-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libthrift-java Version : 0.9.1-2+deb8u1 CVE ID : CVE-2018-1320 Debian Bug : 918736
It was discovered that it was possible to bypass SASL negotiation isComplete validation in libthrift-java, Java language support for the Apache Thrift software framework. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. For Debian 8 "Jessie", this problem has been fixed in version 0.9.1-2+deb8u1. We recommend that you upgrade your libthrift-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxbRsRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeRNmA//afk6MtiKKgapjlAsD+rloK2Wdbe5v84bb39otnjtNkQJZ98sVudb4rZo Op6OAYLeDpnRmDKEJbas0wVnDBRgdZDGppvpZc/7N231S05pF/eHRxTH6EqHFCy2 kor3Kj5j76xFpya19JubXZ/McSB+SWsIMnZyEl2xyei42OgkrtEw5uXDLCIieduo zWtJoRjBuPF6a8g3DTvvngxUMpHVAiOViytJwJz//So0Weo9jW3yegZkgzGRZ53k GCA76HndzLLl45Tv/7xefkQePu59RMXVosgwAdAk2/NoWlR2ug0ZDU+1x5SYa3iL bRMYlCRMMDQOmJvUJfbbJ9KoYUPhs9N9J2K0oo6d6xsUb91rh2Xk4SsZFwycQwok q+wAR0EA3wBE/OqXFOFCX+7eGShObpBhrLDuBdQDO3XNsgiaJ1bczrTXxRrbQDvB HdzWVT59OZ+kSqSSepXPFxGVRZl66/J76jL1FpKYqfzJlW5Hlo1l6zbH7WpHjg0R +JFo5EK9r7iNSGwazT4Hxa2VfVxZG6SAvcfYRpVDGMsdmLJ55H5SJmzZukD5ZKkJ k1P/aS/UGUaATAUoDEdaxdTP27JdzjmHEzbWNKGfQYWd0UB+XJdJtidyL/jiZQop DkKa436uS0H7aZJRz7hvQqRYasjDjdKca34NvrgrI5t4Fbu8FCs= =nk10 -----END PGP SIGNATURE-----
