-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 14 Feb 2019 16:59:28 +0100 Source: gsoap Binary: libgsoap5 libgsoap-dev gsoap gsoap-doc libgsoap-dbg gsoap-dbg Architecture: source amd64 all Version: 2.8.17-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Mattias Ellert <mattias.ell...@fysast.uu.se> Changed-By: Mattias Ellert <mattias.ell...@physics.uu.se> Description: gsoap - Stub generators for gSOAP gsoap-dbg - Debugging symbols for gSOAP stub generators gsoap-doc - gSOAP documentation libgsoap-dbg - Debugging symbols for gSOAP libraries libgsoap-dev - Development libraries and headers for gSOAP libgsoap5 - Runtime libraries for gSOAP Changes: gsoap (2.8.17-1+deb8u2) jessie-security; urgency=high . * Fix for CVE-2019-7659 Genivia gSOAP 2.7.x and 2.8.x before 2.8.75 allows attackers to cause a denial of service (application abort) or possibly have unspecified other impact if a server application is built with the -DWITH_COOKIES flag. This affects the C/C++ libgsoapck/libgsoapck++ and libgsoapssl/libgsoapssl++ libraries, as these are built with that flag. * Fix issue with DIME protocol receiver and malformed DIME headers This patch addresses a critical issue with the DIME protocol receiver that may cause the receiver to become unresponsive when a malformed DIME protocol message is received. -- https://www.genivia.com/advisory.html Checksums-Sha1: b634de13739e375ff03ff4362c2358f4b8cb447b 2223 gsoap_2.8.17-1+deb8u2.dsc 49248b9752b17be61d459f7eba925838fc52aad1 5291604 gsoap_2.8.17.orig.tar.gz 32cc06a1e97a711f0e7281323c7a64eddc311e57 14428 gsoap_2.8.17-1+deb8u2.debian.tar.xz 42afaa4881299dee57d6e31c09c693a92189d334 201896 libgsoap5_2.8.17-1+deb8u2_amd64.deb c90e196268c3e6909c88e29c8758533042e7fea5 202136 libgsoap-dev_2.8.17-1+deb8u2_amd64.deb 32726314deba9b9f1190db4b3eb80ead331a8505 695936 gsoap_2.8.17-1+deb8u2_amd64.deb 7b6806742aaa2dea019637e83eade42e59e269f8 544336 libgsoap-dbg_2.8.17-1+deb8u2_amd64.deb 2872c95392ffb9179277e43a9bc3255c23e919ca 1898648 gsoap-dbg_2.8.17-1+deb8u2_amd64.deb 47533edba585a71ee23ee3d60e4978a62c2775cc 3261966 gsoap-doc_2.8.17-1+deb8u2_all.deb Checksums-Sha256: e3984bd221ebd505c7facece35f3b5cc0ffb0c44d09ba43f27d8d824eed18738 2223 gsoap_2.8.17-1+deb8u2.dsc 1024fcb41d06a3ce9f2f7b65a983573f4d5ed267df2f695cf77a9510e5749199 5291604 gsoap_2.8.17.orig.tar.gz 583d3242ff552a3093f178a2e0d90455facbf09ac96200ae9c01637acb9b3090 14428 gsoap_2.8.17-1+deb8u2.debian.tar.xz be68db3267fb62ead3ababae2a0f4f4c04dc71fee0b1b115da8c9671d1e21bc6 201896 libgsoap5_2.8.17-1+deb8u2_amd64.deb 2dce2f2c6d3038929b7d076f2f870a91b12b0b882d264c3f8cd3275948306320 202136 libgsoap-dev_2.8.17-1+deb8u2_amd64.deb a2c2c2ad3003e28a3aabc2fe0d2d584c235cec6318b54b7cbadbd28a22c77eee 695936 gsoap_2.8.17-1+deb8u2_amd64.deb ed1abeacf9f5ace083cdbecd2fdec0080e5f97a6380dfb35a6bb04206952d216 544336 libgsoap-dbg_2.8.17-1+deb8u2_amd64.deb 7c20ead1d17685e13cac85710b93a92c76fb8f421aaf2b8dd1b671dc4f81605f 1898648 gsoap-dbg_2.8.17-1+deb8u2_amd64.deb b97b1225bbfc9f1e98f6e608435fe083327e24d8cdbcc2224cff14bfdae5a3dc 3261966 gsoap-doc_2.8.17-1+deb8u2_all.deb Files: f9b7a2d25ad3715357a8dbb08827c4ac 2223 devel optional gsoap_2.8.17-1+deb8u2.dsc 6da6950609b0656c12d6fc4704c5f843 5291604 devel optional gsoap_2.8.17.orig.tar.gz ebd4d67b34feddf6238cb38aec7c66e2 14428 devel optional gsoap_2.8.17-1+deb8u2.debian.tar.xz 01e4f01042488da9643e24dcc41ca942 201896 libs optional libgsoap5_2.8.17-1+deb8u2_amd64.deb c667aa17fb9c7c7ff84426eb6b961835 202136 libdevel optional libgsoap-dev_2.8.17-1+deb8u2_amd64.deb c8efb79162204ad112eaa98a4af3a2e3 695936 devel optional gsoap_2.8.17-1+deb8u2_amd64.deb 5d9e94f28d9ac1cd5997fc1756125dcd 544336 debug extra libgsoap-dbg_2.8.17-1+deb8u2_amd64.deb 30cbfe5259d47d48b6d52ff9616d9e88 1898648 debug extra gsoap-dbg_2.8.17-1+deb8u2_amd64.deb d6381450bb77362127471aba0229b35d 3261966 doc optional gsoap-doc_2.8.17-1+deb8u2_all.deb
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlxq1isACgkQHpU+J9Qx HlhR5hAAk4/u+DmvfU4ID7m9bbtjn3YgUVa3p6x4KZlvWCbhE/y9pM0v4DX4Fw7S kIOT6XjPgnuD0YHzEUI5WGZvaa+m8CQZE2p7VNJuECclFv0Q3NJ3azHd/O6Ncd+w JkEkU6gUez1BgqekyGx+TFfQbW4PdK38vjyQYxGsBCCTWHnqr8Z77rOaMya4gDRy iQIXmMP7Xr8MkKtA9LHV31jJ8mgtF3iROpnVx4Cvk88r0JYYt5zlabRYPNPIoCRm ChNfCEGlZXqaiXxPl7GWbDQbiMgtbPgILJYBdho5mEcZSWyGwEQRujWKoKh4sq7Z 7PRStLquOeup582WpHoODjKe1ss8iWE4rhstuprU4mn4sAZzEyrkibNZNSUxMhB+ p8Q/tG89+rECqGFhDLYYR2gqG81EHsD7QBJPi18RZKP+vMcutRy35BDxxyMYU0L7 AT6OMTKnZrh0Lqffv8WSNf0aXZYU75nzvb58kgMEGnbAsq/tPLlsMsZF+eYAAgWM RE7qeCMMg6I077tU/jTQjTWGTy8oS5EAZNNTJElzTgTXRwzqv+iKvNXdCmLxCqPu apIbr47cnMrgc8lP1cpKcf/ZCQYH9WYWu39w0vO14jgwFjqLMulzLArl4EOljuXj MuavIoPp3frZzUdnhlLlvPpMEBA0EyC1ukkCWFZRRO9eCvoP+zk= =/qlv -----END PGP SIGNATURE-----