-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 09 Feb 2020 15:18:36 +0100
Source: ppp
Binary: ppp ppp-udeb ppp-dev
Architecture: source amd64 all
Version: 2.4.6-3.1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Marco d'Itri <m...@linux.it>
Changed-By: Markus Koschany <a...@debian.org>
Description:
ppp - Point-to-Point Protocol (PPP) - daemon
ppp-dev - Point-to-Point Protocol (PPP) - development files
ppp-udeb - Point-to-Point Protocol (PPP) - package for Debian Installer
(udeb)
Changes:
ppp (2.4.6-3.1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2020-8597:
Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp,
the Point-to-Point Protocol daemon. When receiving an EAP Request message
in client mode, an attacker was able to overflow the rhostname array by
providing a very long name. This issue is already mitigated by Debian's
hardening build flags.
Checksums-Sha1:
80e7b1a76b10f86e7f75b0b1ca4e62ae36742b85 2185 ppp_2.4.6-3.1+deb8u1.dsc
0fd188b28cb8fdc81d2eaa15b78d3ad9c93344f4 687744 ppp_2.4.6.orig.tar.gz
9f53afdae18960e6da8fd89ef44f42d2ee835dd8 93012
ppp_2.4.6-3.1+deb8u1.debian.tar.xz
0d0edcb7a7385bfd5711bbba05f8b92f925aa128 336908 ppp_2.4.6-3.1+deb8u1_amd64.deb
fca595132adaf7cbf5ecb1fdfa826ec6a1948500 120280
ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb
51f958bf0c29fa29969a5b7a7a8e7919c51f3825 55148 ppp-dev_2.4.6-3.1+deb8u1_all.deb
Checksums-Sha256:
b9f9785db3d4ee3bed5515aa3253ffe8c12bf8126048e50d3f093ed5b036689d 2185
ppp_2.4.6-3.1+deb8u1.dsc
1b33181a03962c8a092c055fb9980e9722728a8d98a4bb7ec7acda17c1b1b49d 687744
ppp_2.4.6.orig.tar.gz
29c1c645b1c66129af198d5c42258cedc64f5b55d91662e1b996fe0e6edef1b8 93012
ppp_2.4.6-3.1+deb8u1.debian.tar.xz
5f8b462171f2bc5880e6bc43a96db07ea7231e05ef8ced303073da1480279579 336908
ppp_2.4.6-3.1+deb8u1_amd64.deb
a04fe66350fcd245abfff1c23224babcb8b32f5e5855272581c172c7282430ed 120280
ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb
f19128489afcdb700016a86900303b8eeba4ee8b68c1c757e2e7c54d4c7f1388 55148
ppp-dev_2.4.6-3.1+deb8u1_all.deb
Files:
999952fcb94d7c6c20b388246c9ce403 2185 admin optional ppp_2.4.6-3.1+deb8u1.dsc
3434d2cc9327167a0723aaaa8670083b 687744 admin optional ppp_2.4.6.orig.tar.gz
e10845bd7aa484f91aa4cb3170053ffe 93012 admin optional
ppp_2.4.6-3.1+deb8u1.debian.tar.xz
139c4697241ae175ea9bc8149cc2aa50 336908 admin optional
ppp_2.4.6-3.1+deb8u1_amd64.deb
2dfffb56ae04ec37d3eecb62497c2dae 120280 debian-installer optional
ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb
65735d9a232d1d9d6fa993fdda79c052 55148 devel extra
ppp-dev_2.4.6-3.1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl5AIuFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkhd0QAJctISyoG0piO5il69CGHj4wr+aA82hkWFer
ixkz0tBBSAoMar7V0i7swBuR76WyQwbT2f7+l3sKpVPnWX7hml+965trO7OHoWTT
qK76IssWloP2YpBpktaosHXDqIbm53EjxZYncYc9NLTOkRnCNn7IRimg95+3xoNd
Dd6wjZWNjMZr7msz+C6K4T+blew/mQYv/3VvjeuuF+qohMQPhF1TUnRlIALaSJEM
L3mGe4OJ1sVQTHdXDO2PEdPqIMoHpc9wvbC0kRkkz9qC77ChMzd0+ETAChadzbI7
Er1qcse5sKoP5jLIqKJkirbhv/82dyoIVoJHC+Ao0cne7XCJgEY4WrnX+YCv4kaC
USyqY8a6Kz+j2i0Yr0d5SM+9lzdq8GO/vkhBAIRSlu81ELBEqJYLVreCndsm3uAp
ozpZ0k6p1BIxdchnCAmBMuQg8XttNtIOxB/BiwLhMf1XQnUPiC5RNZMPEal4QC+t
ScQ8ln6+O9YrR+HOB24HdGHtF3DOyrIeaZasL5Kg+yn7VTVWh82E16tekaDdzOI8
vwpT2LdYJ/mPgK4g+Q98fLJA80aZQasQFvyUI5XkqZUl0sJyHPtCVyqv7F0Z4xBV
tqQFAKWMR1UGspm41J11sy/+cIIAMiC2fQ7wvjUjaQKX+ORS6AC5uZYVJl9Jqpcl
8qvWarkT
=OIss
-----END PGP SIGNATURE-----
