomcat7-common - Servlet and JSP engine -- common files tomcat7-docs - Servlet and JSP engine -- documentation tomcat7-examples - Servlet and JSP engine -- example web applications tomcat7-user - Servlet and JSP engine -- tools to create user instances Changes: tomcat7 (7.0.56-3+really7.0.91-1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-11784: Sergey Bobrov discovered that when the default servlet returned a redirect to a directory (e.g. redirecting to /foo/ when the user requested /foo) a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice. Checksums-Sha1: 69fe475c0aa8ab4cb71914cb83945dbccb0d7668 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc f12c63ba44a21742eab95c3f1811f4ba93637bb9 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz fc26b2d96536f81959489515b19d55b6283ea155 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 521d04e79dedbd18bbf0ece045738ac7a4ea4d94 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb c3356d86eff1017c2fc6d563493401d4aef8301f 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb d99a3f9b073c0c44c54ee43673da92a9accde28e 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb 9bbc767692fad96c3d8137b8897e67e994fc9b2d 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb e5332327e74b804b9a3f6eb7b287adf09c225027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb 48f77ee53eb20cb3b3ada0d451232d649d5a99fd 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb 7448de562dee42e699e14ba918897dd36883a0a8 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb 99246607e99e06a19bbdeeed38305bb448b26a0c 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb 5975a072db7364bf45568915346e4b743c116701 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb Checksums-Sha256: a7eabea262fabfaa93709ae8572dd10bfe14a5f45d0c477a41283aeec6bae495 3026 tomcat7_7.0.56-3+really7.0.91-1.dsc 21c322beff39fb7923dc16920bcfae09d754b05fbd82d91d25c2bd2f5493737e 3281060 tomcat7_7.0.56-3+really7.0.91.orig.tar.xz b73a73db5d4f619abee8f114d4a0facdba22616d2ace290a2428891095274098 52716 tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 05328f4b8f2911cce8dad00d5a20518de9526e24fcdca1b07bf3e4208b6b0e39 295406 tomcat7-common_7.0.56-3+really7.0.91-1_all.deb c3b56f3678644fccf6f8d4e217d218e92235370e74a83133620dd2081b44888d 55244 tomcat7_7.0.56-3+really7.0.91-1_all.deb 27bdd1708d7408c052b8aa121c7679e736b09f5075a6d665c47443b32b326fd9 42644 tomcat7-user_7.0.56-3+really7.0.91-1_all.deb a475ef66be76480b33676124099b554a865f824277e396ab17c4e136fdd04dd6 3821596 libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb 2f5161cc3072bee37056ea8e3bf89bcf5223bc7c9870c1ae65568a0eae51d027 317882 libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb ddb2a80018872ce5ccf33d1591acf2a7427a931b33259e3fd026b230e488ce05 209344 libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb eaef24cd99322eceaa9eaffa05e417d3e696863314bc75c36649541d8beed1bf 39076 tomcat7-admin_7.0.56-3+really7.0.91-1_all.deb ca66d925e13627356a02f3b57ff27b4fe5d6181be827e7c02f5efd693a244389 202154 tomcat7-examples_7.0.56-3+really7.0.91-1_all.deb 88864ac4df41a4463fbdfa262a278b8c590ea817908a81736546c8015dd33905 687968 tomcat7-docs_7.0.56-3+really7.0.91-1_all.deb Files: 8f4cb0742a9838884de556a4af18a3ea 3026 java optional tomcat7_7.0.56-3+really7.0.91-1.dsc 327201f58c939f289e12b3182f77b725 3281060 java optional tomcat7_7.0.56-3+really7.0.91.orig.tar.xz db0c631be5975af5db293e3255f13fca 52716 java optional tomcat7_7.0.56-3+really7.0.91-1.debian.tar.xz 27227bf658b07814d08d02d73b7f0c57 295406 java optional tomcat7-common_7.0.56-3+really7.0.91-1_all.deb e8d589c8dfc0aeffee4eb7d8ddee0003 55244 java optional tomcat7_7.0.56-3+really7.0.91-1_all.deb ce3ab61c8542fe6ee1181ed2b61a8c29 42644 java optional tomcat7-user_7.0.56-3+really7.0.91-1_all.deb 0b5edc54d871330597b252425417dc07 3821596 java optional libtomcat7-java_7.0.56-3+really7.0.91-1_all.deb 12eb522fd32bb9bbe791b16d40ddbbc6 317882 java optional libservlet3.0-java_7.0.56-3+really7.0.91-1_all.deb 2de6ee2b045ceb76fe19e28bd8e5ef44 209344 doc optional libservlet3.0-java-doc_7.0.56-3+really7.0.91-1_all.deb 008fd6faaf921ea8b245be47d11a7d39 39076
Accepted gnulib 20140202+stable-2+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Oct 2018 21:44:14 +0200 Source: gnulib Binary: gnulib git-merge-changelog Architecture: source all amd64 Version: 20140202+stable-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Ian Beckwith Changed-By: Markus Koschany Description: git-merge-changelog - git merge driver for GNU ChangeLog files gnulib - GNU Portability Library Changes: gnulib (20140202+stable-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * Fix CVE-2018-17942: Ben Pfaff disvovered that the convert_to_decimal function in the GNU Portability Library contains a heap-based buffer overflow because memory is not allocated for a trailing '\0' character during %f processing. Checksums-Sha1: 740912607fb276712b245a27be0e39d540997aed 2188 gnulib_20140202+stable-2+deb8u1.dsc d25ef06212fa2099591ff9dc5aeb8543e805a99f 5297856 gnulib_20140202+stable.orig.tar.gz ed9a0f6f3950d7a00afb3ebda0803e302db6f6df 290244 gnulib_20140202+stable-2+deb8u1.debian.tar.xz b47ea63217d7d2740e57854c481e58154c6bc010 4555456 gnulib_20140202+stable-2+deb8u1_all.deb 10c0a4224df6529734f8d646ec1823b05436fad7 951960 git-merge-changelog_20140202+stable-2+deb8u1_amd64.deb Checksums-Sha256: 74e24bb048f873a7a679808c5bd21e949aeccb9348683b75deac2bb1e14c8326 2188 gnulib_20140202+stable-2+deb8u1.dsc 9f028f48e60f066bf511a969c519da705eeefb20d54a80dce88afd0935a845e1 5297856 gnulib_20140202+stable.orig.tar.gz 7fcd2e9aa2a37024ca1033570206a127a9dc706f3dc927857fd963b3406a9747 290244 gnulib_20140202+stable-2+deb8u1.debian.tar.xz d104bd2d5c781c738ad62c1abb66d5abcc98df5395a6449dd2928d4c59098ad1 4555456 gnulib_20140202+stable-2+deb8u1_all.deb 9ab81d9d8ed32dece2a66f3c56b57a4af7168a0f0a4b9be2fa9b5420cee4fb9b 951960 git-merge-changelog_20140202+stable-2+deb8u1_amd64.deb Files: f61fbe5e81a5655ed737ff47476e2ffc 2188 devel optional gnulib_20140202+stable-2+deb8u1.dsc 5fc03f07046c2349449db963602b9522 5297856 devel optional gnulib_20140202+stable.orig.tar.gz 51bb5e7e3e69ce016ca5a8a3c4277ff6 290244 devel optional gnulib_20140202+stable-2+deb8u1.debian.tar.xz 996c6832e6dc1d1907b94e581e5ca00a 4555456 devel optional gnulib_20140202+stable-2+deb8u1_all.deb f3f2e1452ec967d09a7a439536fd7691 951960 devel optional git-merge-changelog_20140202+stable-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu+al1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkeIYP/1n0iyMfihcjxDDhSfApZRCTB6OVUQ4sb/b6 jle32UTl5AFgzvighpY9qpMsbvX5jfsqxKX2cpAK46LZEKIVcolmEj6fXYgIe9Yq Zla0Ijyxl7nMHQgPYojErgk5AcWgE8QyYdN5ovHjKNX2pVkNUmYMR5bGqWgfgMp+ XhWM2ZBBE6ftcQdSyIeiqnOSRbDmTUsavmtETvVelVQuaRrWYgnhlSb8Tla/KV8/ 9AWd5Wy4ek4f1lIqZnw+kWpgrA16pdVsqgIuldrNoNyK9DIFmNp5RcISem334okO 87XhGHSheu8HrLUM0BWdMfIuWJoIXAg+s0bgiJ0IAmNrsQpPUx+qDtLXSU4JoTMf dwiztDsSnByazK82doIM7XqLaz9vC4ZCqjcH3DE+/kTJfuF9CnZgelAssZk2mQln 1SKRgw+IPpFO6tiFPG8QHfEKhQBZMqPGtc4xQzv8EnCph2Xe6o4gf3zWlXIeX7bg AVVg8tj+iPnJIrcHPg/celNicmXNPBv5DWfprq1S6eFZITobrsNoGOAn4Y5E6CvR fs83j/IagaJx7Yw4bNqeBBI1IduRE0Avo1LgY/JWWd2QImu1KuRC9zAvIhLRek3a GaKwJO+dsgGUJz6bcA1Q8QmqU4tQg9J2kviUcxvoPIfJAQEwsaf2EXoEvW61E+e6 h+dBk0ee =TIxa -END PGP SIGNATURE-
Accepted net-snmp 5.7.2.1+dfsg-1+deb8u2 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 09 Oct 2018 20:38:49 +0200 Source: net-snmp Binary: snmpd snmptrapd snmp libsnmp-base libsnmp30 libsnmp30-dbg libsnmp-dev libsnmp-perl python-netsnmp tkmib Architecture: source amd64 all Version: 5.7.2.1+dfsg-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Net-SNMP Packaging Team Changed-By: Markus Koschany Description: libsnmp-base - SNMP configuration script, MIBs and documentation libsnmp-dev - SNMP (Simple Network Management Protocol) development files libsnmp-perl - SNMP (Simple Network Management Protocol) Perl5 support libsnmp30 - SNMP (Simple Network Management Protocol) library libsnmp30-dbg - SNMP (Simple Network Management Protocol) library debug python-netsnmp - SNMP (Simple Network Management Protocol) Python support snmp - SNMP (Simple Network Management Protocol) applications snmpd - SNMP (Simple Network Management Protocol) agents snmptrapd - Net-SNMP notification receiver tkmib - SNMP (Simple Network Management Protocol) MIB browser Changes: net-snmp (5.7.2.1+dfsg-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2018-18065: Magnus K. Stubman found that an authenticated remote attacker could crash an instance of Net-SNMP by sending a specially crafted UDP packet resulting in a denial-of-service. Checksums-Sha1: 795c7c988de8827eada266066a123b663c944a55 3225 net-snmp_5.7.2.1+dfsg-1+deb8u2.dsc 3f56310121760b0b633724b9d1fc81ca175bfb7e 64860 net-snmp_5.7.2.1+dfsg-1+deb8u2.debian.tar.xz d561819180dff71bedf3e386f6c9ea104daf12cd 56756 snmpd_5.7.2.1+dfsg-1+deb8u2_amd64.deb 270d9f4b528475c7f6f72976667c91e02858483d 23104 snmptrapd_5.7.2.1+dfsg-1+deb8u2_amd64.deb c1aa7513e3684d08e2ada75b86ca22306d3928cf 146944 snmp_5.7.2.1+dfsg-1+deb8u2_amd64.deb 04d2e7c64a16aa1930d9ac0c6998c75f67ff0009 1544168 libsnmp-base_5.7.2.1+dfsg-1+deb8u2_all.deb aa5b26e6639e9fd0f3d81267ae4f74e6f2184510 2154948 libsnmp30_5.7.2.1+dfsg-1+deb8u2_amd64.deb b53cfccf19719fde765958bfabc41f7507fb44b2 2015372 libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u2_amd64.deb 9487aaff0680973706d5b6aeec099a512511abab 1074832 libsnmp-dev_5.7.2.1+dfsg-1+deb8u2_amd64.deb 53ddede78551b2166c3fbdbd2270c4a0254e7f92 1459570 libsnmp-perl_5.7.2.1+dfsg-1+deb8u2_amd64.deb 4d7a61414a71591a199678a69cfdfc5d3845950b 19676 python-netsnmp_5.7.2.1+dfsg-1+deb8u2_amd64.deb 2fd202c12ed6e5d2ddaadd8f77b6c92b75c58273 1431262 tkmib_5.7.2.1+dfsg-1+deb8u2_all.deb Checksums-Sha256: 3a517ede563e2094faded904f5b722fa3921452ce843cb9b20933461d7a9ca52 3225 net-snmp_5.7.2.1+dfsg-1+deb8u2.dsc 4b67959a12846a386e0e0e720792b6aedc6dea4cfe9be9d82bc4e5917098c606 64860 net-snmp_5.7.2.1+dfsg-1+deb8u2.debian.tar.xz 144933ac023070d617e7334922cadedae0869bb75c078b660362647295648070 56756 snmpd_5.7.2.1+dfsg-1+deb8u2_amd64.deb c025e7400602681ac2706e696f56b86a77c7478ff6e99d0a5a318f3af9de6be6 23104 snmptrapd_5.7.2.1+dfsg-1+deb8u2_amd64.deb 32472608d6221419297fbb530d2aadad66bca1c7594f75d71c8022879a69f34a 146944 snmp_5.7.2.1+dfsg-1+deb8u2_amd64.deb 4fb3052602dacbcd890f21afb2687b3ac340876b2aea33956a139964748e88b3 1544168 libsnmp-base_5.7.2.1+dfsg-1+deb8u2_all.deb 5af0ce5a7ef92494a98c0482df4fae694309b8e11133df54ab1ca4c332ad3d5f 2154948 libsnmp30_5.7.2.1+dfsg-1+deb8u2_amd64.deb a29f4b2d170e2cf607832c38821dd5ca17356b916277eee71be542e878edf542 2015372 libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u2_amd64.deb d5c9b8267e6b369bb14306bd1a4843a04e1933b7bf85e3fbe8ce62b82f7d7ead 1074832 libsnmp-dev_5.7.2.1+dfsg-1+deb8u2_amd64.deb f1950a4289c54e59a60ff1a3316964d32fb9d7269aa07d90aedd00f31ef601c5 1459570 libsnmp-perl_5.7.2.1+dfsg-1+deb8u2_amd64.deb d0e8f006d497a0bae4282d447efd25dbf6fcc916ac6051d81c201f249c91ad4f 19676 python-netsnmp_5.7.2.1+dfsg-1+deb8u2_amd64.deb d2876927fa7c07264fe0accf5d67d0be5f82ea339f06421b1ac94c9a446414c5 1431262 tkmib_5.7.2.1+dfsg-1+deb8u2_all.deb Files: 8e070224c899832459a95ff082f1fe66 3225 net optional net-snmp_5.7.2.1+dfsg-1+deb8u2.dsc bad247fbe11ae4bd63a439f3a00838a6 64860 net optional net-snmp_5.7.2.1+dfsg-1+deb8u2.debian.tar.xz bd2c0508fc3aafbf4713b799792d4474 56756 net optional snmpd_5.7.2.1+dfsg-1+deb8u2_amd64.deb 4fa60574c8a25f7d8b320e36d57edde3 23104 net optional snmptrapd_5.7.2.1+dfsg-1+deb8u2_amd64.deb 3c5995b4b2b8bbef055ba26b4b53daa2 146944 net optional snmp_5.7.2.1+dfsg-1+deb8u2_amd64.deb c546fd1333744a4b70ab826356366ebe 1544168 libs optional libsnmp-base_5.7.2.1+dfsg-1+deb8u2_all.deb 24cb08ecbee0cbe89f012027e9e523e0 2154948 libs optional libsnmp30_5.7.2.1+dfsg-1+deb8u2_amd64.deb 9a220f81ff776620a9b868a3ccab9e4c 2015372 debug extra libsnmp30-dbg_5.7.2.1+dfsg-1+deb8u2_amd64.deb b2a486bbba0b46e1c728655b2af1b9bc 1074832 libdevel optional libsnmp-dev_5.7.2.1+dfsg-1+deb8u2_amd64.deb 46d9e67bdd977f859af9ba91f7589c68 1459570 perl optional libsnmp-perl_5.7.2.1+dfsg-1+deb8u2_amd64.deb 5cc8d8ea0ae0f53d31bae8b8226768b7 19676 python optional python
Accepted php-horde-kronolith 4.2.2-4+deb8u1 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Oct 2018 23:06:04 +0200
Source: php-horde-kronolith
Binary: php-horde-kronolith
Architecture: source all
Version: 4.2.2-4+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Markus Koschany
Description:
php-horde-kronolith - ${phppear:summary}
Changes:
php-horde-kronolith (4.2.2-4+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-16906: XSS via the URL field.
Checksums-Sha1:
e75f92d4208bf7dd3162e5fc062411cc7280ee01 2324
php-horde-kronolith_4.2.2-4+deb8u1.dsc
bfcbedfe4d1446bf2b1eea0635abc89229ce0a16 2570394
php-horde-kronolith_4.2.2.orig.tar.gz
a484acac801e577efdd0e7d3198841999818f24e 6728
php-horde-kronolith_4.2.2-4+deb8u1.debian.tar.xz
7e17dfc6c55b02c7eac899591b08038af9e93215 1330332
php-horde-kronolith_4.2.2-4+deb8u1_all.deb
Checksums-Sha256:
dc664313b233d2f4ce737b8627cf11c042d6caf844103667621970a96d378dd2 2324
php-horde-kronolith_4.2.2-4+deb8u1.dsc
f4fc34e1da3759976c30af404df938680631f44c596eab88248c09097d59ef76 2570394
php-horde-kronolith_4.2.2.orig.tar.gz
026690db160ee324756c41b85658d3aefbc7a77637fd3f9a7e1818f615204bda 6728
php-horde-kronolith_4.2.2-4+deb8u1.debian.tar.xz
b31048f20ddd963bb096f3ba988774afc84965ad7bb03875a30fb3edb8954279 1330332
php-horde-kronolith_4.2.2-4+deb8u1_all.deb
Files:
fd5c202e4fdac59014ca2a889cab26c1 2324 php extra
php-horde-kronolith_4.2.2-4+deb8u1.dsc
270461d71b7ecbdf716abd8f544e0b11 2570394 php extra
php-horde-kronolith_4.2.2.orig.tar.gz
c3b76a9ff933218f0d59b576836ec0a8 6728 php extra
php-horde-kronolith_4.2.2-4+deb8u1.debian.tar.xz
1f3bdc225fd3b98e7b224c6bb864df7a 1330332 php extra
php-horde-kronolith_4.2.2-4+deb8u1_all.deb
-BEGIN PGP SIGNATURE-
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6dpFfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkx4cP/1mJfN2jm1/J6E6e3obEG0URpss8szO1+hK4
EtXT16t5F+cS9MocazR1Vf1Xr9mga8gSA/6TOOPfC5VbNI3N9bV1W3ktnWwuqRcX
UrCnmOoN0NJd+lTDIa0717eJDG66ARJ2DYIB4Sq/mwihmasVYtmnAKX5V/1Mgwm9
hioi7jot8s9Xjz1bX/tTkJ5CwESnwvhaOxHUuq+slFH3EOXN25yAVGP3v9DcmY6L
W5F9RaJvYt6V7JzCqjMaylEO4MB8123SqG7JgeeBbgNAOEMuucomExt5Fo6/GcS4
z386pRCREggrfig5LoMC69iHuxkss5ZZLvKumtiKzymBw1fuyx2OIENczk8uEJus
E2F5bMVaJTJG4zV9b4gqwSr8W8Qg20CO1wvXqonM5l7oZQLaSFDyY6veTW5JSpTh
Rt3UlLtTF16t1YYXVshuz2T5iJAwkHbEUftWOsp3jO2qIK4RlFTox8WcVmXr6wIO
3WqlM315GXs4pmQMkJLM8ucB5pG4P8r68WDfD2v79J7MhFEm81oPXS1tvPsnEOUh
C1d5JHOOXcLmrYfvUrQ6MZ+R0G0AKnMM3qXyidfDPofu4RC57u5VAKmdkCQJV5iU
zMrnt/rsi8odiZyb9iytNPLDtKrnehOI9nebrSbF/sofyindXPz+HB4HjQnJw3m9
CrtBnsZS
=yX9E
-END PGP SIGNATURE-
Accepted php-horde 5.2.1+debian0-2+deb8u4 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Oct 2018 18:09:00 +0200
Source: php-horde
Binary: php-horde
Architecture: source all
Version: 5.2.1+debian0-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Markus Koschany
Description:
php-horde - ${phppear:summary}
Changes:
php-horde (5.2.1+debian0-2+deb8u4) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-16907: XSS vulnerability via the Color field.
Checksums-Sha1:
a17a8186e79f185afe75fea5a8682059a463f7bf 2205
php-horde_5.2.1+debian0-2+deb8u4.dsc
01ad34440ccb5875333c2859268b55710453ea8e 13868
php-horde_5.2.1+debian0-2+deb8u4.debian.tar.xz
4dd1465457d2d1be91fe9b7589a4b46fdc912c47 1686924
php-horde_5.2.1+debian0-2+deb8u4_all.deb
Checksums-Sha256:
13b720306b2a3c1cba40f3ecb0bcaa90a0a5f54db686f5e49b16e8b342734e6b 2205
php-horde_5.2.1+debian0-2+deb8u4.dsc
0aabccce0f3b499377b8644c0be35cf87a739fd1627062835b7e2f32b3d9e7ab 13868
php-horde_5.2.1+debian0-2+deb8u4.debian.tar.xz
58097c7dad646288c1780e995382a3030b377677bb498c312579d63b34ddcdf5 1686924
php-horde_5.2.1+debian0-2+deb8u4_all.deb
Files:
5d5cbab095afe288bd72d37e7e7a857a 2205 php extra
php-horde_5.2.1+debian0-2+deb8u4.dsc
40fb654d36233123d5b59da02999b4eb 13868 php extra
php-horde_5.2.1+debian0-2+deb8u4.debian.tar.xz
946a90cbdb6277abe343a460b95cbe18 1686924 php extra
php-horde_5.2.1+debian0-2+deb8u4_all.deb
-BEGIN PGP SIGNATURE-
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6cflfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkIDoP/inFZ+pr8GSSxcOLYyiesL+WCv9L88Ouo1oq
bVCXY/BDH7HdqgFQQKOR0hwnMZA7EI/6NqiscvkZ8Z5byFqDsOQ+wFH+Br3F34Pb
+CYgnCH3A0eBLZGyxz1CIy2w/BKdkPq3+AzbAuZdiFruLWKrCYn3ugm0zsfGcAaM
k9sAVmFarOsAgTXWAhGySW6yG/y/Iy4sHXc7kZTYuE2Lm2sUmgg3NcvGwiGWkKqW
XLD8GZcxZhj7bzK+N2F3sbzh+2gvD0ZE4ZxGFbDxI9gA+yM6PM/vXMtg8bkbXlSM
VVZGp0fc+nMTMm7Hno24BwYa0Ww2wa/Fr8YyKzBxfkNMCB3j/Yth+9Ztyw11t3ZO
170o0biyZe38er93/1IoqMnGj2+FptfiF/BpP1TWlGA5iVcz7QW9J8mHI1p/CHOx
tti1oui0k2Ab4Go3e0vZi2NFRYvVMZaj7eAW70wXrt+/UM7TGtfF7IiNn+gcL/zC
+Cu1UcrMxiwPCVhGSAuXmE6Pd/RSTxK31ewCM0/k1PU1GRoJC9Y8nnbssv3Ma9Ip
VL8i+aHPM8IwPVvbdfKWr1YzRYfUSAbXrpoIMQpEOrrpEsISsgV1kmNcKIfZj3bv
8woIA7OlAsholDSygtUvwPsEGz7YvqEAPNggDXD8VbwppbNiN81lT4HSBmc2QyPR
if/Q9qDh
=KiR9
-END PGP SIGNATURE-
Accepted php-horde-core 2.15.0+debian0-1+deb8u2 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Sun, 07 Oct 2018 18:33:38 +0200
Source: php-horde-core
Binary: php-horde-core
Architecture: source all
Version: 2.15.0+debian0-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Horde Maintainers
Changed-By: Markus Koschany
Description:
php-horde-core - ${phppear:summary}
Changes:
php-horde-core (2.15.0+debian0-1+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-16907: XSS vulnerability via the Color field.
Checksums-Sha1:
e0cfdd003dcd263f9e0ea2c87f7726517df2b28e 2340
php-horde-core_2.15.0+debian0-1+deb8u2.dsc
1effe399407d4bc4efad05538edbdd7bb155b0fb 5516
php-horde-core_2.15.0+debian0-1+deb8u2.debian.tar.xz
d8eb2011fd7dceb126e80a44ef63ec3b0a01cfc9 925502
php-horde-core_2.15.0+debian0-1+deb8u2_all.deb
Checksums-Sha256:
8416ed49855be46386e0cab692de5363fe2d5a7a388952352432714b4a6cffc7 2340
php-horde-core_2.15.0+debian0-1+deb8u2.dsc
0bb5bf40e9dbbdb3671619de6dbb4b1b0e707ec5518c5c476a8d14a540805650 5516
php-horde-core_2.15.0+debian0-1+deb8u2.debian.tar.xz
7c3a3137040f7f144228e8892ee74f1096608696b5c0380d2e220f0d1af8 925502
php-horde-core_2.15.0+debian0-1+deb8u2_all.deb
Files:
051a9edcb6f09b223db5a0044c8d2137 2340 php extra
php-horde-core_2.15.0+debian0-1+deb8u2.dsc
b2fff58f61de7f7768ad47952176aaad 5516 php extra
php-horde-core_2.15.0+debian0-1+deb8u2.debian.tar.xz
28067ecacf3d0c6c958b0321c692593c 925502 php extra
php-horde-core_2.15.0+debian0-1+deb8u2_all.deb
-BEGIN PGP SIGNATURE-
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlu6dRJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkugAQAM9qIOjQtsuiUvatn+O+/wWjtEDt9ye1AiFT
2uryjePrZd38Dg4NI9xYKgfaL0wbPciLqkEvKkBSnM/YbA9ojhCFNCBfOvo8stTJ
cpHKUBNlOIesL+NIrQVYGb3xMi5npigDY6gmyubLY4+xGBbUns9lq5dBDZPG69QC
6tHPMZ5uQI29IV09uQ6Vtnq/xxZ6JSH35KjbbGs4IuqtZC1fU/8IHYjCgOK+eGuT
s8Iutl+zsl44EDMVK3LpcXLCQy78GY2NEy9H7lTD6cJS8FQLc1pmTIb0PLu18vJB
L2NVkKLX2mVsl9V4xL5ZrQ1kvlCFEZhmKeKBtAUeFJKOp+ILSdcYDtsSZ9Eok5/V
8KkXpGQxUIwRuGNygGc9HyorzQMOPXerzjiUegmEZApMrAeG/4npQIMuI8bMHELE
OQXpdOfTCvmnD+lalAHbAopfAnzp91yx+by0C8ZPlS/uesd3pkcsP1Np8CF0dFDO
DTjsfGttnKXJm329dGPUaEfsqFS/beJrmJIQRKm0Pu+K+vMmHzdOU/eeKmmC9tLO
x90A6tl+cQx1AKDfXr/xZ0+uFh1aaCEJMhOf9WErkfHLI/5R6QjdfuBvlVVATgT9
JXIUgUl3RFtXqToK1WwEKkVjC3g6UD2MTYKz9+UdjnvVDgyq6T72zSjvoFIG/KUL
vC7WbEF+
=U/xc
-END PGP SIGNATURE-
Accepted ghostscript 9.06~dfsg-2+deb8u10 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 01 Oct 2018 12:20:22 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.06~dfsg-2+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Markus Koschany Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Closes: 90 Changes: ghostscript (9.06~dfsg-2+deb8u10) jessie-security; urgency=high . * Berkeley Roshan Churchill reported a regression caused by an incomplete fix for CVE-2018-16543. The pdf2ps tool failed to produce any output and aborted with /rangecheck in .installpagedevice error. (Closes: #90) Checksums-Sha1: 06d003eebc1adbb248a3c86e823185eb2536231d 3047 ghostscript_9.06~dfsg-2+deb8u10.dsc ee0d3a87041c5db3193bf4a4319c8f52f52a6957 131784 ghostscript_9.06~dfsg-2+deb8u10.debian.tar.xz 252fefb4f93da4eefb42f7556512d2934d4c6d53 5160308 ghostscript-doc_9.06~dfsg-2+deb8u10_all.deb d79b2b4407b5f83be89321e541eff9016ad8 1972460 libgs9-common_9.06~dfsg-2+deb8u10_all.deb 49c9c82a8765a754da5b34eaa41f99a866399d24 85616 ghostscript_9.06~dfsg-2+deb8u10_amd64.deb 5266948ce3b395c8026f714198084da94f7288d9 76462 ghostscript-x_9.06~dfsg-2+deb8u10_amd64.deb 8b23f88e82435afc0c3458c969f0dbb28ff5eda6 1916082 libgs9_9.06~dfsg-2+deb8u10_amd64.deb 6c98f03a40dc5b305cef54ab25b059792b74 2122454 libgs-dev_9.06~dfsg-2+deb8u10_amd64.deb 548386e52b2642181144467537986cc267508715 4881414 ghostscript-dbg_9.06~dfsg-2+deb8u10_amd64.deb Checksums-Sha256: a5a2593c93285367a17254951a783b744105622f32b9c96f4ea124f2b52b72b8 3047 ghostscript_9.06~dfsg-2+deb8u10.dsc 0c5fa215182ec7a9980fa131d5f7c0fe9ff62d0d823d59815797bed82c8a7a65 131784 ghostscript_9.06~dfsg-2+deb8u10.debian.tar.xz 6df4e6ad27467ab206cf101e13cb8adda1b4738d9aacf6211d6c25500390c858 5160308 ghostscript-doc_9.06~dfsg-2+deb8u10_all.deb b846a7a2aa2b0cd44c0c0f72152a583f66dbd253a31845ab6a21fa2a148b0f94 1972460 libgs9-common_9.06~dfsg-2+deb8u10_all.deb 1954bd90ec6e80fca3a857dd0a5af4e5c7ca27daf29abafc6e41a897dd378774 85616 ghostscript_9.06~dfsg-2+deb8u10_amd64.deb dfcc9a58e58e3705be52b1510b8146d9624ab1c8b9f84eb14493bd6ec94f56fd 76462 ghostscript-x_9.06~dfsg-2+deb8u10_amd64.deb 4f1c2786bb77e28d07e3288d4abe14bbf814d4911c68765e7a0fef961f5d7e41 1916082 libgs9_9.06~dfsg-2+deb8u10_amd64.deb ae5e3bca3e0c45b30c5e2857534b898955fe0592287b963efea875972bb448d5 2122454 libgs-dev_9.06~dfsg-2+deb8u10_amd64.deb b9491fb5ab03d386b04f20a61c815c431dd0853ab65742145488773c0f3d9da5 4881414 ghostscript-dbg_9.06~dfsg-2+deb8u10_amd64.deb Files: 66f21aa5e3710762decccef869bc85e8 3047 text optional ghostscript_9.06~dfsg-2+deb8u10.dsc a17839f2cc991f4fbc26cf353ee7cfad 131784 text optional ghostscript_9.06~dfsg-2+deb8u10.debian.tar.xz f6a37ef0c930babe21f9b68f1dbe8b2d 5160308 doc optional ghostscript-doc_9.06~dfsg-2+deb8u10_all.deb e21a4aef3ad5d74ce7bd168a31672cc5 1972460 libs optional libgs9-common_9.06~dfsg-2+deb8u10_all.deb 3ae662100fb98cfe3dcf00dcf7c366b2 85616 text optional ghostscript_9.06~dfsg-2+deb8u10_amd64.deb 221ab889a906ff25eb39cd805558b05d 76462 text optional ghostscript-x_9.06~dfsg-2+deb8u10_amd64.deb d4f247f79ea42049a669f77d27247d79 1916082 libs optional libgs9_9.06~dfsg-2+deb8u10_amd64.deb eaf54432c8a50cd34a782b804a48a708 2122454 libdevel optional libgs-dev_9.06~dfsg-2+deb8u10_amd64.deb 4c9b3dbde82e9f8a5510daac77fb8481 4881414 debug extra ghostscript-dbg_9.06~dfsg-2+deb8u10_amd64.deb -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlux/1xfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk0nkP/j5RV21i1R+Z9PzCIReo3SE+xTN4LmFPICzw 4LBJmtQQKryEkyCvRRpjfRdXDnfYGzdAbRlPUaNfKgXEMaqV8vORfqPgvbRPInl5 kU7pzkMAqpcVqzys8cKAAlJ8n1wGhfRkDG+QaJVqTQJ9AIswPvTXL286sMltHLSk KL7SQjdK6VN+jqoluBPWo+STDN2j8H1ShM2dOkN1Oc5mLD0e1NKXNHQv2zvgRcP3 VWPO5gx/bFS3qKgEmzDfNmAPjeARGiPohD0Uj4qtJ7b6DejzLMtIRNzJKJfkr7DQ WWIKX4qshN7iBcU5/RQ6aMai5POGvXEG6GKbPilrzASYN7abkzi82Qc9qsPcJpxl RRi3/3qw+7wgmKZo3++u97NQBIWUmKK6gLoV66hZeaR/IYM1nOaEHIXXmeA+nv+j 2X/2RrEhDElrs8fhYoJtNgtchAqLxo5U9leYZjzcqbm8NnyJ0Ua5CmcRcKgR4LWe 8XNUXqrS41RE8JBFrw/v7aLFJYm2zEayD4FEejvpl8pPNnt6fWOeSRPCJB/a1gQ4 8UeVj+6PwCf0G/Gk27yVdxgW9Xo+ns3gfDMBvHZh1jnnJaJ1r1g2sCE8P+bP2DLO kFaB5VVpEf5Ddkeo8O
