Accepted gpac 0.5.0+svn5324~dfsg1-1+deb8u5 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 20 Jan 2020 13:17:16 +0100 Source: gpac Binary: gpac gpac-dbg gpac-modules-base libgpac3 libgpac-dbg libgpac-dev Architecture: source amd64 Version: 0.5.0+svn5324~dfsg1-1+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Sylvain Beucler Description: gpac - GPAC Project on Advanced Content - utilities gpac-dbg - GPAC Project on Advanced Content - debugging symbols gpac-modules-base - GPAC Project on Advanced Content - modules libgpac-dbg - GPAC Project on Advanced Content - debugging symbols for libgpac3 libgpac-dev - GPAC Project on Advanced Content - development files libgpac3 - GPAC Project on Advanced Content - shared libraries Changes: gpac (0.5.0+svn5324~dfsg1-1+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-20161: heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. * CVE-2019-20162: heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. * CVE-2019-20163: NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. * CVE-2019-20165: NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. * CVE-2019-20170: invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. * CVE-2019-20171: memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. * CVE-2019-20208: dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. * CVE-2019-20168: use-after-free in the function gf_isom_box_dump_ex() in isomedia/box_funcs.c. * CVE-2019-20169: use-after-free in the function trak_Read() in isomedia/box_code_base.c. Checksums-Sha1: 39565addf58a6271511493ea63ee3411d3fdd841 2431 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 576ca9d9ad896639b0bf4b61ac58ca6ab9a84845 40184 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 0f45ca543dedf827e9f4654d12789a4d78194276 245412 gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 36643dc5909eb0c3b4632777a8c4ee2db44bcf77 1284442 gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 620c4386e105be061172931f2e2a8fe6b0ee68ee 234192 gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb a8a21d9d778711aa430a267435d8845457a98d9a 1486086 libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb fc226170877b332bba089c55a46e0e4cc5a357b2 4839074 libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 2497b174e24aaeb44189e81834600b0013901d99 1985068 libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb Checksums-Sha256: ed2165d9a9f9763d9bdce738456140d4d4e955214f857e4b8e98aaf4b06b0ed4 2431 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 73e6e7449307ecdf2fa6cba6158838c6503caf64145c4d99ce6d08b5ca32677e 40184 gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 5700a7434bcbfa7c73ea1edc8e103f63a444d054963b023e0179967da0c018a9 245412 gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 9230709ffca25755bbaa7914005a4fa1164fb515e209c2915e6ffc82d40fbb62 1284442 gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 5926503c597796133460046ebd8a011055a6eb6fbcd11a265d298c31810c79fa 234192 gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb d9f130d93df539d70cb5e45599517cf7a474617db397465246c7a01da699b6a4 1486086 libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 6e96b480a6a080ffe0e49eb8bb1f64393b219515b65970cc1d132b82318c932e 4839074 libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb f35c8ef06d9d33a8fd62d6401fa07e4787116070748d27e8245d55686f049f05 1985068 libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb Files: 27ab058c58b40fb23d6c6e2395ef636d 2431 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5.dsc 5090537d06128da952f95269acec2bd3 40184 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5.debian.tar.xz 4cfab1145d04a112bfdda76ae931bc80 245412 graphics optional gpac_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb dc3ef98b49deb9ccefcbd252bdf02c3e 1284442 debug extra gpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb d9604af72b61d146b7a29145d3b9e12a 234192 graphics optional gpac-modules-base_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 727f4e1c08f081a61fc2de7ae5da066f 1486086 libs optional libgpac3_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 8991f571e1c82639bd97a93df6b2ce6c 4839074 debug extra libgpac-dbg_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb 91f9dda08c34c3fed7ed435c6d3fe861 1985068 libdevel optional libgpac-dev_0.5.0+svn5324~dfsg1-1+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl4lokQACgkQj/HLbo2J BZ+DtwgAgJmGmuVWNu5MzSTnO8ywnWQvpnAf8MCgjWtamGreO37YZYdF/CvH+2lz 9sKYJAYHuFGJe8kYWBgZ1ofTBjZXSDzNwv4t2+CiIM8zO7zr1sSpO45Gp5nuH46J Xlhqbl6PiziEOOiBr8AH1JoGcLpDZ1NoofV5/gZwxKsvRJK4HIQsg0XiOSmUzcBy wz5/d2+2s4ER8d9duvsyUSemZZhxioDBuSN+132U2lD6/Mo3C/rxEclr6oYam/lI GdueGW8S93Xtx/OqNVRvLstGPjnedO6Wlp4cdsLy
Accepted wordpress 4.1.29+dfsg-0+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 Jan 2020 23:24:13 +0100 Source: wordpress Binary: wordpress wordpress-l10n wordpress-theme-twentyfifteen wordpress-theme-twentyfourteen wordpress-theme-twentythirteen Architecture: source all Version: 4.1.29+dfsg-0+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Craig Small Changed-By: Sylvain Beucler Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files wordpress-theme-twentyfifteen - weblog manager - twentytfifteen theme files wordpress-theme-twentyfourteen - weblog manager - twentyfourteen theme files wordpress-theme-twentythirteen - weblog manager - twentythirteen theme files Changes: wordpress (4.1.29+dfsg-0+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * New upstream version 4.1.29+dfsg; fixes CVE-2019-20041: wp_kses_bad_protocol in wp-includes/kses.php in WordPress before 5.3.1 mishandles the HTML5 colon named entity, allowing attackers to bypass input sanitization, as demonstrated by the javascript substring. Checksums-Sha1: ab56ff20e1d7739ca271dc12994ef8dcf048042c 2223 wordpress_4.1.29+dfsg-0+deb8u1.dsc a2a7200ab6924af21b3e2bd0161869332603f61d 4644596 wordpress_4.1.29+dfsg.orig.tar.xz b91b2567ee2ef38e678dd5238a79832e1a56566f 6079436 wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz df2f944a4db2da7d1a4d1430584ca316b12aaa96 3069732 wordpress_4.1.29+dfsg-0+deb8u1_all.deb 21d7b2fbce3cdbc213c472a6c98e23c46c214f0e 419 wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb 82985760629d960d6d8c8597f4aa4c689ef4ad49 505770 wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb a3eb43a1ac368a560aca48f696ccd4b8df4124ac 804786 wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb b396e3cbad4c8ea4f7a97c4fcc04e1143003ede4 323804 wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb Checksums-Sha256: e3db8fe777b3e3a7a9bb818ff543eca34e8cbe3a922448404b4e3739c9f93385 2223 wordpress_4.1.29+dfsg-0+deb8u1.dsc ec71dae91e9de3d04633139226b58fe6edab84ebfdcd7f660e8eb68f8ad51c23 4644596 wordpress_4.1.29+dfsg.orig.tar.xz 18ee7feb02c1394e608191fc711586d7da27c7348b078fa9240f9aa4239a40b0 6079436 wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz 66c0526136ef68c8b95c0a6044171fe22ee4281575ff3cf8e9142cb85b7941d9 3069732 wordpress_4.1.29+dfsg-0+deb8u1_all.deb f888682f14b76d4069ac41aa15b1e85f4838bdcd4348be8a71a2c15d38ca5e07 419 wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb 4bf7bee755a683cd340a95470166350b6c277d00a6330e668a162d8fcf4b0088 505770 wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb e62c2c3320fb7c8eaf2849b1f24c9e7300bc2a4860022cc81cca2295d7cb1f7d 804786 wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb 2b252f33cb61d58b5a8229b52416f1fef8502f1cd8da1d605e640504df8970ee 323804 wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb Files: 41295f56a19ec1f0f5b4ad49948aa200 2223 web optional wordpress_4.1.29+dfsg-0+deb8u1.dsc 887c2d35c5d63c850a76c51f0955c2e1 4644596 web optional wordpress_4.1.29+dfsg.orig.tar.xz 08deaa0a35dfc420d0f5048ef9375358 6079436 web optional wordpress_4.1.29+dfsg-0+deb8u1.debian.tar.xz e237726bed4cba4f9f18534f257bb7ce 3069732 web optional wordpress_4.1.29+dfsg-0+deb8u1_all.deb 36f34cace8de9e7e72e4141b71abdcea 419 localization optional wordpress-l10n_4.1.29+dfsg-0+deb8u1_all.deb a0ae9e898b24e35b6069bcc632199c37 505770 web optional wordpress-theme-twentyfifteen_4.1.29+dfsg-0+deb8u1_all.deb be25b870604de0ef9726778da12b5708 804786 web optional wordpress-theme-twentyfourteen_4.1.29+dfsg-0+deb8u1_all.deb 10d4f3c018eaa0e29aa84caa4bbeb6be 323804 web optional wordpress-theme-twentythirteen_4.1.29+dfsg-0+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl4dppoACgkQj/HLbo2J BZ9/Fgf9HDmal7elzRPVtqcMPYRvYa0NkgJTgyAIQxeWqhZCC3jXGkMdmMdE1fL+ yhsjIReTBPvHEOM8ubTjXVSeZjFAfq1YGgWroIfEfujHqlxhxmASwUVqKYdMT7lD TZwmhw5WBsdw0JrSCugu6GOiB/LXtIpXfVFmi2+C9AHD2wpzbQuIe4pVjJv6jrv0 QRkI2f+7WkhAqd0MopKA/fSiygDW5IgePmpDDrFBnDzLg7PQCAW9eFpspOcKXX8f K3nxJfqv2YTds6ej3PJc9fE/ssXXO7/3bwsmkXqob+WawgXN+4jjyKqwJN2UzpDW KMFoEUAUMzOOuwEL0T+3EAcgYziUtA== =+d20 -END PGP SIGNATURE-
Accepted libav 6:11.12-1~deb8u9 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 05 Dec 2019 17:27:00 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: Sylvain Beucler Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-17542: heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/vqavideo.c. * CVE-2019-14443: division by zero in range_decode_culshift in libavcodec/apedec.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv. * CVE-2018-19128: heap-based buffer over-read in decode_frame in libavcodec/lcldec.c that allows an attacker to cause denial-of-service via a crafted avi file. * CVE-2017-17127: the vc1_decode_frame function in libavcodec/vc1dec.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. CVE-2018-19130 is a duplicate of this vulnerability. * CVE-2017-18245: the mpc8_probe function in libavformat/mpc8.c allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted audio file on 32-bit systems. Checksums-Sha1: 7207e4fbdb5812917277a7f67fca0317d23e954c 3649 libav_11.12-1~deb8u9.dsc 1f74a0077616e0b236774abbf847af657a167e05 78604 libav_11.12-1~deb8u9.debian.tar.xz 8761466c17784c0fe9d1c67e2491203cf00f2fc0 18600902 libav-doc_11.12-1~deb8u9_all.deb 249b0cdd9af235774ab7885131c3f5f43ea45637 67376 libavcodec-extra_11.12-1~deb8u9_all.deb 3b3cbb5a47304d6ac099106381a10c60c53c5840 475762 libav-tools_11.12-1~deb8u9_amd64.deb a103533de9abd24d96233e797ea1b4d591f2625a 21606044 libav-dbg_11.12-1~deb8u9_amd64.deb a5c4c2e84b6618fd05a0009385649aecc458060a 132294 libavutil54_11.12-1~deb8u9_amd64.deb ce0b6a7d482cda6b835cd2c9a62ddf93f7af5b4e 3108990 libavcodec56_11.12-1~deb8u9_amd64.deb 3a814ebd14d7d5ea825f99e877fd88b35f147156 92104 libavdevice55_11.12-1~deb8u9_amd64.deb db22f2761f21f71c84cee7a0e81c2bf229d7e6a4 587000 libavformat56_11.12-1~deb8u9_amd64.deb 75b38bda67b9674bae403cd2e45469f726d33360 173154 libavfilter5_11.12-1~deb8u9_amd64.deb ec13775eb7d9ef7c8477ffbc4ce8d01f91af3058 145606 libswscale3_11.12-1~deb8u9_amd64.deb 3fc69de6d739d316608d756af4ccfb4324b6e187 194122 libavutil-dev_11.12-1~deb8u9_amd64.deb 801fda3d7b55b62265237e2c3f440a0253086b38 3432992 libavcodec-dev_11.12-1~deb8u9_amd64.deb a5c8dcd1faed0b5a82153170ad5f8c2deb7c6711 95130 libavdevice-dev_11.12-1~deb8u9_amd64.deb bdb3d1ab78c65a5ceb26267de870d44f21f285fe 692888 libavformat-dev_11.12-1~deb8u9_amd64.deb 758951853e8502b6b21a061f6976aa568d05462d 204248 libavfilter-dev_11.12-1~deb8u9_amd64.deb 46867c8465eba3ae9dd4ee078494a4aa016d6b20 158478 libswscale-dev_11.12-1~deb8u9_amd64.deb 20058a597074d3bf3ee5c1b669c4596851b4cee0 113624 libavresample-dev_11.12-1~deb8u9_amd64.deb 3b487ca5a80f85aba92c5ffbf09fbbd50a017aa3 104632 libavresample2_11.12-1~deb8u9_amd64.deb 3c10079d670c0604319cf3b5ef4e8bf4e6635461 3115374 libavcodec-extra-56_11.12-1~deb8u9_amd64.deb Checksums-Sha256: 69dce05ce589a4eaa207987a9a78b80bbf3e53e3f2a019c8c064ebdaf9a6e571 3649 libav_11.12-1~deb8u9.dsc c6e7a52df45330a90e1fb5dcbb5fd4002562dcd8e00857f763a06906dcf9596d 78604 libav_11.12-1~deb8u9.debian.tar.xz e88745db46de542cd1e618567a5ffe8e37190b9e942dda7ee56ceb1baaa6a5e1 18600902 libav-doc_11.12-1~deb8u9_all.deb f62e3bca12263b6d25bbc674e77ccd1e872041ef2075b4f54114972a41546ded 67376 libavcodec-extra_11.12-1~deb8u9_all.deb
Accepted libonig 5.9.5-3.2+deb8u4 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 03 Dec 2019 18:38:09 +0100 Source: libonig Binary: libonig2 libonig2-dbg libonig-dev Architecture: source amd64 Version: 5.9.5-3.2+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Jörg Frings-Fürst Changed-By: Sylvain Beucler Description: libonig-dev - Development files for libonig2 libonig2 - Oniguruma regular expressions library libonig2-dbg - Debugging symbols for libonig2 Changes: libonig (5.9.5-3.2+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2019-19012: an integer overflow in the search_in_range function in regexec.c leads to an out-of-bounds read, in which the offset of this read is under the control of an attacker. (This only affects the 32-bit compiled version). Remote attackers can cause a denial-of-service or information disclosure, or possibly have unspecified other impact, via a crafted regular expression. * CVE-2019-19204: in the function fetch_range_quantifier in regparse.c, PFETCH is called without checking PEND. This leads to a heap-based buffer over-read * CVE-2019-19246: heap-based buffer over-read in str_lower_case_match in regexec.c. Checksums-Sha1: 73ae5deda6229c4e9e50d219db62a14beebb3d78 1559 libonig_5.9.5-3.2+deb8u4.dsc 91e8c5d98194446c836001e9cf2a7fedf9b4601e 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz 7ba540e399c0c3cb7cf65b9cf200ed6c2f26b165 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb 10a04f9185fb12265cf533663de833569446ec91 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb cd6fd6d5646336f4f967911bef56171058fb97cc 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb Checksums-Sha256: 05c964d73562361412d072b41b2c2c09b0a39a2cd781bf8da6af5df62ea8d7a5 1559 libonig_5.9.5-3.2+deb8u4.dsc 19b36a1d0c72a8f8c4428b020435ca6d9e710ba93cc9767525c6d67c33b245f2 12608 libonig_5.9.5-3.2+deb8u4.debian.tar.xz 95cb0627bec3f0b43fa681820d8b42b6ae7ccdb911d0d19b28bfa9ede1371b01 118820 libonig2_5.9.5-3.2+deb8u4_amd64.deb 0c7ec97b9761627bbc72dc2cceebed01dc29f8a0918fde9a35c5b9817da9ec85 201592 libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb abb57e0389fb3e908af947295b8a1c7fbc429aa3621890e5f51430d50c891d72 79942 libonig-dev_5.9.5-3.2+deb8u4_amd64.deb Files: 2b22942a4be443ae2402bd8d339673b9 1559 libs extra libonig_5.9.5-3.2+deb8u4.dsc c1a9b6940893391a4cd957ec5dabd148 12608 libs extra libonig_5.9.5-3.2+deb8u4.debian.tar.xz 929ef4b5fa6ec957317046eab3702bc3 118820 libs optional libonig2_5.9.5-3.2+deb8u4_amd64.deb a0a265f3db8a0514526082876fd7b3b7 201592 debug extra libonig2-dbg_5.9.5-3.2+deb8u4_amd64.deb cb1a259f74996d31aa994fff666e15d7 79942 libdevel optional libonig-dev_5.9.5-3.2+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl3nidcACgkQj/HLbo2J BZ/+MAf+P03AThQrWKe6T6vtWLVaedVlZHznwgXgKSTNrXZlr5n96rMX+/Z+QMC0 CbmsjpUKbivg1SofF/xS78cCROIJFLVgJP0ltUpQHO94dqKNUY2jnndQSg8AvxIH nRSGIukQF6bUm5eJJ6FfAAAsYl38gqZxtLG1HOOJxO+a5ePsHghxuKG0hJpdl5xT Z16mKQ4kkhihI+3SFC6xt/3bZm84V8jrHkjlEA9WArwhRk327F+Uo5je3EjbhSZ7 Af20e0rLtxGTJBqhPSdKMhYFzJeYSEOXN8YTZxGXV6V7KeGlY/erYQwP8KTWtC7f qgDnGnqhCwx+NTjTz+BqwgH+1FwfGw== =qAWu -END PGP SIGNATURE-
Accepted mesa 10.3.2-1+deb8u2 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 Nov 2019 17:49:36 +0100 Source: mesa Binary: libgl1-mesa-swx11 libgl1-mesa-swx11-dbg libgl1-mesa-swx11-i686 libgl1-mesa-swx11-dev libxatracker2 libxatracker2-dbg libxatracker-dev libgbm1 libgbm1-dbg libgbm-dev libegl1-mesa libegl1-mesa-dbg libegl1-mesa-dev libegl1-mesa-drivers libegl1-mesa-drivers-dbg libwayland-egl1-mesa libwayland-egl1-mesa-dbg libopenvg1-mesa libopenvg1-mesa-dbg libopenvg1-mesa-dev libgles1-mesa libgles1-mesa-dbg libgles1-mesa-dev libgles2-mesa libgles2-mesa-dbg libgles2-mesa-dev libglapi-mesa libglapi-mesa-dbg libgl1-mesa-glx libgl1-mesa-glx-dbg libgl1-mesa-dri libgl1-mesa-dri-dbg libgl1-mesa-dev mesa-common-dev libosmesa6 libosmesa6-dev mesa-vdpau-drivers mesa-vdpau-drivers-dbg mesa-opencl-icd mesa-opencl-icd-dbg Architecture: source amd64 Version: 10.3.2-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian X Strike Force Changed-By: Sylvain Beucler Description: libegl1-mesa - free implementation of the EGL API -- runtime libegl1-mesa-dbg - free implementation of the EGL API -- debugging symbols libegl1-mesa-dev - free implementation of the EGL API -- development files libegl1-mesa-drivers - free implementation of the EGL API -- hardware drivers libegl1-mesa-drivers-dbg - free implementation of the EGL API -- driver debugging symbols libgbm-dev - generic buffer management API -- development files libgbm1- generic buffer management API -- runtime libgbm1-dbg - generic buffer management API -- debugging symbols libgl1-mesa-dev - free implementation of the OpenGL API -- GLX development files libgl1-mesa-dri - free implementation of the OpenGL API -- DRI modules libgl1-mesa-dri-dbg - Debugging symbols for the Mesa DRI modules libgl1-mesa-glx - free implementation of the OpenGL API -- GLX runtime libgl1-mesa-glx-dbg - Debugging symbols for the Mesa GLX runtime libgl1-mesa-swx11 - free implementation of the OpenGL API -- runtime libgl1-mesa-swx11-dbg - free implementation of the OpenGL API -- debugging symbols libgl1-mesa-swx11-dev - free implementation of the OpenGL API -- development files libgl1-mesa-swx11-i686 - Mesa OpenGL runtime [i686 optimized] libglapi-mesa - free implementation of the GL API -- shared library libglapi-mesa-dbg - free implementation of the GL API -- debugging symbols libgles1-mesa - free implementation of the OpenGL|ES 1.x API -- runtime libgles1-mesa-dbg - free implementation of the OpenGL|ES 1.x API -- debugging symbols libgles1-mesa-dev - free implementation of the OpenGL|ES 1.x API -- development files libgles2-mesa - free implementation of the OpenGL|ES 2.x API -- runtime libgles2-mesa-dbg - free implementation of the OpenGL|ES 2.x API -- debugging symbols libgles2-mesa-dev - free implementation of the OpenGL|ES 2.x API -- development files libopenvg1-mesa - free implementation of the OpenVG API -- runtime libopenvg1-mesa-dbg - free implementation of the OpenVG API -- debugging symbols libopenvg1-mesa-dev - free implementation of the OpenVG API -- development files libosmesa6 - Mesa Off-screen rendering extension libosmesa6-dev - Mesa Off-screen rendering extension -- development files libwayland-egl1-mesa - implementation of the Wayland EGL platform -- runtime libwayland-egl1-mesa-dbg - implementation of the Wayland EGL platform -- debugging symbols libxatracker-dev - X acceleration library -- development files libxatracker2 - X acceleration library -- runtime libxatracker2-dbg - X acceleration library -- debugging symbols mesa-common-dev - Developer documentation for Mesa mesa-opencl-icd - free implementation of the OpenCL API -- ICD runtime mesa-opencl-icd-dbg - free implementation of the OpenCL API -- debugging symbols mesa-vdpau-drivers - Mesa VDPAU video acceleration drivers mesa-vdpau-drivers-dbg - Debugging symbols for the Mesa VDPAU video acceleration drivers Changes: mesa (10.3.2-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-5068: an exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. * Drop extra .dir-locals.el files (fixes patch-system-but-direct-changes-in-diff). Checksums-Sha1: b1380b08d29c7f1f877c64bb8807857304afb88f 5130 mesa_10.3.2-1+deb8u2.dsc a642d1fe460b4f5e4e650c71d07f4f0f511f8ba0 9649735 mesa_10.3.2.orig.tar.gz 8d318b6fe7f6bda361bf89ea8172740138fc37d8 82561 mesa_10.3.2-1+deb8u2.diff.gz 587a2362e18f17578c519ebc588933ef71063b9c 1217364 libgl1-mesa-swx11_10.3.2-1+deb8u2_amd64.deb e79c22120f21780f812c31e5ceeb6f0e1f9c3d0e 8207474 libgl1-mesa-swx11-dbg_10.3.2-1+deb8u2_amd64.deb d8d9357e5d4be41e17a6ddaaacd495902e54a6cb 1401798 libgl1-mesa-swx11-dev_10.3.2-1+deb8u2_amd64.deb 30a6675679e20b5f11da303e077af1d6c76cf8c5 960402
Accepted php5 5.6.40+dfsg-0+deb8u7 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 26 Oct 2019 15:27:12 +0200 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-phpdbg php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-readline php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source all amd64 Version: 5.6.40+dfsg-0+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Sylvain Beucler Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo libphp5-embed - HTML-embedded scripting language (Embedded SAPI library) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd- GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary) php5-pspell - pspell module for php5 php5-readline - Readline module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.6.40+dfsg-0+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2019-11043: env_path_info underflow in fpm_main.c can lead to RCE Checksums-Sha1: b0fc572e43cb117eaeafc58f903a72023248db8b 4723 php5_5.6.40+dfsg-0+deb8u7.dsc 25400d8e896c85895979ef7e1f6aa1deea73d388 254612 php5_5.6.40+dfsg-0+deb8u7.debian.tar.xz 62191883b5d89182c328bb2d5b56161e5b4d6c8c 1310 php5_5.6.40+dfsg-0+deb8u7_all.deb d0a9240defcacc75afd415980196b1cbd41cf593 268908 php-pear_5.6.40+dfsg-0+deb8u7_all.deb fa1ca54b9e56262994b4e808449d99e2c6dd4993 745096 php5-common_5.6.40+dfsg-0+deb8u7_amd64.deb 9cb7441bc12de6ef7a9c72bc01b879bb341fb64b 2231684 libapache2-mod-php5_5.6.40+dfsg-0+deb8u7_amd64.deb e7e8167495254920be8d3ded83067a3fa7394891 2225842 libapache2-mod-php5filter_5.6.40+dfsg-0+deb8u7_amd64.deb 8faa3f7074726e74efee85a48a7384cf4922e488 4318352 php5-cgi_5.6.40+dfsg-0+deb8u7_amd64.deb 267132acd9a0acb9fdaf8a5280ea96aea28e7476 2198650 php5-cli_5.6.40+dfsg-0+deb8u7_amd64.deb 2b3c9f4e1f53456fd2f3ebeee333950e0a00461f 2208878 php5-phpdbg_5.6.40+dfsg-0+deb8u7_amd64.deb 9eecb5ffc00b338576d14f62702ce47882169e38 2210396 php5-fpm_5.6.40+dfsg-0+deb8u7_amd64.deb 7dfaf4cb8fb6d80783044a1c50ee628c33cf4fcf 2224690 libphp5-embed_5.6.40+dfsg-0+deb8u7_amd64.deb 6c7cd0078cea69eee9dfd02d2149fa074a3bf93b 357988 php5-dev_5.6.40+dfsg-0+deb8u7_amd64.deb 6c0fcf33ad09bb8e958a005dbd83ab961cdb8aed 45520612 php5-dbg_5.6.40+dfsg-0+deb8u7_amd64.deb 434047e1873ba2d6c36437544be9be17145a4278 27988 php5-curl_5.6.40+dfsg-0+deb8u7_amd64.deb b8782d3c7bde8275eb334ee17e33e64f429c52d6 9458 php5-enchant_5.6.40+dfsg-0+deb8u7_amd64.deb fca0f29f9e155e577baae466320e6976c516b7c5 29222 php5-gd_5.6.40+dfsg-0+deb8u7_amd64.deb 174990be0927efdf7f4579ad09dee650e4487e17 21656 php5-gmp_5.6.40+dfsg-0+deb8u7_amd64.deb da11b286f894dd39d21f8c77a9f16a2e0dff2925 31888 php5-imap_5.6.40+dfsg-0+deb8u7_amd64.deb 989868efbdc9c21c0017b50a9f8623d85e81b32b 42984 php5-interbase_5.6.40+dfsg-0+deb8u7_amd64.deb f84a5fd299ed2fa96dff50ff227b3b9cc9118e18 112416 php5-intl_5.6.40+dfsg-0+deb8u7_amd64.deb 84b031eb435ad084a8b8e1cae174363851cb9d15 22470 php5-ldap_5.6.40+dfsg-0+deb8u7_amd64.deb 2c701f630e0eaa4d5cfd198df7e463572725116a 15720 php5-mcrypt_5.6.40+dfsg-0+deb8u7_amd64.deb 011d37c98d79273e6a4b558a744263a3257dcd65 12722 php5-readline_5.6.40+dfsg-0+deb8u7_amd64.deb 51b7d972627e31068110c7fa8cd7e5d5ceb8ee0b 65786 php5-mysql_5.6.40+dfsg-0+deb8u7_amd64.deb 11ca72fd165654b6f9ac3ebc151a878263131bde 141870 php5-mysqlnd_5.6.40+dfsg-0
Accepted qemu 1:2.1+dfsg-12+deb8u12 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 11 Sep 2019 11:56:13 +0200 Source: qemu Binary: qemu qemu-system qemu-system-common qemu-system-misc qemu-system-arm qemu-system-mips qemu-system-ppc qemu-system-sparc qemu-system-x86 qemu-user qemu-user-static qemu-user-binfmt qemu-utils qemu-guest-agent qemu-kvm Architecture: source amd64 Version: 1:2.1+dfsg-12+deb8u12 Distribution: jessie-security Urgency: medium Maintainer: Debian QEMU Team Changed-By: Sylvain Beucler Description: qemu - fast processor emulator qemu-guest-agent - Guest-side qemu-system agent qemu-kvm - QEMU Full virtualization on x86 hardware qemu-system - QEMU full system emulation binaries qemu-system-arm - QEMU full system emulation binaries (arm) qemu-system-common - QEMU full system emulation binaries (common files) qemu-system-mips - QEMU full system emulation binaries (mips) qemu-system-misc - QEMU full system emulation binaries (miscelaneous) qemu-system-ppc - QEMU full system emulation binaries (ppc) qemu-system-sparc - QEMU full system emulation binaries (sparc) qemu-system-x86 - QEMU full system emulation binaries (x86) qemu-user - QEMU user mode emulation binaries qemu-user-binfmt - QEMU user mode binfmt registration for qemu-user qemu-user-static - QEMU user mode emulation binaries (static version) qemu-utils - QEMU utilities Changes: qemu (1:2.1+dfsg-12+deb8u12) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. . [Mike Gabriel] * CVE-2017-9375: Track xhci_kick_ep processing being active in a variable. Check the variable at the beginning of xhci_kick_ep. Add an assert right before processing the kick. * CVE-2019-12155: qxl: Check release info object. When releasing spice resources in release_resource() routine, if release info object 'ext.info' is null, it leads to null pointer dereference. Add check to avoid it. * CVE-2016-5403: virtio: error out if guest exceeds virtqueue size. Plus set vq->inuse correctly at various places. * CVE-2016-5126: block/iscsi: avoid potential overflow of acb->task->cdb. * Remove unused/redundant patch files. . [Sylvain Beucler] * CVE-2019-12068: scsi: lsi: exit infinite loop while executing script * CVE-2019-13164: qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a --br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass. * CVE-2019-14378: ip_reass in ip_input.c in libslirp has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. * CVE-2019-15890: libslirp has a use-after-free in ip_reass in ip_input.c. Checksums-Sha1: 4acefb7d871bc0d17f87c7970d2fcf560a3d971f 5193 qemu_2.1+dfsg-12+deb8u12.dsc 964a44f2db3bc24ebe0e1cb4e445ea14dd54e9ad 223924 qemu_2.1+dfsg-12+deb8u12.debian.tar.xz fa3a787fe60a85d5d3dfba8ea05439bb5b719809 126996 qemu_2.1+dfsg-12+deb8u12_amd64.deb 5ed3b13f43d2e55d0f31972c163d22d1da0ad5ed 56230 qemu-system_2.1+dfsg-12+deb8u12_amd64.deb 3cc4435e0aa76321a87630d7bf09b10eee75675b 286938 qemu-system-common_2.1+dfsg-12+deb8u12_amd64.deb 07dbe5deecd3800e0848ff36e2a8446e8767a182 4795244 qemu-system-misc_2.1+dfsg-12+deb8u12_amd64.deb 9295641efd9cfd44694eb1e423e075f84f0e23ab 2240822 qemu-system-arm_2.1+dfsg-12+deb8u12_amd64.deb a5eae3703d9f833ffa5b8ee476fff37c61c52f9b 2841670 qemu-system-mips_2.1+dfsg-12+deb8u12_amd64.deb b332d823ae8c9cb05d144e72c3ad5112fcb65088 2750384 qemu-system-ppc_2.1+dfsg-12+deb8u12_amd64.deb 112d0b66616a81ad7989ee9867672261a8afcca2 1673754 qemu-system-sparc_2.1+dfsg-12+deb8u12_amd64.deb 3c28434b3a212c8f10f1c75b79c9b0c69b2c47c9 2050640 qemu-system-x86_2.1+dfsg-12+deb8u12_amd64.deb 1c3cdde2d2f54761263c9166fba43200d4c6505c 6114562 qemu-user_2.1+dfsg-12+deb8u12_amd64.deb ea0ef1aaafb429abe81946a93d07d466b99f6a60 8393026 qemu-user-static_2.1+dfsg-12+deb8u12_amd64.deb d3ad6dd0db93f0236f5bf05bc71bcb34c7170a99 2932 qemu-user-binfmt_2.1+dfsg-12+deb8u12_amd64.deb f85bab6b6c469efd0208da378e025c8f45cf885b 487968 qemu-utils_2.1+dfsg-12+deb8u12_amd64.deb 5ffd889d65f4fdc57d5773d15818738da88fd1ea 140284 qemu-guest-agent_2.1+dfsg-12+deb8u12_amd64.deb 3a326759e3eb4e7e41c8cc02fe085e176806899f 56894 qemu-kvm_2.1+dfsg-12+deb8u12_amd64.deb Checksums-Sha256: 9798c54b3cc0e1aa5baac8c5269ecf989ab65c091647c283d747141ad7440f41 5193 qemu_2.1+dfsg-12+deb8u12.dsc 7fed0281e9e41bb1cd1517223ce57c95cf69765551a070f457653c859802bbf6 223924 qemu_2.1+dfsg-12+deb8u12.debian.tar.xz 1197c0aeec9a512101dfbf723414c39c6c65e995eb4b7cfddba1e6436e05b349 126996 qemu_2.1+dfsg-12+deb8u12_amd64.deb 39729d2e28265e1612cb861e762771dbb703431bb0aee083a6afc743f1e45bb9 56230 qemu-system_2.1+dfsg-12+deb8u12_amd64.deb 6533502e56c381d08cb2e7a84594fa57cb3e1b5be6bea65e417874c3abaebd4b 286938 qemu-system-common_2.1+dfsg-12+deb8u12_
Accepted libonig 5.9.5-3.2+deb8u3 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 11 Sep 2019 15:30:09 +0200 Source: libonig Binary: libonig2 libonig2-dbg libonig-dev Architecture: source amd64 Version: 5.9.5-3.2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Jörg Frings-Fürst Changed-By: Sylvain Beucler Description: libonig-dev - Development files for libonig2 libonig2 - Oniguruma regular expressions library libonig2-dbg - Debugging symbols for libonig2 Changes: libonig (5.9.5-3.2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Backport recursion monitoring (with a fixed limit to avoid changing the API; higher limit exhausts the default stack size) * Fix CVE-2019-16163: Oniguruma before 6.9.3 allows Stack Exhaustion in regcomp.c because of recursion in regparse.c. Checksums-Sha1: a6c9820bd35f4e59c91585b64c312067dc391df7 1559 libonig_5.9.5-3.2+deb8u3.dsc c988f0f21d5d32510210a4dcb2deb86e70465443 10636 libonig_5.9.5-3.2+deb8u3.debian.tar.xz 5aa359feda7a2008218058dbddc0cf74f3fa3c8e 117756 libonig2_5.9.5-3.2+deb8u3_amd64.deb 6552842ae347b3b589a32987c0fb680ef57e4b6f 201112 libonig2-dbg_5.9.5-3.2+deb8u3_amd64.deb c4f52811d7a91dcefb0d7e0705722fde2efb9027 79628 libonig-dev_5.9.5-3.2+deb8u3_amd64.deb Checksums-Sha256: 6d86b3a5524f08262e68e9a6fe6c8e601427b4303e53880d7a78142214e1f1f2 1559 libonig_5.9.5-3.2+deb8u3.dsc 088289008e7f63d6eb5e347277f75d04b5e6825bcf3cbb4cc758c45beb5fbd85 10636 libonig_5.9.5-3.2+deb8u3.debian.tar.xz 7e82d5b089d123dfb1eff699b9e8cca8dd41ff9665906f00cf9b38a4afada2c0 117756 libonig2_5.9.5-3.2+deb8u3_amd64.deb 8f2e792e5194aacba6f964c0b2beb7c4367f0b5224ec9b4ce6771b84d23d647f 201112 libonig2-dbg_5.9.5-3.2+deb8u3_amd64.deb 4ef1d29d6173271dd0b31d9971ea78f6c602785eb88e0451d3f722c5507e78fc 79628 libonig-dev_5.9.5-3.2+deb8u3_amd64.deb Files: 1b84a8b079991bfca75df4159a06103d 1559 libs extra libonig_5.9.5-3.2+deb8u3.dsc d98726e472bee8d4992cf0c993a2e8a0 10636 libs extra libonig_5.9.5-3.2+deb8u3.debian.tar.xz d087b8813af79582c42af9a3444ea9cb 117756 libs optional libonig2_5.9.5-3.2+deb8u3_amd64.deb d3469c4643b1c963d72838e7ccb36acc 201112 debug extra libonig2-dbg_5.9.5-3.2+deb8u3_amd64.deb 1865c23fb2a7c3d707485685190bc94e 79628 libdevel optional libonig-dev_5.9.5-3.2+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl16Df8ACgkQj/HLbo2J BZ+bRwgAp//oHoNQVwM9RZ9YNqyzm2BWw+JPwb1CrRQFBMFz49AjEP/TgVHLe1r8 HR5+lZQSHp6KX+ga0dAMA+Tzv3/LHZ3qr4MgeFDToOBmMzo+KaSGeMBEnBiS1YiO 3QbVuFuk9JLPjZ1Ku9JAaSxQ2bHJyVJRcE6ZTn5wHHq9dErejW3aH+LIHxDOfzHW WanflHqDDQUoivS/k1HVda+JmhW9yJEBoQFDXfWIEMUAFJdDnymteWCN2n9wBFWN cpsnyb8TXQgflUI+MWLM9NDP2Nm2QgcSg1vJFZ58J+HtBaw7zReneIUQJylFWWs6 DMWhmSgW5r9aa/hdNrC5qaivMChRJw== =zQ5X -END PGP SIGNATURE-
Accepted freetype 2.5.2-3+deb8u4 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 04 Sep 2019 11:48:40 +0200 Source: freetype Binary: libfreetype6 libfreetype6-dev freetype2-demos libfreetype6-udeb Architecture: source amd64 Version: 2.5.2-3+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Steve Langasek Changed-By: Sylvain Beucler Description: freetype2-demos - FreeType 2 demonstration programs libfreetype6 - FreeType 2 font engine, shared library files libfreetype6-dev - FreeType 2 font engine, development files libfreetype6-udeb - FreeType 2 font engine for the debian-installer (udeb) Changes: freetype (2.5.2-3+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2015-9381: FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. * CVE-2015-9382: FreeType before 2.6.1 has a buffer over-read in skip_comment in psaux/psobjs.c because ps_parser_skip_PS_token is mishandled in an FT_New_Memory_Face operation. * CVE-2015-9383: FreeType before 2.6.2 has a heap-based buffer over-read in tt_cmap14_validate in sfnt/ttcmap.c. * Remove spurious quilt .pc/ directory from debian diff (introduced in 2.5.2-2) Checksums-Sha1: dc454250adf18ca98cc2976a23881012da1b2185 1783 freetype_2.5.2-3+deb8u4.dsc b44b8fb1ecd1aeb4671c0aac6e779a316cf97505 72104 freetype_2.5.2-3+deb8u4.diff.gz 0cbee1704e82d616d3ef60bc91f9cdb613ed4a1d 467422 libfreetype6_2.5.2-3+deb8u4_amd64.deb 2b35bec8219169c4d2ad90ba42077b537fcba764 639740 libfreetype6-dev_2.5.2-3+deb8u4_amd64.deb cb31e5e8f970bccefe9ffe9cb943c4d146b6928d 94002 freetype2-demos_2.5.2-3+deb8u4_amd64.deb c93bd870f5582a27abd34d8d05d9955d7f9d3713 294788 libfreetype6-udeb_2.5.2-3+deb8u4_amd64.udeb Checksums-Sha256: ba32ac993642ed5e1712b064b6072f0f67c95c01eafcaa3d5a1d63b2c03c9e5d 1783 freetype_2.5.2-3+deb8u4.dsc 9160b5c1069c763e2b3b55a8e825fa46f054764bf37d8d2d4df3b003859b7e21 72104 freetype_2.5.2-3+deb8u4.diff.gz 7e15413b1e2c5d6e762a9ef6755459f47536435397cd5cc6f48de50f688fd2af 467422 libfreetype6_2.5.2-3+deb8u4_amd64.deb 36ec5496231d708ad304c4d9c6be357c63d9ba4a600c04a04604311a13445426 639740 libfreetype6-dev_2.5.2-3+deb8u4_amd64.deb 2a71609dfdaa2d49c19d6d717c642be00c22b7ec0879da2cfaf899237a72c998 94002 freetype2-demos_2.5.2-3+deb8u4_amd64.deb ef4f6a45a4deb682c2e8dcacbfd9c26eeadcf65bf1f35e10e9adefe0575256de 294788 libfreetype6-udeb_2.5.2-3+deb8u4_amd64.udeb Files: 74924ba8ee528b0f22bd87ed44e44b6a 1783 libs optional freetype_2.5.2-3+deb8u4.dsc effed3161cb08cd46efd3c055a028c25 72104 libs optional freetype_2.5.2-3+deb8u4.diff.gz 56f9fad698bdb6c45ace416fa51ca8d0 467422 libs optional libfreetype6_2.5.2-3+deb8u4_amd64.deb 42c70dc1895505a39fd884e5660eb0df 639740 libdevel optional libfreetype6-dev_2.5.2-3+deb8u4_amd64.deb f84b23bf14ccafaa781df329b6712be0 94002 utils optional freetype2-demos_2.5.2-3+deb8u4_amd64.deb 86487c6461e36718c757f03ea7bb1ded 294788 debian-installer extra libfreetype6-udeb_2.5.2-3+deb8u4_amd64.udeb Package-Type: udeb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl1vrFQACgkQj/HLbo2J BZ/82ggAqZNCk4/GEUoUIZ/c5RyESYYjipLVny7D2V2FQLZ0RF2ZUJtlkCk1Xsv2 OmnZzhOKaC1cjsOgQ5RNNcx3NENqivSJ9UvrRqp47L2N+knJONUgS7y+emziwaUz u62aUYGe6M2lOje7CD/o8TM5TfSlPDnkODXsEjN39HZRQigp8KtkXrDCwrZREP2I H1knsjRDOkg4S3KXy1O1WUPlX5kH6NqlittrLOaKy6mwhTeRkCsLNnBBE9XI00Ey 14Q6KCxppH7FNs3zS3ZAUB/tPbVL9ZKXllMK2B/eHl+Na+rFRdEZSieGl9qqdlQO ftGrMC+OxuICy01Lhvf+SPk1twY/zA== =iggT -END PGP SIGNATURE-
Accepted tomcat8 8.0.14-1+deb8u15 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 13 Aug 2019 16:22:22 +0200 Source: tomcat8 Binary: tomcat8-common tomcat8 tomcat8-user libtomcat8-java libservlet3.1-java libservlet3.1-java-doc tomcat8-admin tomcat8-examples tomcat8-docs Architecture: source all Version: 8.0.14-1+deb8u15 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Sylvain Beucler Description: libservlet3.1-java - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API classes libservlet3.1-java-doc - Servlet 3.1, JSP 2.3, EL 3.0 and WebSocket 1.0 Java API documenta libtomcat8-java - Apache Tomcat 8 - Servlet and JSP engine -- core libraries tomcat8- Apache Tomcat 8 - Servlet and JSP engine tomcat8-admin - Apache Tomcat 8 - Servlet and JSP engine -- admin web application tomcat8-common - Apache Tomcat 8 - Servlet and JSP engine -- common files tomcat8-docs - Apache Tomcat 8 - Servlet and JSP engine -- documentation tomcat8-examples - Apache Tomcat 8 - Servlet and JSP engine -- example web applicati tomcat8-user - Apache Tomcat 8 - Servlet and JSP engine -- tools to create user Changes: tomcat8 (8.0.14-1+deb8u15) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix flacky FTBFS by improving fix for CVE-2017-5647. * Refresh the expired SSL certificates used by the tests from freshly-renewed upstream Tomcat and adapt the test user DN. * Fix CVE-2019-0221: The SSI printenv command in Apache Tomcat echoes user provided data without escaping and is, therefore, vulnerable to XSS. SSI is disabled by default. The printenv command is intended for debugging and is unlikely to be present in a production website. * Fix CVE-2018-8014: The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. * Fix CVE-2016-5388: Apache Tomcat, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. The 'cgi' servlet now has a 'envHttpHeaders' parameter to filter environment variables. Checksums-Sha1: fe27608a17a27924d52db098d9609afa691a7694 2517 tomcat8_8.0.14-1+deb8u15.dsc 5641f2ec4b8e89276ad614cba3bd154802fa1a3c 92272 tomcat8_8.0.14-1+deb8u15.debian.tar.xz f6d74cfbf3dfc83a23e3e6c074e1fae9265d0b16 60006 tomcat8-common_8.0.14-1+deb8u15_all.deb f46f66c25347eb38f78279531236dea4e5cdcaec 49564 tomcat8_8.0.14-1+deb8u15_all.deb 521836a26bf198eafb1ae86517f1084bc29d1f86 37050 tomcat8-user_8.0.14-1+deb8u15_all.deb 7d2cb1f17f1cc5b6c2973d12e1f4e4c59854d727 4594576 libtomcat8-java_8.0.14-1+deb8u15_all.deb f9e44c59af699e57d418e2f85440decdda7c271f 394400 libservlet3.1-java_8.0.14-1+deb8u15_all.deb 79fc470fe8d20d4d721bf8c4710445c8153280da 250548 libservlet3.1-java-doc_8.0.14-1+deb8u15_all.deb 1e7f9bc6c6e743b8a73c12b8673338e735a0c9f8 38388 tomcat8-admin_8.0.14-1+deb8u15_all.deb 42cdd479ca7f71dae04ceeff47f721063d3dd89f 196858 tomcat8-examples_8.0.14-1+deb8u15_all.deb ccd0f46e45c9329b54ff7ee631361c9247450cd1 692406 tomcat8-docs_8.0.14-1+deb8u15_all.deb Checksums-Sha256: e654d15fcb648124fe2b65efc35992565895683b998058bf4a5852ba85766cbf 2517 tomcat8_8.0.14-1+deb8u15.dsc b2d01e501c0d738befa1abf95d988c01112acbb62d1adbeb7f65901e7d7b4cee 92272 tomcat8_8.0.14-1+deb8u15.debian.tar.xz 791eff670cb1e0177bb3dd0958528836ea8dd345502450c4003a81d67d54f50d 60006 tomcat8-common_8.0.14-1+deb8u15_all.deb dfe22f4b6fce1e38128cce6b87a770c32ae464cc9667b06d1fe5910ff5ab45c9 49564 tomcat8_8.0.14-1+deb8u15_all.deb d07ee0c79bf07ba93f7cf47c9747a9fb231edb7230e58d2942914357999f42f5 37050 tomcat8-user_8.0.14-1+deb8u15_all.deb ae5d19db78b5d7540c95ab22f9456758a08be9426e952e3bf0b01f0338672376 4594576 libtomcat8-java_8.0.14-1+deb8u15_all.deb c480aa39e2896cf43a9ccd433242bcef7b03da11b14089eb85f70ce415e3683b 394400 libservlet3.1-java_8.0.14-1+deb8u15_all.deb 93b0aa28890ca0f8c48a8e5ec68cd6c366854ccf8c469940d252b49a2ed7596f 250548 libservlet3.1-java-doc_8.0.14-1+deb8u15_all.deb f620aba9a6b8cd65feb6ae4689546c9ba73297087dd52672e403ca653c3e4f70 38388 tomcat8-admin_8.0.14-1+deb8u15_all.deb 75de37a1fe40dc3661ee4a1f3df6aac97529f4b9791f45223a0bc3ca7203e385 196858 tomcat8-examples_8.0.14-1+deb8u15_all.deb db8dcd994f5981e4a16409efa39ade4f17b3cb1a523cac2513b23f53c1e056c0 692406 tomcat8-docs_8.0.14-1+deb8u15_all
Accepted glib2.0 2.42.1-1+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jun 2019 21:27:05 +0200 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam libglib2.0-0-refdbg Architecture: source all amd64 Version: 2.42.1-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian GNOME Maintainers Changed-By: Sylvain Beucler Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-0-refdbg - GLib library of C routines - refdbg library libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Changes: glib2.0 (2.42.1-1+deb8u1) jessie-security; urgency=high . [Michael Biebl] * debian/patches/tests-gdatetime-Use-a-real-rather-than-invented-time.patch: Cherry-pick a patch from upstream to fix GDateTime tests when tzdata ≥ 2017a is in use. (#858214) . [Simon McVittie] * debian/patches/gfile-Limit-access-to-files-when-copying.patch: Backport patch from upstream to ensure files don't temporarily have less restrictive permissions during copying (#929753, CVE-2019-12450). . [Sylvain Beucler ] * Non-maintainer upload by the Debian LTS team. * Apply FTBFS fix for jessie. * Apply CVE-2019-12450 fix for jessie. Checksums-Sha1: 0b2ed987ba720d233cae5612b9323211b602620b 2816 glib2.0_2.42.1-1+deb8u1.dsc 6983dd1585c5f3d1968c144ed94144961d45abf0 69480 glib2.0_2.42.1-1+deb8u1.debian.tar.xz b8774638b0e9c797e4962337098fc5f164f24049 2173080 libglib2.0-data_2.42.1-1+deb8u1_all.deb 1258697bb15d73b9f2118e4a4eb8c8961dcc060e 2660342 libglib2.0-doc_2.42.1-1+deb8u1_all.deb 8c76d444a624b0c15b46e74833962e9d565b4a28 2399746 libglib2.0-0_2.42.1-1+deb8u1_amd64.deb dd9f39043731534ef7eb906d5ad75f1daee4ddf5 2247310 libglib2.0-tests_2.42.1-1+deb8u1_amd64.deb 917750847d1c5f984867714bdd51b5a00b3e2940 1836358 libglib2.0-udeb_2.42.1-1+deb8u1_amd64.udeb 6cf22c94750b0bfa09ec3fd71b013ad235796824 1336258 libglib2.0-bin_2.42.1-1+deb8u1_amd64.deb ff76671e673d9bd7f98d1d033271b97ce6174803 2642746 libglib2.0-dev_2.42.1-1+deb8u1_amd64.deb 10e9d913ec0fb2c42a176897686331ae3d2d0931 6802726 libglib2.0-0-dbg_2.42.1-1+deb8u1_amd64.deb e232e62270c98795ca0a33c46685d496f0e5130f 1674552 libglib2.0-0-refdbg_2.42.1-1+deb8u1_amd64.deb Checksums-Sha256: 15bd402d05b88c53e8dc2cd88fa140e765e1da5213ae493ba6aeb1317dab612b 2816 glib2.0_2.42.1-1+deb8u1.dsc 274c2cb87d6b72d2c8e8bfcd340bea004c0c33b7cec06517e47172aea23a3598 69480 glib2.0_2.42.1-1+deb8u1.debian.tar.xz 0afdf92b8b6c8eb84705b384fc92479f63a16966952f39643b3c2e9516923c30 2173080 libglib2.0-data_2.42.1-1+deb8u1_all.deb 1aa353d9ea6d8c97684d489c4cc542826a7a7df45cecaa31ce20a5dfa70881c5 2660342 libglib2.0-doc_2.42.1-1+deb8u1_all.deb f6ffeea31244a9da7255f7e4525bcd0d65868649d615d33b7f95623f7f6f4cf8 2399746 libglib2.0-0_2.42.1-1+deb8u1_amd64.deb 27d1c42867fb0c2fa4d32f3d3a0b6e297010666e0d7d836c59df729c2b7f4c38 2247310 libglib2.0-tests_2.42.1-1+deb8u1_amd64.deb eb29945b29a8fbb010f9f237126d65782398eab9a21a561b11055d37417ba567 1836358 libglib2.0-udeb_2.42.1-1+deb8u1_amd64.udeb cfb3a51f5df9587b4b68798efa07fcd66ac0db660de23527dcc420cf9b85 1336258 libglib2.0-bin_2.42.1-1+deb8u1_amd64.deb f8111c59b6177bbeb6ea81065782d85bc81cd940aa7e37d1f3d57abf71ee002e 2642746 libglib2.0-dev_2.42.1-1+deb8u1_amd64.deb 66111b9c0409d8ac15d633420867257c41e3b836cea1676aa9406826fce4ca81 6802726 libglib2.0-0-dbg_2.42.1-1+deb8u1_amd64.deb 56c2077aec0b86368ff21d089ba281dd4f8fc499d8dc144ece1d46b55b8a7e40 1674552 libglib2.0-0-refdbg_2.42.1-1+deb8u1_amd64.deb Files: 3cb699d749f925012097d40711260642 2816 libs optional glib2.0_2.42.1-1+deb8u1.dsc fcb89f828b2b561b70069de0f4feb3e6 69480 libs optional glib2.0_2.42.1-1+deb8u1.debian.tar.xz f3197f73701690d5663452f8e761927f 2173080 libs optional libglib2.0-data_2.42.1-1+deb8u1_all.deb 42c7b16d03f1ea6686e1d302f947fa5d 2660342 doc optional libglib2.0-doc_2.42.1-1+deb8u1_all.deb 433dec0c350f5706a7a6604a67285b29 2399746 libs optional libglib2.0-0_2.42.1-1+deb8u1_amd64.deb 5472d11314fe409e7a19c4bf6f130449 2247310 libs optional libglib2.0-tests_2.42.1-1+deb8u1_amd64.deb c74bb1769d0d36d6a01b0175d5998d22 1836358 debian-installer optional libglib2.0-udeb_2.42.1-1+deb8u1_amd64.udeb 3f80ee55afa6cb380a6e9b0b95ca65d0 1336258 misc optional libglib2.0-bin_2.42.1-1+deb8u1_amd64.deb 946a1fe07575561d5de1922a345f394d 2642746 libdevel optional libglib2.0-dev_2.42.1-1+deb8u1_amd64.deb b0607aceea76514c9532f5bf5d5db9f9 6802726 debug extra libglib2.0-0-dbg_2.42.1-1+deb8u1_amd64.deb
Accepted kdepim 4:4.14.1-1+deb8u2 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 18 Jun 2019 10:55:26 +0200 Source: kdepim Binary: kdepim kdepim-mobile akregator kaddressbook kaddressbook-mobile kalarm kdepim-kresources storageservicemanager kleopatra kmail kmail-mobile knode knotes notes-mobile konsolekalendar kontact tasks-mobile korganizer korganizer-mobile ktimetracker libcalendarsupport4 libcomposereditorng4 libeventviews4 libincidenceeditorsng4 libpimcommon4 libkdepim4 libkdepimdbusinterfaces4 libkdgantt2-0 libkleo4 libkpgp4 libksieve4 libkmanagesieve4 libksieveui4 libmailcommon4 libmailimporter4 libmessagecomposer4 libmessagecore4 libmessagelist4 libmessageviewer4 libsendlater4 libfollowupreminder4 libtemplateparser4 libkdepimmobileui4 kdepim-mobileui-data kjots blogilo akonadiconsole libnoteshared4 kdepim-dbg Architecture: source all amd64 Version: 4:4.14.1-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Qt/KDE Maintainers Changed-By: Sylvain Beucler Description: akonadiconsole - management and debugging console for akonadi akregator - RSS/Atom feed aggregator blogilo- graphical blogging client kaddressbook - address book and contact data manager kaddressbook-mobile - address book and contact data manager for mobile environments kalarm - alarm message, command and email scheduler kdepim - Personal Information Management apps from the official KDE releas kdepim-dbg - debugging symbols for kdepim kdepim-kresources - KDE PIM resource plugins kdepim-mobile - Personal Information Management apps for mobile environments kdepim-mobileui-data - common data files for KDE PIM mobile applications kjots - note-taking utility kleopatra - certificate Manager kmail - full featured graphical email client kmail-mobile - email client for mobile environments knode - graphical news reader knotes - sticky notes application konsolekalendar - konsole personal organizer kontact- integrated application for personal information management korganizer - calendar and personal organizer korganizer-mobile - calendar and personal organizer for mobile environments ktimetracker - time tracker tool libcalendarsupport4 - calendar support library libcomposereditorng4 - compose editor library libeventviews4 - event viewing library libfollowupreminder4 - follow up reminder library libincidenceeditorsng4 - incidence editors library libkdepim4 - KDE PIM library libkdepimdbusinterfaces4 - KDE PIM D-Bus interfaces library libkdepimmobileui4 - user interface library for KDE PIM mobile applications libkdgantt2-0 - Gantt chart library libkleo4 - certificate based crypto library libkmanagesieve4 - Sieve script remote management library libkpgp4 - gpg based crypto library libksieve4 - Sieve, the mail filtering language, library libksieveui4 - Sieve, the mail filtering language, GUI library libmailcommon4 - email utility library libmailimporter4 - mailimporter library libmessagecomposer4 - message composer library libmessagecore4 - message core library libmessagelist4 - message list library libmessageviewer4 - message viewer library libnoteshared4 - notes support library libpimcommon4 - library for common bits of KDEPIM libsendlater4 - send later library libtemplateparser4 - KMail template parser library notes-mobile - notes application for mobile environments storageservicemanager - KDE PIM storage service tasks-mobile - task management application for mobile environments Changes: kdepim (4:4.14.1-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2019-10732: reply-based decryption oracle. Checksums-Sha1: 5c929f4ff7d8d67620410e5732d896567fca2cac 5253 kdepim_4.14.1-1+deb8u2.dsc a2a8d36407446546ac0fab66e0742ea2d1288ec8 14461256 kdepim_4.14.1.orig.tar.xz 371c144d4ec51c293b7523e17e3010acf883ef2a 32436 kdepim_4.14.1-1+deb8u2.debian.tar.xz ca90843d4e90463805c44b3a0d89f4583ec19ed4 19828 kdepim_4.14.1-1+deb8u2_all.deb 926edbb31b0d8007ad4562d505b73bfc8cdcf044 18700 kdepim-mobile_4.14.1-1+deb8u2_all.deb ff5a0023a46c6ff0f1a08c771dde12d2d60e43fa 1467034 akregator_4.14.1-1+deb8u2_amd64.deb 305b62b56fce1e9f7dd8e947758dbc9f9a0ea8be 449514 kaddressbook_4.14.1-1+deb8u2_amd64.deb 0a81902df599b7312e3bf639eabbabb07bb5e848 793076 kaddressbook-mobile_4.14.1-1+deb8u2_amd64.deb d45b1bdb7d1da14e5ef99b2b7d596507c3f2fa4f 982370 kalarm_4.14.1-1+deb8u2_amd64.deb a614d048c3ca78f89e4ed07e888aef59cb3efce8 48312 kdepim-kresources_4.14.1-1+deb8u2_amd64.deb 934aacc53bf08cdb3837f770c4561177cdc4241b 165274 storageservicemanager_4.14.1-1+deb8u2_amd64.deb 8ba537283a7f33d47fe22bb95774cd2702defe0f 1436912 kleopatra_4.14.1-1+deb8u2_amd64.deb bd7e94e871859bfd84d6d25b5f83f0dfa50b69a3 2962152 kmail_4.14.1-1+deb8u2_amd64.deb 93589a946f1e631276f29a431d508ad160ad3acc 235852 kmail-mobile_4.14.1-1+deb8u2_amd64.deb 294f1937969e27ccc41aa820d3af3137038429f4 1799560 knode_4.14.1-1+deb8u2_amd64.deb
Accepted firefox-esr 60.6.2esr-1~deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 6 May 2019 21:52:00 +0200 Source: firefox-esr Binary: firefox-esr iceweasel firefox-esr-dbg iceweasel-dbg firefox-esr-l10n-all iceweasel-l10n-all firefox-esr-l10n-ach iceweasel-l10n-ach firefox-esr-l10n-af iceweasel-l10n-af firefox-esr-l10n-an iceweasel-l10n-an firefox-esr-l10n-ar iceweasel-l10n-ar firefox-esr-l10n-as iceweasel-l10n-as firefox-esr-l10n-ast iceweasel-l10n-ast firefox-esr-l10n-az iceweasel-l10n-az firefox-esr-l10n-be iceweasel-l10n-be firefox-esr-l10n-bg iceweasel-l10n-bg firefox-esr-l10n-bn-bd iceweasel-l10n-bn-bd firefox-esr-l10n-bn-in iceweasel-l10n-bn-in firefox-esr-l10n-br iceweasel-l10n-br firefox-esr-l10n-bs iceweasel-l10n-bs firefox-esr-l10n-ca iceweasel-l10n-ca firefox-esr-l10n-cak iceweasel-l10n-cak firefox-esr-l10n-cs iceweasel-l10n-cs firefox-esr-l10n-cy iceweasel-l10n-cy firefox-esr-l10n-da iceweasel-l10n-da firefox-esr-l10n-de iceweasel-l10n-de firefox-esr-l10n-dsb iceweasel-l10n-dsb firefox-esr-l10n-el iceweasel-l10n-el firefox-esr-l10n-en-gb iceweasel-l10n-en-gb firefox-esr-l10n-en-za iceweasel-l10n-en-za firefox-esr-l10n-eo iceweasel-l10n-eo firefox-esr-l10n-es-ar iceweasel-l10n-es-ar firefox-esr-l10n-es-cl iceweasel-l10n-es-cl firefox-esr-l10n-es-es iceweasel-l10n-es-es firefox-esr-l10n-es-mx iceweasel-l10n-es-mx firefox-esr-l10n-et iceweasel-l10n-et firefox-esr-l10n-eu iceweasel-l10n-eu firefox-esr-l10n-fa iceweasel-l10n-fa firefox-esr-l10n-ff iceweasel-l10n-ff firefox-esr-l10n-fi iceweasel-l10n-fi firefox-esr-l10n-fr iceweasel-l10n-fr firefox-esr-l10n-fy-nl iceweasel-l10n-fy-nl firefox-esr-l10n-ga-ie iceweasel-l10n-ga-ie firefox-esr-l10n-gd iceweasel-l10n-gd firefox-esr-l10n-gl iceweasel-l10n-gl firefox-esr-l10n-gn iceweasel-l10n-gn firefox-esr-l10n-gu-in iceweasel-l10n-gu-in firefox-esr-l10n-he iceweasel-l10n-he firefox-esr-l10n-hi-in iceweasel-l10n-hi-in firefox-esr-l10n-hr iceweasel-l10n-hr firefox-esr-l10n-hsb iceweasel-l10n-hsb firefox-esr-l10n-hu iceweasel-l10n-hu firefox-esr-l10n-hy-am iceweasel-l10n-hy-am firefox-esr-l10n-ia iceweasel-l10n-ia firefox-esr-l10n-id iceweasel-l10n-id firefox-esr-l10n-is iceweasel-l10n-is firefox-esr-l10n-it iceweasel-l10n-it firefox-esr-l10n-ja iceweasel-l10n-ja firefox-esr-l10n-ka iceweasel-l10n-ka firefox-esr-l10n-kab iceweasel-l10n-kab firefox-esr-l10n-kk iceweasel-l10n-kk firefox-esr-l10n-km iceweasel-l10n-km firefox-esr-l10n-kn iceweasel-l10n-kn firefox-esr-l10n-ko iceweasel-l10n-ko firefox-esr-l10n-lij iceweasel-l10n-lij firefox-esr-l10n-lt iceweasel-l10n-lt firefox-esr-l10n-lv iceweasel-l10n-lv firefox-esr-l10n-mai iceweasel-l10n-mai firefox-esr-l10n-mk iceweasel-l10n-mk firefox-esr-l10n-ml iceweasel-l10n-ml firefox-esr-l10n-mr iceweasel-l10n-mr firefox-esr-l10n-ms iceweasel-l10n-ms firefox-esr-l10n-my iceweasel-l10n-my firefox-esr-l10n-nb-no iceweasel-l10n-nb-no firefox-esr-l10n-ne-np iceweasel-l10n-ne-np firefox-esr-l10n-nl iceweasel-l10n-nl firefox-esr-l10n-nn-no iceweasel-l10n-nn-no firefox-esr-l10n-oc iceweasel-l10n-oc firefox-esr-l10n-or iceweasel-l10n-or firefox-esr-l10n-pa-in iceweasel-l10n-pa-in firefox-esr-l10n-pl iceweasel-l10n-pl firefox-esr-l10n-pt-br iceweasel-l10n-pt-br firefox-esr-l10n-pt-pt iceweasel-l10n-pt-pt firefox-esr-l10n-rm iceweasel-l10n-rm firefox-esr-l10n-ro iceweasel-l10n-ro firefox-esr-l10n-ru iceweasel-l10n-ru firefox-esr-l10n-si iceweasel-l10n-si firefox-esr-l10n-sk iceweasel-l10n-sk firefox-esr-l10n-sl iceweasel-l10n-sl firefox-esr-l10n-son iceweasel-l10n-son firefox-esr-l10n-sq iceweasel-l10n-sq firefox-esr-l10n-sr iceweasel-l10n-sr firefox-esr-l10n-sv-se iceweasel-l10n-sv-se firefox-esr-l10n-ta iceweasel-l10n-ta firefox-esr-l10n-te iceweasel-l10n-te firefox-esr-l10n-th iceweasel-l10n-th firefox-esr-l10n-tr iceweasel-l10n-tr firefox-esr-l10n-uk iceweasel-l10n-uk firefox-esr-l10n-ur iceweasel-l10n-ur firefox-esr-l10n-uz iceweasel-l10n-uz firefox-esr-l10n-vi iceweasel-l10n-vi firefox-esr-l10n-xh iceweasel-l10n-xh firefox-esr-l10n-zh-cn iceweasel-l10n-zh-cn firefox-esr-l10n-zh-tw iceweasel-l10n-zh-tw Architecture: source amd64 all Version: 60.6.2esr-1~deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Sylvain Beucler Description: firefox-esr - Mozilla Firefox web browser - Extended Support Release (ESR) firefox-esr-dbg - Debugging symbols for Firefox ESR firefox-esr-l10n-ach - Acoli language package for Firefox ESR firefox-esr-l10n-af - Afrikaans language package for Firefox ESR firefox-esr-l10n-all - All language packages for Firefox ESR (meta) firefox-esr-l10n-an - Aragonese language package for Firefox ESR firefox-esr-l10n-ar - Arabic language package for Firefox ESR firefox-esr-l10n-as - Assamese language package for Firefox ESR firefox-esr-l10n-ast - Asturian language package for Firefox ESR firefox-esr-l10n-az - Azerbaijani language package for Firefox ESR firefox-esr-l10n
Accepted ghostscript 9.26a~dfsg-0+deb8u2 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 23 Apr 2019 12:15:13 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.26a~dfsg-0+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team Changed-By: Sylvain Beucler Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Closes: 925256 925257 Changes: ghostscript (9.26a~dfsg-0+deb8u2) jessie-security; urgency=high . [Sylvain Beucler] * Non-maintainer upload by the LTS team. * Backport 9.26a~dfsg-0+deb9u2 to jessie. . [Salvatore Bonaccorso] * Have gs_cet.ps run from gs_init.ps * Undef /odef in gs_init.ps * Restrict superexec and remove it from internals and gs_cet.ps (CVE-2019-3835) (Closes: #925256) * Obliterate "superexec". We don't need it, nor do any known apps (CVE-2019-3835) (Closes: #925256) * Make a transient proc executeonly (in DefineResource) (CVE-2019-3838) (Closes: #925257) * an extra transient proc needs executeonly'ed (CVE-2019-3838) (Closes: #925257) Checksums-Sha1: 60d1fc1c53fe770beeb61ea2050421a44d1cfd08 2540 ghostscript_9.26a~dfsg-0+deb8u2.dsc 7982b872c82de6fd2512f13438c3990c2b734155 117296 ghostscript_9.26a~dfsg-0+deb8u2.debian.tar.xz aaa6c1b5e8785fd52559a761f3a71616aabf7674 3488450 ghostscript-doc_9.26a~dfsg-0+deb8u2_all.deb d20cfa66472529e47ece36cdc1fb3ceec314b469 5143630 libgs9-common_9.26a~dfsg-0+deb8u2_all.deb 7d12f3c79ac3c61aa0f26470f278792a5cd36141 98914 ghostscript_9.26a~dfsg-0+deb8u2_amd64.deb 96ffd05ac35d75b990167c98fd29bb8b6ad4da54 93856 ghostscript-x_9.26a~dfsg-0+deb8u2_amd64.deb fe68c324becda211569bc121e9092b6f48a9b5d6 2214600 libgs9_9.26a~dfsg-0+deb8u2_amd64.deb 301ff258c53db66d8da5ae90fb0b8cfbae5b63f3 76278 libgs-dev_9.26a~dfsg-0+deb8u2_amd64.deb 9315ea8208b1fea84c8b8a42d64645e23157d2af 5764408 ghostscript-dbg_9.26a~dfsg-0+deb8u2_amd64.deb Checksums-Sha256: ca98bee7fb23fe68bc8d289f44d165041521655b428a0a4039961a98e310fd75 2540 ghostscript_9.26a~dfsg-0+deb8u2.dsc 4ae1b0ae0e84fc32198f8d05cd91d14a6c9feef83b5ab1e9022734708a31c15a 117296 ghostscript_9.26a~dfsg-0+deb8u2.debian.tar.xz 70832f41eaa3edeb48627d36b137458cd2d910695dfe119f16d8de5762cbf3a3 3488450 ghostscript-doc_9.26a~dfsg-0+deb8u2_all.deb c5b5d167c5b732dd157ed262752fdb65cbb535db436cfe97cffc023ba57970df 5143630 libgs9-common_9.26a~dfsg-0+deb8u2_all.deb 374939c77028c71210efd42b9fec2f1f89cffedbe2891799246f717cd4babee6 98914 ghostscript_9.26a~dfsg-0+deb8u2_amd64.deb dcd6a18054a2d5557f5541f91d2585c7273263d8d822d0286af76f0e48e9228b 93856 ghostscript-x_9.26a~dfsg-0+deb8u2_amd64.deb fd87b4408d7a63fc4d45a83b9f26ff09385142b6261dbfefd68aa5cb110b7f3a 2214600 libgs9_9.26a~dfsg-0+deb8u2_amd64.deb 2f24986789e075796a301dbdd59f4870353e7dc105c11b59dc64d1617fcc9d80 76278 libgs-dev_9.26a~dfsg-0+deb8u2_amd64.deb d205c69e0a6eb2c25f0f756fe2e67a413234c83d60146f4c43d2451ea3076e54 5764408 ghostscript-dbg_9.26a~dfsg-0+deb8u2_amd64.deb Files: 11a01cef9f11d97f2c09d52d554797a6 2540 text optional ghostscript_9.26a~dfsg-0+deb8u2.dsc d278fae7ca83824f997480fce171d30e 117296 text optional ghostscript_9.26a~dfsg-0+deb8u2.debian.tar.xz 73fea6b3e511b44197f91c915696f894 3488450 doc optional ghostscript-doc_9.26a~dfsg-0+deb8u2_all.deb cfacbf5d34f72680482a93b9ce9436c8 5143630 libs optional libgs9-common_9.26a~dfsg-0+deb8u2_all.deb b09ad8126ce727ebb11d51cd73d30559 98914 text optional ghostscript_9.26a~dfsg-0+deb8u2_amd64.deb 7a2d5688d898b2aa571cd273f09c0b7e 93856 text optional ghostscript-x_9.26a~dfsg-0+deb8u2_amd64.deb e383a93dde54db1fbaa553ef6afa63cb 2214600 libs optional libgs9_9.26a~dfsg-0+deb8u2_amd64.deb 0887718d0ffa6febf15df491c8732dd3 76278 libdevel optional libgs-dev_9.26a~dfsg-0+deb8u2_amd64.deb 769dac4f8a3aeb1df162c5b7281b4d91 5764408 debug extra ghostscript-dbg_9.26a~dfsg-0+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAly+8B4ACgkQj/HLbo2J BZ9deAgAg50Ly49mLXMcenSgFktGZUoJvMkn/oMgyuWJfnL3VIQ9WHz5sYYwxlhb oAB90BuuS6L9nW2c/I+yoXIzeVc2jTq28/fnFkbaTIk96NodigsmdxTmAuwAli4j 8DGQP2YOD6wq/mk3seug6pWvOYRdkhFRM01FhZVtN14BGIRuTpEykJSsmEk9+UI1 zonzdf57Cm2zDNL37N6pKwrCHsl/lhlQxoq7N/b5GVjCZsOHGtawf+gODqjtEAwm yXWY0T1p0briqmFxm4m1Zq0K9qG4i24sp8emMPmS8pJTt8GNH6gk5MJW4FRPPF5S kA8zgmJ46z7GHLWk/w/AbiAyMdCCcA== =lSOE -END PGP SIGNATURE-
Accepted pdns 3.4.1-4+deb8u9 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 29 Mar 2019 13:27:30 + Source: pdns Binary: pdns-server pdns-server-dbg pdns-backend-pipe pdns-backend-ldap pdns-backend-geo pdns-backend-mysql pdns-backend-pgsql pdns-backend-sqlite3 pdns-backend-lua pdns-backend-lmdb pdns-backend-remote pdns-backend-mydns Architecture: source amd64 Version: 3.4.1-4+deb8u9 Distribution: jessie-security Urgency: high Maintainer: Debian PowerDNS Maintainers Changed-By: Sylvain Beucler Description: pdns-backend-geo - geo backend for PowerDNS pdns-backend-ldap - LDAP backend for PowerDNS pdns-backend-lmdb - lmdb backend for PowerDNS pdns-backend-lua - Lua backend for PowerDNS pdns-backend-mydns - MyDNS compatibility backend for PowerDNS pdns-backend-mysql - generic MySQL backend for PowerDNS pdns-backend-pgsql - generic PostgreSQL backend for PowerDNS pdns-backend-pipe - pipe/coprocess backend for PowerDNS pdns-backend-remote - remote backend for PowerDNS pdns-backend-sqlite3 - sqlite 3 backend for PowerDNS pdns-server - extremely powerful and versatile nameserver pdns-server-dbg - debugging symbols for PowerDNS Changes: pdns (3.4.1-4+deb8u9) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2019-3871, rebasing upstream's fix for 4.0.6: an insufficient validation of data coming from the user when building a HTTP request from a DNS query in the HTTP Connector of the Remote backend, allowing a remote user to cause a denial of service by making the server connect to an invalid endpoint, or possibly information disclosure by making the server connect to an internal endpoint and somehow extracting meaningful information about the response. Checksums-Sha1: fe9ba7366c6f0d0fb210e3d2f05d18a7a314aaca 2812 pdns_3.4.1-4+deb8u9.dsc fd9754bb66e4ad7434b1dd0ff21fb48de6578967 53628 pdns_3.4.1-4+deb8u9.debian.tar.xz f09e38dbdf09c1c3b838458a51d0fc7b252a4453 1598900 pdns-server_3.4.1-4+deb8u9_amd64.deb 2ebdb50c9ccdf71ed065b3d00d0ec16065b599e7 33114800 pdns-server-dbg_3.4.1-4+deb8u9_amd64.deb 43effb35157afb74ae9b346a36dcaebdfb63f7da 53408 pdns-backend-pipe_3.4.1-4+deb8u9_amd64.deb 7af6fe82003b769513b0efc9b045dbc239ff2645 256406 pdns-backend-ldap_3.4.1-4+deb8u9_amd64.deb 0226bd09a00ca6559344b843745cafb028a62f8d 63242 pdns-backend-geo_3.4.1-4+deb8u9_amd64.deb 9b55d79e75ad973158231aff55d94979566c71c0 45748 pdns-backend-mysql_3.4.1-4+deb8u9_amd64.deb 9c404ade4b404d9afa5d486e8a53dfcdc02a4c6a 46062 pdns-backend-pgsql_3.4.1-4+deb8u9_amd64.deb ac426bf45a27ededfe5f9d84b67422a1c3641e1a 38492 pdns-backend-sqlite3_3.4.1-4+deb8u9_amd64.deb 3ba52dd7a891ea2b732b5d5848bf56e659af54cf 60334 pdns-backend-lua_3.4.1-4+deb8u9_amd64.deb 2a8962ac6d84db864fd1bcc6eea8dfd0554e579e 41524 pdns-backend-lmdb_3.4.1-4+deb8u9_amd64.deb 699be6bec674104697a544af35fb994ffaf77bde 147278 pdns-backend-remote_3.4.1-4+deb8u9_amd64.deb b95e23c9efb3d8f1010f4dcc679bbda9cb6594fc 41098 pdns-backend-mydns_3.4.1-4+deb8u9_amd64.deb Checksums-Sha256: 675cc51be4a552cf922953b5071ded8f042ec7b4fe6cf9328d98695f2412440c 2812 pdns_3.4.1-4+deb8u9.dsc 375996e723e17d394bef6b31c9798545a3284345019b947077dd78902b30ab5d 53628 pdns_3.4.1-4+deb8u9.debian.tar.xz 22cc64adbddfb491224926f59da151a7f6dcd8ea82b3e08d495f8d2a63576e79 1598900 pdns-server_3.4.1-4+deb8u9_amd64.deb b9c1c8ad290f7ee72a15a3fbd436e6de0fdba3bbe88ac7d71d53037ab3350e6f 33114800 pdns-server-dbg_3.4.1-4+deb8u9_amd64.deb 7f13d13dfaf407dcf647557dd4c5046ee3130f7952f2bbf2e061193a9a8694c7 53408 pdns-backend-pipe_3.4.1-4+deb8u9_amd64.deb 97c7909116151f46207a2f68cf88ad0a040d81e37709a6cd31296bf37df07d62 256406 pdns-backend-ldap_3.4.1-4+deb8u9_amd64.deb 4c29dc409b17ea36366ddf445525992839ce776154551a25d91f7d4ea412a476 63242 pdns-backend-geo_3.4.1-4+deb8u9_amd64.deb 86135f26ed34af0f5ecff547a412d2d58e4e07f248606019d7874acbebb43c49 45748 pdns-backend-mysql_3.4.1-4+deb8u9_amd64.deb cc19edd06d99a86baa1cea150c64dd35148953f33dbac3d1be813b8ba29cc500 46062 pdns-backend-pgsql_3.4.1-4+deb8u9_amd64.deb 07fb683cd5bf1eb794f3c94a32cbdc82304b165738719519e83959510ac02444 38492 pdns-backend-sqlite3_3.4.1-4+deb8u9_amd64.deb 7bd24640d6dfc22182f0a1aa9b9b43bd65d206da706a1beee891c13ac0faf61f 60334 pdns-backend-lua_3.4.1-4+deb8u9_amd64.deb 5db00dc3418b2e816c75bc3ecc4f0fc0459ca73f1a54cd07f809f9c450c2e9cb 41524 pdns-backend-lmdb_3.4.1-4+deb8u9_amd64.deb 52a2ecc13492e5af24de4ffc20b1614387bb2f2b8bf6799240969e1da255a6ee 147278 pdns-backend-remote_3.4.1-4+deb8u9_amd64.deb 870f4c06142288f3246ca1f5e94ddefbd70234a5733ca37d8fc8b1e047ec0ba0 41098 pdns-backend-mydns_3.4.1-4+deb8u9_amd64.deb Files: 552d4c7af012e548374a6c269fa74a03 2812 net extra pdns_3.4.1-4+deb8u9.dsc 6c0d0b44deb1a91457b2ca434b6939af 53628 net extra pdns_3.4.1-4+deb8u9.debian.tar.xz cb3c9bcc9ccbfd9f59d9c3dc17fe1216 1598900 net extra pdns-server_3.4.1-4+deb8u9_amd64.deb 3700a63717c474a9fc90d0e3fed2f204 33114800 debug extra pdns-server-dbg_3.4.1
Accepted sqlalchemy 0.9.8+dfsg-0.1+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2019 13:37:16 +0100 Source: sqlalchemy Binary: python-sqlalchemy python-sqlalchemy-ext python-sqlalchemy-doc python3-sqlalchemy python3-sqlalchemy-ext Architecture: source all amd64 Version: 0.9.8+dfsg-0.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Piotr Ożarowski Changed-By: Sylvain Beucler Description: python-sqlalchemy - SQL toolkit and Object Relational Mapper for Python python-sqlalchemy-doc - documentation for the SQLAlchemy Python library python-sqlalchemy-ext - SQL toolkit and Object Relational Mapper for Python - C extension python3-sqlalchemy - SQL toolkit and Object Relational Mapper for Python 3 python3-sqlalchemy-ext - SQL toolkit and Object Relational Mapper for Python3 - C extensio Changes: sqlalchemy (0.9.8+dfsg-0.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2019-7164 and CVE-2019-7548: SQL injection in order_by() and group_by(). Upstream warns that this breaks the seldom-used text coercion feature. Checksums-Sha1: 7af7b09c601484e2de64bdf2d3b200b7a026a685 2259 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 06daf537f9de34a2fdaf60c9752568086962b8c8 4046697 sqlalchemy_0.9.8+dfsg.orig.tar.gz dd4cc74d02361304f3751c3aa74dad6313d6803e 14880 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz 406f20eec097a5895d95db03fd3830fa171eeeb8 605028 python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb 1ae3e2642d4b01006717c367bcdd631fe0bb78f4 1252150 python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 325028e61a068b6cc6cdde56b7dd6a8cacc3224c 600836 python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb b3d69d90f6f9d7eb4a2ea6bcd121f73d1aa15255 18878 python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 9e0e8dbb24e34210ea9bf7fb207e76c15e43 19024 python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb Checksums-Sha256: e5da06049e47e8ca61e845f8de3bef2e9584059881283f22f7442c026814f8ce 2259 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 0371ca90d1abadb109c73f1ac096c17f0bbff9fb43d66f3346806f6d6b9c110d 4046697 sqlalchemy_0.9.8+dfsg.orig.tar.gz f59040e2f5bf79b5c370cae3f4c2f236513ba706731f67e32834cd620d90bdc5 14880 sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz 2fecf43ffe517fd9be4b66c745e4dfa98cea4dc7b62cfcd9c7385d58461dd6ed 605028 python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb 2287e0f736e1bdbf266e7d0419fc3e690e06ec171471831b48d05264e479bc6f 1252150 python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 5b30d4f84f0b9ef952c5a0121e33d355e32c3b524987ff2894749f77c3b05ea5 600836 python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb b58bb8085db43332b4f6d8a3f413264117d48bb0110a6b7b46aeb030e0ad6b99 18878 python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 70c5ed7d383f40727516a4fe879c6ece027516380b1b2e635e8038e30898e03a 19024 python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb Files: f7a4ca0046cb16b67d9d11ecaf76e0ac 2259 python optional sqlalchemy_0.9.8+dfsg-0.1+deb8u1.dsc 9064e03b4ec453ef7f181b8bf7ddaa9c 4046697 python optional sqlalchemy_0.9.8+dfsg.orig.tar.gz 03422aff739ffc9312d12672b325401b 14880 python optional sqlalchemy_0.9.8+dfsg-0.1+deb8u1.debian.tar.xz fe63296bd572d5a4aded8e760b26b866 605028 python optional python-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb c287764d65d83b9e52736d5a593cfbe2 1252150 doc extra python-sqlalchemy-doc_0.9.8+dfsg-0.1+deb8u1_all.deb 6eb8662bcdadb0d6594d3c0bed49f596 600836 python optional python3-sqlalchemy_0.9.8+dfsg-0.1+deb8u1_all.deb d245257b24621d703f31d00c117b0057 18878 python optional python-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb 6516f1d09bb2a957af334575315e5765 19024 python optional python3-sqlalchemy-ext_0.9.8+dfsg-0.1+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlyPl/cACgkQj/HLbo2J BZ8RwQf9EzfO8c39QD4VtZnSykgh6fzgQ3T2tiq5SFL4RW3J8N3wl4RGzQbNOyLL o38MLN9uogvaZVvmTBxgDf+lB7uf48o+xYwuNAspSn8gxcmCY2TfKBtmKf99Y0YP oHrCMpy3eai+fCQEy/N2Rvhm92aQqXZhVBkW/kuJVgyiPOZAp9OGxNqUUmN8iUd0 iLjF6qZiO7QFwxgMgAE7glWiOsaomsXtRtVQwuqRlTcPPToPS8jekL7k/kUl315P OT1nu7uqc8P1GVlCpucEV3lfM77lc9ee4q/te3tQMpsRGbmVnegKwMm7L45jaVNC GrIKxazVKASL9gj/SsTgTIZEwJCxqg== =sBX6 -END PGP SIGNATURE-
Accepted phpmyadmin 4:4.2.12-2+deb8u5 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Feb 2019 13:09:09 +0100 Source: phpmyadmin Binary: phpmyadmin Architecture: source all Version: 4:4.2.12-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Thijs Kinkhorst Changed-By: Sylvain Beucler Description: phpmyadmin - MySQL web administration tool Changes: phpmyadmin (4:4.2.12-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * Fix CVE-2019-6799: information leak (arbitrary file read) using SQL queries. Checksums-Sha1: 351659176393e08582f3c2b5a8e48c7410715051 1622 phpmyadmin_4.2.12-2+deb8u5.dsc 7e010bd059192c3aab5ed634f0c5faf080762621 71740 phpmyadmin_4.2.12-2+deb8u5.debian.tar.xz 191b89b3e0e88091d96ae26de42f201df4e497c8 3862686 phpmyadmin_4.2.12-2+deb8u5_all.deb Checksums-Sha256: 030b3a93e6c6fda6bc3a39e8738c652006d1abdd98a24aac8da7e00d44f463cc 1622 phpmyadmin_4.2.12-2+deb8u5.dsc 4b12244e03ffb3608530281cabc4a3a9a2e45e60069fe6251eeb7124d4d95407 71740 phpmyadmin_4.2.12-2+deb8u5.debian.tar.xz d6fc73b3a9a345a7903a9bba4aab2edd15470f31bd31802b4822eac48e5a68d1 3862686 phpmyadmin_4.2.12-2+deb8u5_all.deb Files: 6335f57542db9b145be8f8b785df6a8e 1622 web extra phpmyadmin_4.2.12-2+deb8u5.dsc 3e0d95e1e39abd5203f461f23d8c75af 71740 web extra phpmyadmin_4.2.12-2+deb8u5.debian.tar.xz 949caa174e321a5fcc09198cd22b4c3e 3862686 web extra phpmyadmin_4.2.12-2+deb8u5_all.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlx2jRwACgkQj/HLbo2J BZ9n6ggAtIz/SzWFw8h1Soct+eMrUgavg3fOHTWL2rQy1o31G9+PSsIfhww0yu6u 7O1KI582EJRkSdsCwp7MoMQ4Or7Bw/yheJsBW0nrA+tJ+STdwYS56epLzFuLljDa KY8J8HzwztYsOevZXRB5ansDClStxOG4qtWYBcje1tseLKqSoESPyN4llv9iB0P0 j+U+K3lwZeyKy6FLvAgbXLq5feagUkf6jWCkwl1hcYrm/umXCe7DQ3hdSSKhgRQG nIyx+gXCH1rFpDNgGhDGDFqrCl0eTwq9YO9cucOag2yQI7K4ocAdw1mMpOtyEqzH JxNtq3EWaO/x+g9EgnGrouI8dlneJA== =1LTz -END PGP SIGNATURE-
Accepted freedink-dfarc 3.12-1+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Feb 2019 12:35:35 +0100 Source: freedink-dfarc Binary: freedink-dfarc freedink-dfarc-dbg Architecture: source amd64 Version: 3.12-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Games Team Changed-By: Sylvain Beucler Description: freedink-dfarc - frontend and .dmod installer for GNU FreeDink freedink-dfarc-dbg - debugging symbols for dfarc Changes: freedink-dfarc (3.12-1+deb8u1) jessie-security; urgency=high . * Fix directory traversal in D-Mod extractor (CVE-2018-0496) Checksums-Sha1: 013a321e1fd3b2a44b3f7ac62ca71e73001a66a6 1747 freedink-dfarc_3.12-1+deb8u1.dsc d597f6203dec3db4e3f4199c64ec2113d20018bb 329925 freedink-dfarc_3.12.orig.tar.gz 4c66cb2bdc2adc28c162afe1c9fc575169e3e6a1 7812 freedink-dfarc_3.12-1+deb8u1.debian.tar.xz b7bc7176cd65df1625534edf61db07b4a47bd890 192684 freedink-dfarc_3.12-1+deb8u1_amd64.deb a05f37bfc837873d3638bb933d84459595dcf7ec 1832502 freedink-dfarc-dbg_3.12-1+deb8u1_amd64.deb Checksums-Sha256: f8363b6cfada4d959906011ffc77fcefbbda9bbf2873a4269eb16f112ab094f3 1747 freedink-dfarc_3.12-1+deb8u1.dsc 222a84cc91967abce4d86fb4ed8ba43455b818aecdb8487b0fe52d76ade29a83 329925 freedink-dfarc_3.12.orig.tar.gz 4beea5dc3efab2c7230e9af986548439c17a0e7f3cb78acb40617243ce502eaa 7812 freedink-dfarc_3.12-1+deb8u1.debian.tar.xz bc04e22f7efe214c9fd4a16e3463cb71c081d3ab53533323b89f2a30bb6b8810 192684 freedink-dfarc_3.12-1+deb8u1_amd64.deb 422ee97a30073e5db9268bccf4b74797e2a996365bde0b028c7cd85fd913a153 1832502 freedink-dfarc-dbg_3.12-1+deb8u1_amd64.deb Files: 8684df53327eafc22e42c8376581e69e 1747 games extra freedink-dfarc_3.12-1+deb8u1.dsc 1c24ba41cf1ef532415f13a04f279099 329925 games extra freedink-dfarc_3.12.orig.tar.gz 6d5035ed135080e1deb8d33ebc037bf2 7812 games extra freedink-dfarc_3.12-1+deb8u1.debian.tar.xz ccdb01d1f4b4f1a62a7109aee797d802 192684 games extra freedink-dfarc_3.12-1+deb8u1_amd64.deb f9da1d58fd4104d3aa6387b676bf7b94 1832502 debug extra freedink-dfarc-dbg_3.12-1+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlxynEcACgkQj/HLbo2J BZ9nbQf+Mzjv1MvXKpjcG7ykzFcZ32GdCgKwRupTKntcSbHGQmHzSYSZlCWz7QrT xPC9PpJqiTB/c/bxuhkWc4X6ULV04tt77+7S6l3hhlIIVd9l5y9KouSPTEGlLQgm KfWKQ9oVshLWTqmXFNZ2qQoFDlcYzBOUQFyHxh24lptWMb5NYrUJXdV79bHqSI53 3gSXY4nBjUgsS0122sLshtTYd+Q5x/TARBvhK5WPtzPDXapwlLkS87rAFZYyuZuj YpF7KiI4ZTu9820rW0HBD4/M18B6n7KxkSMfB/K444AZsVPT5d6cYkRaAUx6fV6Z sSanqxkBh9DDva3969lPyF7nDnPKpA== =KnHt -END PGP SIGNATURE-
