Accepted easytag 2.4.3-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Sep 2018 18:31:35 +0100 Source: easytag Binary: easytag easytag-nautilus Architecture: source Version: 2.4.3-1+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: easytag- GTK+ editor for audio file tags easytag-nautilus - Nautilus extension for easytag Closes: 855251 Changes: easytag (2.4.3-1+deb9u1) stretch; urgency=medium . * debian/patches: - Add patch to revert upstream commit which causes OGG corruption. (Closes: #855251) Checksums-Sha1: abd8ac428ac9f76b72ce875bf738ae2d34cd7125 2520 easytag_2.4.3-1+deb9u1.dsc b760dc16102b99877b136731950a3cf5e10c84e9 13280 easytag_2.4.3-1+deb9u1.debian.tar.xz 166a1e09d2c8d21489319668fa28f8d440700c69 6934 easytag_2.4.3-1+deb9u1_source.buildinfo Checksums-Sha256: ab82dfac7449dfc5684e7c91990ce1fbb2dbf970fc35f97d2d255a977c79c458 2520 easytag_2.4.3-1+deb9u1.dsc ecf94cc42f0f5328a2928c2dbb4bd41915e28f674c2a45b39b8c36894978b48f 13280 easytag_2.4.3-1+deb9u1.debian.tar.xz 7398b7120626e411c05b505a23a3198074c4b0b7b8bd07eadcd28d4fbb845ac4 6934 easytag_2.4.3-1+deb9u1_source.buildinfo Files: 8880ec1ffccf680d07485d3c3b05cbd5 2520 sound optional easytag_2.4.3-1+deb9u1.dsc 02b5f662d1305efbbcfd865e905fec05 13280 sound optional easytag_2.4.3-1+deb9u1.debian.tar.xz 2f3a3afcdd24501a2e56ae79f604cbb9 6934 sound optional easytag_2.4.3-1+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlu5L5YUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/jGRAAuKfoathOQ790SlbfkckOwzDoFw0C 1dfbJULJCTXg41rLqknq6BQCym2TbVN8OtIYLvp0EMclAkZWE5jKDMEgXdy8VIgg +4TY2voYpb+9ETSBrT1zpECWCLtAiLuJDa4ZfKXpapaO5g+JC9IedJ0mW4WbNlgK XnmEvvagQ65GQWAtRwD2wwt23c5m3aFk0cXdmpcp8RqQIrG/oOph5NbQ2ViGgCFi Wa5S7vlNJiqRvfPrCSSJChwX/ni4/btA+OKafjYiPiPN7kpM92GP0u5jajqu3Jbw Qx2HKTRdB6Z+S+7eGdPBT+T0OsojyuMtd46MLBP6DB+/jBkLFhNpUa5VX418TA9D ab/NqJ119GwyYYEW+ASsVylvRyVLjGuK0EQ7P4ForxyFbAFozSqkOpKfuroJiSCo +W290RcbwZD9IoeESvP1X9SUbkH0kVZkl9oCuEXqiFMuBoewU4Xgw3SZiUdIFsBR X5Lm725Wov4V8yj4biwKZ+3KUIHJ0LJtD6ynwvLqYGnRLkjjgo7+Q2Q4dJWgB247 U1+V2p9z+46VVP11o4eSP3mR55t/cF48xwY+xJM2O2cWsfQ7QesUm/+s4+VU9f+l YpyrqVtavT3lBDtXiJ8D9Kgw/Vg6XNzqSqcfEPBocJ8u7NY21VT4+9t5uT6RkHPn egefHC/JgB3OOBg= =WrhN -END PGP SIGNATURE-
Accepted mbedtls 2.4.2-1+deb9u3 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 09 Sep 2018 17:02:04 +0100 Source: mbedtls Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc Architecture: source Version: 2.4.2-1+deb9u3 Distribution: stretch-security Urgency: high Maintainer: James Cowgill Changed-By: James Cowgill Description: libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library libmbedtls-dev - lightweight crypto and SSL/TLS library - development files libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation libmbedtls10 - lightweight crypto and SSL/TLS library - tls library libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library Closes: 904821 Changes: mbedtls (2.4.2-1+deb9u3) stretch-security; urgency=high . * Fix CVE-2018-0497: Remote plaintext recovery on use of CBC based ciphersuites through a timing side-channel. (Closes: #904821) * Fix CVE-2018-0498: Plaintext recovery on use of CBC based ciphersuites through a cache based side-channel. Checksums-Sha1: d0705399d14dbdbf1488afa9c84789004106a7c5 2248 mbedtls_2.4.2-1+deb9u3.dsc 411df5eb37ccf2bcfe2b1307aa230db268ab7672 22532 mbedtls_2.4.2-1+deb9u3.debian.tar.xz 946db2dec95beb9a18cf636e2691230e13f0e3ca 6445 mbedtls_2.4.2-1+deb9u3_source.buildinfo Checksums-Sha256: f4ae68e62a946e1109ef1cf1053a3407e4287bf911ae80911eb1edc03de69f17 2248 mbedtls_2.4.2-1+deb9u3.dsc 3fb2f86d4105acf75426b1ef42372e3b3018245ac32707be160b9c482857c646 22532 mbedtls_2.4.2-1+deb9u3.debian.tar.xz 2b094de754cfc61d859e6a054027514c442136103fd8fba5b6a3926aa7176d1e 6445 mbedtls_2.4.2-1+deb9u3_source.buildinfo Files: 00f721aa1184ae9d5a2e01236baaa8f9 2248 libs optional mbedtls_2.4.2-1+deb9u3.dsc b396c58921b5459ac77710feb62e2fcc 22532 libs optional mbedtls_2.4.2-1+deb9u3.debian.tar.xz b821ebf69287ab9bcc43c514b694f886 6445 libs optional mbedtls_2.4.2-1+deb9u3_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlua254UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe9T7g/6A7HE/0KbDMiZWni2MFw0eWuygp95 IiH/+CW0RbZ7iqNCcxTosevx6DpKDt5A6Rbp1FY6mfG/C8WsQ2i6fjSNMRkBIv7G yVsEowXyQGQrLygs6bqPQbewW731oiFrLgLd7a6fSzX1npnzwUPo29D9Ok95yC5R zBdRr9JOxgw3QST5brCQragfvVm5Ve2B9/v6o9678AlyaIBa6U2+1/X8IRiVxAJL A5/YwhAA7x8HE7FHPO0dp929+Xjd5okg5LuoshGLXkqUqIMGm6VRjoefESz6sbhX aKhVwYmwJdtHSYvyQQN4TstPI0JZW4CN3ocWn9GjrXtHlPsFqFN59fk6ipKlTrpA giIS3AJVk4j5Ng7fL8jCNyjzm69oL/Rwzkp2Smy6oojp0BFgIUQC2woa0pPgGJ+d XS07AE62XmrFemTUGBzSLOa9eWXJ4Fv2LzjdSr63Zv8cAhWrHWevLhuTi8ihRRg6 PZ5CK45VSMXh31N0vr5msesf/Ix8TJOFZGZVF4NDtCS1NEM8wvw+2OR1pZKzcqcR Jw2kRQTrCkrO3/qfEntWp5llAIsWr1eyq2WhgRYNvtZZN8DxmhK2GGhmwpmv52iU 9jE7TlB1+oe2xg/HJLfgvXzlmH4VWUd9obUdGtTYsyCsj2GG0vURwUssfaUCVwQ/ q2+khpSrsWgyta0= =X8wR -END PGP SIGNATURE-
Accepted ffmpeg 7:3.2.12-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 28 Jul 2018 16:27:42 +0800 Source: ffmpeg Binary: ffmpeg ffmpeg-doc libavcodec57 libavcodec-extra57 libavcodec-extra libavcodec-dev libavdevice57 libavdevice-dev libavfilter6 libavfilter-extra6 libavfilter-extra libavfilter-dev libavformat57 libavformat-dev libavresample3 libavresample-dev libavutil55 libavutil-dev libpostproc54 libpostproc-dev libswresample2 libswresample-dev libswscale4 libswscale-dev libav-tools Architecture: source Version: 7:3.2.12-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: ffmpeg - Tools for transcoding, streaming and playing of multimedia files ffmpeg-doc - Documentation of the FFmpeg multimedia framework libav-tools - Compatibility links for libav-tools (transitional package) libavcodec-dev - FFmpeg library with de/encoders for audio/video codecs - developm libavcodec-extra - FFmpeg library with extra codecs (metapackage) libavcodec-extra57 - FFmpeg library with additional de/encoders for audio/video codecs libavcodec57 - FFmpeg library with de/encoders for audio/video codecs - runtime libavdevice-dev - FFmpeg library for handling input and output devices - developmen libavdevice57 - FFmpeg library for handling input and output devices - runtime fi libavfilter-dev - FFmpeg library containing media filters - development files libavfilter-extra - FFmpeg library with extra filters (metapackage) libavfilter-extra6 - FFmpeg library with extra media filters - runtime files libavfilter6 - FFmpeg library containing media filters - runtime files libavformat-dev - FFmpeg library with (de)muxers for multimedia containers - develo libavformat57 - FFmpeg library with (de)muxers for multimedia containers - runtim libavresample-dev - FFmpeg compatibility library for resampling - development files libavresample3 - FFmpeg compatibility library for resampling - runtime files libavutil-dev - FFmpeg library with functions for simplifying programming - devel libavutil55 - FFmpeg library with functions for simplifying programming - runti libpostproc-dev - FFmpeg library for post processing - development files libpostproc54 - FFmpeg library for post processing - runtime files libswresample-dev - FFmpeg library for audio resampling, rematrixing etc. - developme libswresample2 - FFmpeg library for audio resampling, rematrixing etc. - runtime f libswscale-dev - FFmpeg library for image scaling and various conversions - develo libswscale4 - FFmpeg library for image scaling and various conversions - runtim Closes: 904123 Changes: ffmpeg (7:3.2.12-1~deb9u1) stretch-security; urgency=medium . * New upstream release. - avformat/movenc: Write version 2 of audio atom if channels is not known. (CVE-2018-14395) - avcodec/imgconvert: fix possible null pointer dereference. (Closes: #904123) Checksums-Sha1: 73f1d1e715973ce44da8221f7d677c3897a713a7 5187 ffmpeg_3.2.12-1~deb9u1.dsc 1032835d309d0d18ed9e0ab49994522b21519db4 8035844 ffmpeg_3.2.12.orig.tar.xz b50f117dad961fa5b965cbeee276adc24c8cc702 473 ffmpeg_3.2.12.orig.tar.xz.asc d6a65b523a02d0eae04831f3ea8ba0d6327066a0 39528 ffmpeg_3.2.12-1~deb9u1.debian.tar.xz 99da23fd240ed6f46460ec7ed3e57ba23bb8075e 13550 ffmpeg_3.2.12-1~deb9u1_source.buildinfo Checksums-Sha256: 081f5b48e5e3fb60618f49c976763f9b1f7dc8e339f2adabcd15744951410327 5187 ffmpeg_3.2.12-1~deb9u1.dsc 8985cea7b1b3b2e0e2b2a8ac6187a7fb022fe8aa9d35101760a000205c59c412 8035844 ffmpeg_3.2.12.orig.tar.xz 078f2c030b37e307a8d8b951c3491adb89b5ef363d3d1475e54dd89a9549c428 473 ffmpeg_3.2.12.orig.tar.xz.asc 6e3346336f6e0869db82353192edeb8490ae70515a0c16160038f0dc4555b223 39528 ffmpeg_3.2.12-1~deb9u1.debian.tar.xz beca2af134b029dde59e923d135840c64dad326bd42b28354db14aaecbed7c3b 13550 ffmpeg_3.2.12-1~deb9u1_source.buildinfo Files: 7e4e91a53ea00bce5874f08c39ea5e73 5187 video optional ffmpeg_3.2.12-1~deb9u1.dsc 3645967ff8fbcfb74a19c8c6809fb2ec 8035844 video optional ffmpeg_3.2.12.orig.tar.xz 84fe394361a344b650fccae73e162d3a 473 video optional ffmpeg_3.2.12.orig.tar.xz.asc 1a27f67c635a6bc2556bdb765b07b042 39528 video optional ffmpeg_3.2.12-1~deb9u1.debian.tar.xz 87b76d90f490eb7a6845a5b1bf63074f 13550 video optional ffmpeg_3.2.12-1~deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAltdJHAUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/jgA//U+VDkSBIx6R5LVBq/zq+gzIqaD7r qgmIsdahzk4eRO7WMxK1RIzz/7yfXX/Vf4Px9G4qVXyZ5EzllmVTcBYZ7UH5ENss nC+GRGl420HOQHyrfQ2voJM9I1J9Mw6c37I4n8tfXPMdBwME8oJF46biZPycIZ07 idFl7ga5ZfjpOz7QVx/qdX7QP1LkakKHh7lthpmSb+5DDPmQhkz/WhLGXpvAhTWB gyTGBhcXV9on5nhrQH822y5Ub++7S8qoGoKWIgdaqxI9jUGUD5YQI3vwuAmW1oD0 NnARMkspC8abede9PydB4t/k5vr40is1jHMkGU+Y3uvOOWi3cnaiWCd6sOh3AE8Q y6Or+t+d4lLM1wEh7ypAZQxsbk4TCJD/WtohyY4WQTfzKx9gg+FS8UfoQMVhtNdc kqoiyuFJr3loOMyu03ekmaoct/bR97vHXh/Dtxhbf/jOPiIyUOKHtw2HI5MG7JWJ
Accepted ffmpeg 7:3.2.11-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 13 Jul 2018 23:29:52 +0100 Source: ffmpeg Binary: ffmpeg ffmpeg-doc libavcodec57 libavcodec-extra57 libavcodec-extra libavcodec-dev libavdevice57 libavdevice-dev libavfilter6 libavfilter-extra6 libavfilter-extra libavfilter-dev libavformat57 libavformat-dev libavresample3 libavresample-dev libavutil55 libavutil-dev libpostproc54 libpostproc-dev libswresample2 libswresample-dev libswscale4 libswscale-dev libav-tools Architecture: source Version: 7:3.2.11-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: ffmpeg - Tools for transcoding, streaming and playing of multimedia files ffmpeg-doc - Documentation of the FFmpeg multimedia framework libav-tools - Compatibility links for libav-tools (transitional package) libavcodec-dev - FFmpeg library with de/encoders for audio/video codecs - developm libavcodec-extra - FFmpeg library with extra codecs (metapackage) libavcodec-extra57 - FFmpeg library with additional de/encoders for audio/video codecs libavcodec57 - FFmpeg library with de/encoders for audio/video codecs - runtime libavdevice-dev - FFmpeg library for handling input and output devices - developmen libavdevice57 - FFmpeg library for handling input and output devices - runtime fi libavfilter-dev - FFmpeg library containing media filters - development files libavfilter-extra - FFmpeg library with extra filters (metapackage) libavfilter-extra6 - FFmpeg library with extra media filters - runtime files libavfilter6 - FFmpeg library containing media filters - runtime files libavformat-dev - FFmpeg library with (de)muxers for multimedia containers - develo libavformat57 - FFmpeg library with (de)muxers for multimedia containers - runtim libavresample-dev - FFmpeg compatibility library for resampling - development files libavresample3 - FFmpeg compatibility library for resampling - runtime files libavutil-dev - FFmpeg library with functions for simplifying programming - devel libavutil55 - FFmpeg library with functions for simplifying programming - runti libpostproc-dev - FFmpeg library for post processing - development files libpostproc54 - FFmpeg library for post processing - runtime files libswresample-dev - FFmpeg library for audio resampling, rematrixing etc. - developme libswresample2 - FFmpeg library for audio resampling, rematrixing etc. - runtime f libswscale-dev - FFmpeg library for image scaling and various conversions - develo libswscale4 - FFmpeg library for image scaling and various conversions - runtim Closes: 864917 Changes: ffmpeg (7:3.2.11-1~deb9u1) stretch-security; urgency=medium . * New upstream release. - avfilter/vf_transpose: Fix used plane count. (CVE-2018-6392) - avcodec/utvideodec: Fix bytes left check in decode_frame(). (CVE-2018-6621) - avcodec/utvideodec: Check subsample factors. (CVE-2018-7557) - avcodec/utvideodec: Set pro flag based on fourcc. (CVE-2018-10001) - avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header(). (CVE-2018-12458) - avformat/movenc: Do not pass AVCodecParameters in avpriv_request_sample. (CVE-2018-13300) - avformat/movenc: Check that frame_types other than EAC3_FRAME_TYPE_INDEPENDENT have a supported substream id. (CVE-2018-13302) * debian/control: - Add Breaks on vokoscreen << 2.2.0 to libav-tools. (Closes: #864917) Checksums-Sha1: 4fb4044f57a6b9c067252c1d054d2e877ba27fe8 5187 ffmpeg_3.2.11-1~deb9u1.dsc 863ac196fc90e37d724b008a734f3c2d8e301744 8035116 ffmpeg_3.2.11.orig.tar.xz e30adc94350a117b57826f72c560ad70f35dd606 473 ffmpeg_3.2.11.orig.tar.xz.asc bf1c6aaf9162edbfed07394711f8a7ad6e180b6f 39472 ffmpeg_3.2.11-1~deb9u1.debian.tar.xz 46a8abf275c207b0df7130c89cbc75aa7ee89c2c 13382 ffmpeg_3.2.11-1~deb9u1_source.buildinfo Checksums-Sha256: b669edb5eb801f6729acc8715499c7105b1ba0d10abd15230d438b7376de409a 5187 ffmpeg_3.2.11-1~deb9u1.dsc a7270f5dc64b1b90fb4c0165a783c037ae47c315f1f67a72bdbdcb0181fbbece 8035116 ffmpeg_3.2.11.orig.tar.xz 5f8292ca43112c41e7efde20356e17b7d5a606d886bc76e929793d055b2f64b1 473 ffmpeg_3.2.11.orig.tar.xz.asc 2a3bfaa311431f95c6bda82bf7ac063d0afe55a492f6dd7ff818639b0d453e81 39472 ffmpeg_3.2.11-1~deb9u1.debian.tar.xz 172db5220b0764b637e9dbd81238709046bebc04dbbd866cc1c9ca1d3a2b1ce7 13382 ffmpeg_3.2.11-1~deb9u1_source.buildinfo Files: d2140fd20f148b401b4952b03a444cd1 5187 video optional ffmpeg_3.2.11-1~deb9u1.dsc 5851e2436632dd7ca3f48e62757dad29 8035116 video optional ffmpeg_3.2.11.orig.tar.xz c46b3a7bebeaa0e79686bb5f1997fad9 473 video optional ffmpeg_3.2.11.orig.tar.xz.asc 96f3c05425c5669eb1eb3a7a9d9c61b2 39472 video optional ffmpeg_3.2.11-1~deb9u1.debian.tar.xz a4185626dbd85857f9fe8b5723f65d64 13382 video optional ffmpeg_3.2.11-1~deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6PO
Accepted libopenmpt 0.2.7386~beta20.3-3+deb9u3 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 12 Apr 2018 10:14:53 +0100 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.2.7386~beta20.3-3+deb9u3 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 895406 Changes: libopenmpt (0.2.7386~beta20.3-3+deb9u3) stretch; urgency=medium . * Add patch to fix CVE-2018-10017 (Closes: #895406). - up11: Out-of-bounds read loading IT / MO3 files with many pattern loops. Checksums-Sha1: d18da24ce6efd21d712f1612d88295c8cdbd9a6f 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u3.dsc e60257c13f93262cbb8ed98a8c850f84796b5d41 15604 libopenmpt_0.2.7386~beta20.3-3+deb9u3.debian.tar.xz 59acc0af77d8313e1731c3607edc65932cc83fe3 7620 libopenmpt_0.2.7386~beta20.3-3+deb9u3_source.buildinfo Checksums-Sha256: cd48ba2b9e319687195402e7579b520507941589ac056cce8ebab37c81db93d1 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u3.dsc 288a50918943329406f9d605f8f479e7ca102d9bc6a7e1be88ff0fbab6b38630 15604 libopenmpt_0.2.7386~beta20.3-3+deb9u3.debian.tar.xz 292918421a6f6cdeddf0e32a8e1fc63c67076886a5e25e9b683ed894fd5d1d57 7620 libopenmpt_0.2.7386~beta20.3-3+deb9u3_source.buildinfo Files: a11c9cdd220dbc4d72f5bad1fb632ed2 2721 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u3.dsc 846923fa9697b7a8ee961f4553b35f9f 15604 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u3.debian.tar.xz 159c721b0b0c61745f04ff004ee3ec66 7620 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u3_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAltCgH0UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe+s+A//cc3hJ4oh0HGlSILv3fXnxYczvJkc L3mqk3A8y1CLwE8qF4PCu7E0zBk+/IDISGC3zN8Db4A6ctz9ATRTz9LJh31+2rEe YP9ip2V74EPMzvyYow7w62+A9KnfZ4YfWZOo/A5oCbrIu8Nn+Mojxfne8/QvcqbC eb7bx1WlWB0DMySzlv+48ve/SK6ebv058QHXmMKaOaCM0a139DMdYctQRxhR6t8H LFSH9dO5188mHhl/PqL1Bb56e0qHP8boYzriDwsaWRnshwS6aQehNeiD5fxdB8om yleBLENHAKd2IuqRoy53oOJB5dJzQSkUE6858wOzMBM5yrvDCIBPwbw8t2A6YBx1 mOJD/00AxshNZXiHMn8J/Hhpc02uZztoJePbBN9usHdXVYkQTkUKeD6YWcfrp2Vq 8jkgwaGNGbuheQA/m3U8c8GiqFqDmKJj8p0T1pvpb0j0QnpZz2u956u2m6cBX+s4 T8l4wK7nKE/gF9Cs/3f48oBUdGTASbNMutYjjVpJuwuGeJS8+9ILFXYom3YlNCTq ZGYS3gFH+qYTzEwpFDfAIGgoIrUnxl5bJ0jnPNXm5oyvU0HyTYoBo3g/HYuCiBip J6LhJ38Bt3l/DOW5mrPWcW2iagMTDkmr4EYojH9gUHjp+9sujVouaOSGVi2tq1HT fhfRuG4NSgPrX9w= =M46a -END PGP SIGNATURE-
Accepted soundtouch 1.8.0-1+deb8u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Dec 2017 16:37:31 + Source: soundtouch Binary: libsoundtouch-dev libsoundtouch0 libsoundtouch0-dbg soundstretch soundstretch-dbg Architecture: source Version: 1.8.0-1+deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libsoundtouch-dev - Development files for the sound stretching library libsoundtouch0 - Sound stretching library libsoundtouch0-dbg - Debugging symbols for the sound stretching library soundstretch - Stretches and pitch-shifts sound independently soundstretch-dbg - Debugging symbols for the soundstretch program Closes: 870854 870856 870857 Changes: soundtouch (1.8.0-1+deb8u1) jessie; urgency=medium . [ Gabor Karsay ] * Add patch to fix - CVE-2017-9258 (Closes: #870854) - CVE-2017-9259 (Closes: #870856) - CVE-2017-9260 (Closes: #870857) Checksums-Sha1: 9e237652032a14d21c2abd327851564ea3891477 2346 soundtouch_1.8.0-1+deb8u1.dsc 8ab564beaa3c6fa9b6b038a43bd5207b76b6d976 9372 soundtouch_1.8.0-1+deb8u1.debian.tar.xz 388b94bb9130cb279115f2f99c167d6148d6ef03 5670 soundtouch_1.8.0-1+deb8u1_source.buildinfo Checksums-Sha256: e968dcc54ed47d95879bc47f1bffd2b7b0d92937a1594d264771a27589100108 2346 soundtouch_1.8.0-1+deb8u1.dsc b3dd3ab45da8f5fb8ff43b1702739c60394098fe7dec6a04351baf9a7bb97dad 9372 soundtouch_1.8.0-1+deb8u1.debian.tar.xz f25618c13f71850fbc752c8d296b34b73bfbfa5e2ba2f841dbe9db383c47ae20 5670 soundtouch_1.8.0-1+deb8u1_source.buildinfo Files: 50648b929fd76494a448e9981fabf1e8 2346 libs optional soundtouch_1.8.0-1+deb8u1.dsc 5542642492bc9b4e0ca19fb0ab4d4f7a 9372 libs optional soundtouch_1.8.0-1+deb8u1.debian.tar.xz c877ce786d8257fcecbc9780e860c5c9 5670 libs optional soundtouch_1.8.0-1+deb8u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlscCXsUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe8n0hAAmHOEtWnFsGwpww8i2YMvjYMWBUll Sl8kwZaeVLVhxmFxlp52tikzqQLFny1FSgqF5hfccvlEap4H4L/oz3jksUjTYmOF Z8lApKuqDIDjH+l7ND0DGb5SSEg7/j3Y4KMGiBrb6NZTTErfh4IALldu1QcNPM0k xas1KDh51fa32sDv2Jg30vreEyQMD8C//LJopwhMa7NbW/oDpjhuqfRYYI7kVrTh 9goEJG86O2lqpNJejGoFG3DV12Dav2qNJAgK14M7uwPLlORP7Ay0kWVbfi8XN/Ks tpDoSDrxFfXLv/mcRxgAvtQZTGgK3P5KP8KxIMEXwVpBiyvsIPvRFoE/SEaEnOm9 5gNZ8lAsmfXVZ2eiTVyx1fVIH5HvUQvOYcwZfxsAmO8q+Md412/fpK0XsLmupHod nFbAYI8G5uwLGiVMWab5IIVavllRsb+HuTqy7ziHgB3fAhjUegLhb71ct+4jgkxF PfTIYWptpyZALEKUJFk9RlvoMwWbR5fnEKbV3RfOA7c1Ur5VP29fIICGOP58ePmi t5UCj86OUAniAa1BmynwAE80G0QGFfOPVthC8BWQHG83BQa13vz48i+/R4gyYfEi YDzBnUfS7z2buA35jBsDe27f5oYLdgLr6g0olIaHSyQVceVUdKwOsFx8T7hJp1XE tBumNjUQRXKU6Pw= =YWRe -END PGP SIGNATURE-
Accepted polarssl 1.3.9-2.1+deb8u3 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Mar 2018 17:59:03 + Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source Version: 1.3.9-2.1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Roland Stigge Changed-By: James Cowgill Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Closes: 890287 890288 Changes: polarssl (1.3.9-2.1+deb8u3) jessie-security; urgency=medium . * Fix CVE-2017-18187: Unsafe bounds check in ssl_parse_client_psk_identity(). * Fix CVE-2018-0487: Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288) * Fix CVE-2018-0488: Buffer overflow when truncated HMAC is enabled. (Closes: #890287) Checksums-Sha1: 4b843426c0417fcb0d00ff10a7839f1b99fdf0df 1930 polarssl_1.3.9-2.1+deb8u3.dsc 0fa2ecded8576f3768f5cc606a21984df083cfce 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz fa6d549d0f7701186957152291e08538c4c2f229 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo Checksums-Sha256: 66174a84b18cccf01ee26ff3da3aaa8483beac0aade710dfcdf240992f5ba434 1930 polarssl_1.3.9-2.1+deb8u3.dsc 79c66f0394796dcbf023261d52917e2d7a0b7835a90f2f422b106f21ea2e98ff 15496 polarssl_1.3.9-2.1+deb8u3.debian.tar.xz a59c2dfee5466818c194883f03e5645d5f63630fff824fe369594cc584274362 5747 polarssl_1.3.9-2.1+deb8u3_source.buildinfo Files: f09da7fe1eb97c815ab4a32afb97451a 1930 libs optional polarssl_1.3.9-2.1+deb8u3.dsc d574a3dd1ec0a191bf9b7616c2357e8e 15496 libs optional polarssl_1.3.9-2.1+deb8u3.debian.tar.xz d38d0079688b6f0b62c26914e4c129ce 5747 libs optional polarssl_1.3.9-2.1+deb8u3_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqyKHcUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe8RRQ/8DKBLtY2v7jzmoTyxKS1XzyoqbOtl eu5ZiA54eEWWQY5DfkqJJipWOOMtek3taMnZ+qGM7KWlbfyj9QjusxkhDlVOrNxk uI33x6q26PAlahR29vTS3EFNpN5RRS1y6jsqb98R2Jf3x3KBYpqVZFu/BC2gRWW/ vhp1qZn8qSSy4XA1dlEp1XDiLFEhLFuUyqmg0gZyTRa5jPXCRHH/swKBR5jbibWg S0cMSyNk3mK97w3dOzgkDFozWTmFbL/zGv76qzA5d38Z+SHo2fp8darNsV0Q1F3o yBtY6q+MT85bugvh427sZAE4LpCNbiItLXzJ7aohPa88COIETa66WZdJ/R5vb+Yj Pa5KrfmoE+0k0g5WdGMwwOoi0DoFHHtdb2twNKll5jcFSkiXdoLoYATcW7z83g4K f9P+aq5Q27eQDB8LUI/vZYXbj9pS/WU0o9f881OiTV5MqE3pNU4xTS/rGLSJnh5Y 87Fx+eG41W+TIFmCw8T4sZUIUymaFq326CQVkcWgLJGit39pz+2zyvao31DU0Ylk /fOrnswPfOoAuI5CJNAojk3LaOZH3ATJSl2LMgeFN5kesuvS49huwJW5vGYD0bwk G4pMOVsYlOyZ4JM+p1NRhmybdrRM5+i2Kc1xTvnn8eJyyPL4fGO46zHuYRe4Y6y/ GhwoY8NEDFTvNIQ= =JiJF -END PGP SIGNATURE-
Accepted mbedtls 2.4.2-1+deb9u2 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 05 Mar 2018 18:24:47 + Source: mbedtls Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc Architecture: source Version: 2.4.2-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: James Cowgill Changed-By: James Cowgill Description: libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library libmbedtls-dev - lightweight crypto and SSL/TLS library - development files libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation libmbedtls10 - lightweight crypto and SSL/TLS library - tls library libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library Closes: 890287 890288 Changes: mbedtls (2.4.2-1+deb9u2) stretch-security; urgency=high . * Fix CVE-2017-18187: Unsafe bounds check in ssl_parse_client_psk_identity(). * Fix CVE-2018-0487: Buffer overflow when verifying RSASSA-PSS signatures. (Closes: #890288) * Fix CVE-2018-0488: Buffer overflow when truncated HMAC is enabled. (Closes: #890287) Checksums-Sha1: 63035736a04d0b6cbae6d6b150c0d41a1ad23004 2248 mbedtls_2.4.2-1+deb9u2.dsc 2ae3ae3fd203e642cce6f2953ae7edf452885af4 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz c0cd4d3a535190d028cbfa6b1ffdeb24262282cc 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo Checksums-Sha256: da25c581f6287a26542490736310f8df993893683545600ae9df95be4e412914 2248 mbedtls_2.4.2-1+deb9u2.dsc a7e72e80bdeb44f90555348ad40d5e31ed5f01d66d1583bd9a0ebb11ef7ad7fc 18908 mbedtls_2.4.2-1+deb9u2.debian.tar.xz 92179f5483779bb3b96c30f9f9c674964460bb2cdc444f8933f082842b3da02d 6713 mbedtls_2.4.2-1+deb9u2_source.buildinfo Files: d2e54e46950a48b3f8327288daa16ad3 2248 libs optional mbedtls_2.4.2-1+deb9u2.dsc 72515ee69ddd36c21e530ca77e5ed047 18908 libs optional mbedtls_2.4.2-1+deb9u2.debian.tar.xz 61b0614143b22a11ed8f4da9af858fff 6713 libs optional mbedtls_2.4.2-1+deb9u2_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqgUg0UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/uCg/+IlA5q+PXrRKxWlQ1cY1pF9yhmsdr MJS7L1Es+jlgWIOnQRi2sV6ojJY+vlz/EyXJEzzZcUIVW/QwX64kbkcTyJ0kx/Zy +BRRq5QIuHqr1NiBzZu2Bfq2oiW8HUGZie//z3hvRLFf7H1x1vi6ABWiPlIta3zb zIGu+iSVcDVhcvfdj7BdosB9I/osjyTR5wKB0B7n9GChNtRbc+Wnp/LxgNpb1rAT HzAs//QQ1sFCeI8p7pR1bdYLvqfccUQgg3ZuKUVmDpH7jjIWTjKfhLSXiAN02/5r +bYUAc+PiDQP/ZNPF6N/DLVm4P7xu05YSv+P9s7K15UpmuxPO3Lwap6FzFeR/+ec peuI5Sn4NYZph9lF/xeUZayvvl5pfmakwj+C8sJyrXTUxHnFOptyDVX+RB6A9mq5 kNTYgvTH9ubtMxDASNXY0hZWnXwwBXGy8Y2WcqLMwJXPadUVaiZbUZNPTwpCGl7s XD8a2hgYf0260g0JLAxaV3aS6lH1aYsK8VHJbwQrarz4+E5jqt3aI91vjm+3WBl3 TUPTDlXA9mMqVm8xWRcdenSKRhlyVdtU+coB13LBF9WJSl7a68BYe1eWEbXKfQl8 J32ynL8pRYnjrhRmbJ+r3Jb8y2mAHjnF6iABqrPZwXyIub2Oj4mN15xjSjmNFDjW xOOTEEiToJiVais= =yWul -END PGP SIGNATURE-
Accepted soundtouch 1.9.2-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 27 Dec 2017 16:34:15 + Source: soundtouch Binary: libsoundtouch1 libsoundtouch1-dbg libsoundtouch-dev soundstretch soundstretch-dbg Architecture: source Version: 1.9.2-2+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libsoundtouch-dev - Development files for the sound stretching library libsoundtouch1 - Sound stretching library libsoundtouch1-dbg - Debugging symbols for the sound stretching library soundstretch - Stretches and pitch-shifts sound independently soundstretch-dbg - Debugging symbols for the soundstretch program Closes: 870854 870856 870857 Changes: soundtouch (1.9.2-2+deb9u1) stretch; urgency=medium . [ Gabor Karsay ] * Add patch to fix - CVE-2017-9258 (Closes: #870854) - CVE-2017-9259 (Closes: #870856) - CVE-2017-9260 (Closes: #870857) Checksums-Sha1: f6311d3a446513fd25986ce3817cabe8cd850cd1 2346 soundtouch_1.9.2-2+deb9u1.dsc c24d113524abf8b0f278f559813fbacb6ac3f34e 8692 soundtouch_1.9.2-2+deb9u1.debian.tar.xz 67624629e737cab18585ff1826879b8abc71ef5d 5720 soundtouch_1.9.2-2+deb9u1_source.buildinfo Checksums-Sha256: cd25734b517ffc4a743bd7c57454ede82c201c2ad1e3d0ff3769fd6e83b402a6 2346 soundtouch_1.9.2-2+deb9u1.dsc 1a7a793bf522479e2ec965bdeb0fe727b232ff2600b366460310519332c6fe7b 8692 soundtouch_1.9.2-2+deb9u1.debian.tar.xz b3b422cfaceddfa40efec3aff1f39f1556066c9bca5a6df05c94b2762658b121 5720 soundtouch_1.9.2-2+deb9u1_source.buildinfo Files: d81c5f8abe0b82aa641a3222c0685c0b 2346 libs optional soundtouch_1.9.2-2+deb9u1.dsc 9c2bce5ab0f6f2bd4c844cba90db4643 8692 libs optional soundtouch_1.9.2-2+deb9u1.debian.tar.xz b2276a71b3260cf7e1298ef69f6118ae 5720 libs optional soundtouch_1.9.2-2+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlqAwMMUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/SThAAmpArd9kwvOeaJOXKwgnxW97uN/Eh fp6y7KssHSDJlYcTtd4TbtsX3F8yjtsF1VjjBEEgEp4nB73XHPXoQLUV6oHnjYsd XNQK1bZ300eTAK3uCaaf+zOTA6G0XLuul1pHqHpfPrZpifpPp9SHfjIM+v6aKSvu dkPx2vE4omNw7WCxKiuU+Q7jDny4kVucnnf5aeA/xoFYKDg7ho79H7ZZJXEE1kLa tndPTr5KqqZif70ufIMuA75m0mR4UOmJBZACV5AXUYvdU1UTPstUi7NX91ZGFAEf 6TqJGQG3YB+pDJ/ThZk+Rkz+n0jJf+NPB2bO/XK5BThT/9ISCX6Hy5NSPruCZg7j 65usjeRydBOEB8yCRgVnkDfmh+L+K6pHvAiV2wdnh/PdFuXAf7y7Bg3Ga9K6gvcE YJ4atEJdImhR9dwghXclDHLPEIzqbm05Cmn+Amh5TAr1RS1IFVPuu6Cho/dZKWHl LDqALW7gbhE57pcuPBwsYLcO/tPzubcsxEt+8D+laazEYtpDa1sDNZAzJMUe17z0 wGUZpM4xr6/fzrwApCoHtjwF9rSwXP3qMl1AFQ/By0i9+4hpoG8zrteJxxdYVz1R ewhcZy9BFkVtFw1+3xrcSlft1c5/JWcP5LYRz95qrth7EVdWCj5YGerjQgkVqxQ/ XMYk4MzWgySBguY= =czog -END PGP SIGNATURE-
Accepted mpv 0.23.0-2+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 03 Feb 2018 15:05:34 +0100 Source: mpv Binary: mpv libmpv1 libmpv-dev mplayer2 Architecture: source Version: 0.23.0-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libmpv-dev - video player based on MPlayer/mplayer2 (client library dev files) libmpv1- video player based on MPlayer/mplayer2 (client library) mplayer2 - transitional dummy package for mpv mpv- video player based on MPlayer/mplayer2 Closes: 888654 Changes: mpv (0.23.0-2+deb9u1) stretch-security; urgency=high . * debian/patches/08_ytdl-hook-whitelist-protocols.patch: - Add patch which whitelists protocols received from youtube-dl. Fixes CVE-2018-6360. (Closes: #888654) Checksums-Sha1: 3a465e5946dddf0a088c08d82fbe0d12dc49b1f9 2964 mpv_0.23.0-2+deb9u1.dsc 99df32c3fdeece2e01ff6bc112586b13f10cffb9 2812103 mpv_0.23.0.orig.tar.gz 2515141ca0efaf4fa377b20b0e3d0a1d427c81a9 101888 mpv_0.23.0-2+deb9u1.debian.tar.xz 7ad4f761213960d10cd5ef7c5c5d1b79dfd56d92 12306 mpv_0.23.0-2+deb9u1_source.buildinfo Checksums-Sha256: be7c21a267e339e22c0e388b2101e78e66af88d0d7cffa3d7432520620d5ab8d 2964 mpv_0.23.0-2+deb9u1.dsc 8aeefe5970587dfc454d2b89726b603f156bd7a9ae427654eef0d60c68d94998 2812103 mpv_0.23.0.orig.tar.gz 170c93ad37524b512afbb3839c1d28ebf70784ce37d3849ec7b2ccbaf83ab168 101888 mpv_0.23.0-2+deb9u1.debian.tar.xz 2ad9b537b5411b98d4b8f80fb31badfc9e19409d7066c1502ece9b8b3c31f42f 12306 mpv_0.23.0-2+deb9u1_source.buildinfo Files: 408d378b863a09c2940bd6d9b0819344 2964 video optional mpv_0.23.0-2+deb9u1.dsc 9bce377e101612d611daf2a5c99aa95f 2812103 video optional mpv_0.23.0.orig.tar.gz 5e50934c8a3ba252529f2c4ed7d73a04 101888 video optional mpv_0.23.0-2+deb9u1.debian.tar.xz 02e5cbea2de70342d8ce440f8d56273e 12306 video optional mpv_0.23.0-2+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlp6Qp8UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe+l5w//Ry8zeFIyEdUREOSNHpBrgi1eXr7/ lJ7NGFUMQmuMu5Uz7v+mZ8ef6ZowqxyXdm60jitb98MPHxa48B6hKv7Jr4WeXgOV csmu4gDipK1c9fL8FDclSi6KICaEaw6nztAjwvjmkR6HBo7wHSiWzstZfjFqg31W Jmu9eloWyjA7uzJ4S6uOgik2P8Zr23KJhcAavoJq9cqoDPwIXN5QgYJc8Zj3ZUa/ 3L6ShpZzoGgddZoFm21DKM5o9Zjns8p5lcn/maL0TMlU/pg8rjKl4aIjC+7XU2fh NSIbuWst8zrdXv2vITSBASZpLnbbg10BJ+mwgEbBz5YMorp4k+TjONKYkTjumeIL pC/vt5VgzJMBLjYPvgaHKAiMHylG4NPmacmAszEUCvlRE5s7g4TtPSgzagZCPntJ 3FxUIRk8Z5f7b3Q39Mr5oUsrSqDS2D7XgGFbitm+QNf8E9LrAOHWkjTGtJ2pCWRk nG0GgRQPcfZ7QR5PFfFYU8e+IQ+x9u2GoimSAD8ktKaP3KUEMbpcuzwWgaWvqbcm EI5NWZWfHLTk8R6QOo+7E4Sypxy9AxDHpepl0YUZyRBOTPQxdotU1UYXVualwSDo FR39YccnhfgqV4MPC1CbkzsY1iK5HNSg/eSg9DT26oETEn5CDb4rqbUdDh0U0izQ jYcL1XnGt23NXB4= =7h0a -END PGP SIGNATURE-
Accepted mpv 0.23.0-2+deb9u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Feb 2018 12:27:06 + Source: mpv Binary: mpv libmpv1 libmpv-dev mplayer2 Architecture: source amd64 all Version: 0.23.0-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libmpv-dev - video player based on MPlayer/mplayer2 (client library dev files) libmpv1- video player based on MPlayer/mplayer2 (client library) mplayer2 - transitional dummy package for mpv mpv- video player based on MPlayer/mplayer2 Closes: 889892 Changes: mpv (0.23.0-2+deb9u2) stretch-security; urgency=high . * debian/patches/08_ytdl-hook-whitelist-protocols.patch: - Fix regression in CVE-2018-6360 patch which broke youtube playlists. (Closes: #889892) Checksums-Sha1: 483e70e1d85c2895c2c313dc0b6e2d393b08312b 2935 mpv_0.23.0-2+deb9u2.dsc 7198c199b83903b2f0882db831c429099f463c36 101984 mpv_0.23.0-2+deb9u2.debian.tar.xz a34037a092be88db83fa046f4d64035c92ba238d 67938 libmpv-dev_0.23.0-2+deb9u2_amd64.deb 8090d05e7674bfbf67aa66c85bcc0f3103ad1483 2379788 libmpv1-dbgsym_0.23.0-2+deb9u2_amd64.deb 0103fb8c4f15762baa982e428fb6e40f45fc11ec 670790 libmpv1_0.23.0-2+deb9u2_amd64.deb 4a141b81accd3086bcb8dc7dc9776f6b10a16172 40636 mplayer2_0.23.0-2+deb9u2_all.deb 02950e329c4d94a7621b52d0e9013eb7086d8980 2396602 mpv-dbgsym_0.23.0-2+deb9u2_amd64.deb 48fb408c14ef98bd0692d69c676f4b2166e3e20e 17176 mpv_0.23.0-2+deb9u2_amd64.buildinfo 28487b4ecc25c687f2210d5c3be1657f5d157d95 875884 mpv_0.23.0-2+deb9u2_amd64.deb Checksums-Sha256: db8732bd7c711890682c431eaa80bc0f48e13e609c87add7e2e255595684c5b9 2935 mpv_0.23.0-2+deb9u2.dsc e3458e1a8cad0edcd0488d6f3281940cde3ffa9d3e77ba13561a7121f12b8e5a 101984 mpv_0.23.0-2+deb9u2.debian.tar.xz ec0a730e0769d5070f34e9421d13d4d448cffba17200407fc2107d8767deb015 67938 libmpv-dev_0.23.0-2+deb9u2_amd64.deb 6a5f0e9ab2fb86d2fd08fd10f88905968343327cf8321ba249798492f3f995f0 2379788 libmpv1-dbgsym_0.23.0-2+deb9u2_amd64.deb e0a32ce4807d641b1ec4096ea710c885995d5cb27ea895897800a3ef7a42927e 670790 libmpv1_0.23.0-2+deb9u2_amd64.deb ff5e5071f88dec2ffc566089e0ffab21f63fd34e489bf0803aba55646dbb4d7c 40636 mplayer2_0.23.0-2+deb9u2_all.deb 58312f0dcd864ee45c21362b607f3292a4236836d238ee321764b3a932ea88a9 2396602 mpv-dbgsym_0.23.0-2+deb9u2_amd64.deb 383d7a74e7a885f368c87e4874d14a2de1297fac1896c097fe0f0296e9e38308 17176 mpv_0.23.0-2+deb9u2_amd64.buildinfo d992bb4a1cbaed416e3156a9a3dcf0a60aa7e1369d4bd6ae6146aa24f44fabcd 875884 mpv_0.23.0-2+deb9u2_amd64.deb Files: 10d6842963e381adeb8b3547ff498e46 2935 video optional mpv_0.23.0-2+deb9u2.dsc 0e09c928a9567fb8f3f69d842ad26e24 101984 video optional mpv_0.23.0-2+deb9u2.debian.tar.xz 14425412d59ef9a5e4b143e3f9117ea1 67938 libdevel optional libmpv-dev_0.23.0-2+deb9u2_amd64.deb 1a586f92197da69ebf115f47cb30b9ad 2379788 debug extra libmpv1-dbgsym_0.23.0-2+deb9u2_amd64.deb e6bce029fae1bc57cf237a8b383968f5 670790 libs optional libmpv1_0.23.0-2+deb9u2_amd64.deb 14f50f7b3325de2375a442020442e342 40636 oldlibs optional mplayer2_0.23.0-2+deb9u2_all.deb ea5060e776b57a7ba073584c49412a91 2396602 debug extra mpv-dbgsym_0.23.0-2+deb9u2_amd64.deb ee33a20ea1277b377f54181856d74c85 17176 video optional mpv_0.23.0-2+deb9u2_amd64.buildinfo 3f9e619bd095bb477cbe0743acf16add 875884 video optional mpv_0.23.0-2+deb9u2_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlp84kEACgkQbsLe9o/+ N3SB3Q/+PKlOl24Rsfd0UWKUZevw/AdPFnc2wFKM4HmOYOdX5Gg73yWUQdrKYnr6 zYokeVcyzr5guxSQblzUY4V1AsSLfOjP81xEzBRtnTnx+fH4aqJd4H2C6zNcYdRp FOl6i04qlBfSNlDy40cqwoIaZF9tyT8skDOu5j0yrh6k+VIdb+p4P3/7jJ6Ce25n yv5RO83b/kirfZfUvx4SOwDuMIELatH2t7FP3zs6XecW58tpDHzVsISMJlHvR7FY OB8Pt/VsBzTemh9NFFoGFFFGVdKvaH6Yq56GOdZgI0050KSgZodWzdmuCeF1DDdJ Qfn4Prw5L876S7eKf9w343g278s0wjT0uanIQmaBH11m3e4bTPK8VstLR/tbILW2 Kpj3gLfR/23Dny7vOsk0MVMIFSCfuvB22txtjcBDH6xVV0zAwAPCJ77HcJpFdQVx zxjjsknVljc6B2wNJ9gP3MNTr56FOjl7uFcJ++ZSFOpC9gOHVPZk+VVYy3lb7pDJ D4Gv0Xn5xxySzI3fYhLDVc4pqyzG23HIsWCo0Ban7k7XUBy/B3lzPOaEJkizH4qS tPy7VSED7eKappLKykDsoxEKXOVi3iNqhSgHjjZVpADCmEMGq1znKknqfjQNz1Wd dlHvoKut325DVG7/fLgHrkvW/Lj06fIFuVXVbokKljFkK+5j6eg= =cXSn -END PGP SIGNATURE-
Accepted ffmpeg 7:3.2.10-1~deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 26 Jan 2018 09:45:14 + Source: ffmpeg Binary: ffmpeg ffmpeg-doc libavcodec57 libavcodec-extra57 libavcodec-extra libavcodec-dev libavdevice57 libavdevice-dev libavfilter6 libavfilter-extra6 libavfilter-extra libavfilter-dev libavformat57 libavformat-dev libavresample3 libavresample-dev libavutil55 libavutil-dev libpostproc54 libpostproc-dev libswresample2 libswresample-dev libswscale4 libswscale-dev libav-tools Architecture: source Version: 7:3.2.10-1~deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: ffmpeg - Tools for transcoding, streaming and playing of multimedia files ffmpeg-doc - Documentation of the FFmpeg multimedia framework libav-tools - Compatibility links for libav-tools (transitional package) libavcodec-dev - FFmpeg library with de/encoders for audio/video codecs - developm libavcodec-extra - FFmpeg library with extra codecs (metapackage) libavcodec-extra57 - FFmpeg library with additional de/encoders for audio/video codecs libavcodec57 - FFmpeg library with de/encoders for audio/video codecs - runtime libavdevice-dev - FFmpeg library for handling input and output devices - developmen libavdevice57 - FFmpeg library for handling input and output devices - runtime fi libavfilter-dev - FFmpeg library containing media filters - development files libavfilter-extra - FFmpeg library with extra filters (metapackage) libavfilter-extra6 - FFmpeg library with extra media filters - runtime files libavfilter6 - FFmpeg library containing media filters - runtime files libavformat-dev - FFmpeg library with (de)muxers for multimedia containers - develo libavformat57 - FFmpeg library with (de)muxers for multimedia containers - runtim libavresample-dev - FFmpeg compatibility library for resampling - development files libavresample3 - FFmpeg compatibility library for resampling - runtime files libavutil-dev - FFmpeg library with functions for simplifying programming - devel libavutil55 - FFmpeg library with functions for simplifying programming - runti libpostproc-dev - FFmpeg library for post processing - development files libpostproc54 - FFmpeg library for post processing - runtime files libswresample-dev - FFmpeg library for audio resampling, rematrixing etc. - developme libswresample2 - FFmpeg library for audio resampling, rematrixing etc. - runtime f libswscale-dev - FFmpeg library for image scaling and various conversions - develo libswscale4 - FFmpeg library for image scaling and various conversions - runtim Closes: 886912 Changes: ffmpeg (7:3.2.10-1~deb9u1) stretch-security; urgency=medium . * New upstream release. - avcodec/x86/mpegvideodsp: Fix signedness bug in need_emu. (CVE-2017-17081) - avformat/libssh: check the user provided a password before trying to use it. (Closes: #886912) * debian/patches: - Drop CVE-2017-16840 patch - applied upstream. Checksums-Sha1: a4fa87191b3f2c2904e9f3d27fd5422ba0743873 5187 ffmpeg_3.2.10-1~deb9u1.dsc e90b423252a0e338e725f0781c6d31a16c97531f 8036940 ffmpeg_3.2.10.orig.tar.xz 449ebbbc1eaafcb4c013f7c00a1ad67d4e0f8254 473 ffmpeg_3.2.10.orig.tar.xz.asc 3c66390fc12639119691b387819a7ef8f135a25b 39188 ffmpeg_3.2.10-1~deb9u1.debian.tar.xz 3b70ea2d328c5afc8c43015a693dff4d4be28a27 8911 ffmpeg_3.2.10-1~deb9u1_source.buildinfo Checksums-Sha256: 47fdf3ba8d440cbdfee18fb19cb1c68bf0956ac2a177b8062f2e12b5d28fb336 5187 ffmpeg_3.2.10-1~deb9u1.dsc 3c1626220c7b68ff6be7312559f77f3c65ff6809daf645d4470ac0189926bdbc 8036940 ffmpeg_3.2.10.orig.tar.xz 215defff760480ea1cb8ac5b7b02a121610d40c4cff07a040ec40f6ac5551694 473 ffmpeg_3.2.10.orig.tar.xz.asc a907b22f375340c20017b08dd6656dcb3ec1341d937933b8bdec8a3e1786401f 39188 ffmpeg_3.2.10-1~deb9u1.debian.tar.xz ddc83ce0c68d032460aad536bb05c5cf179c908e9a1bbd325cb978c8ff82b756 8911 ffmpeg_3.2.10-1~deb9u1_source.buildinfo Files: 17e275331c27cfade816ea9a7af21422 5187 video optional ffmpeg_3.2.10-1~deb9u1.dsc ec747925e19aa77adbec17e98e24a72e 8036940 video optional ffmpeg_3.2.10.orig.tar.xz 0985ac62e9bc13e371c4ccbfc4979a74 473 video optional ffmpeg_3.2.10.orig.tar.xz.asc 53a742437cb1106c871f728d0cc0b415 39188 video optional ffmpeg_3.2.10-1~deb9u1.debian.tar.xz 099b558c92cfdc1c498111a545a8cb5d 8911 video optional ffmpeg_3.2.10-1~deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlpsRsQUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe9CIg//bTQ/h0HFY3/q03JIXd7ibyObrqz6 iRLI0p17yuGkUZ2BwLlHnqnBGAlhlloD5ujagfS06EseGtYTG/LPABmkSknx4W2m x1O/0cxiU2MejN8zPQ7Ln3rOM0pi+IKPjU7xcQZEiMJf0TvO+h7AZfoDO37fMF+p wSnYaBqVojmyH4/JPewbaf2MrSx1Em2fmjKZI/KDa5KrfTexn/CxH6kQZ20c7Qf5 cpINytOXmsCJUqB5iOQTjHjyaRY89C+e5/Ygr8ipZoSzi7znPS0m/9EQXjZntTF2 EqHmgjcGTBs2AAGb6AgKvubTk12Da58QZivHPzn2UVLGSsKBbPPQyDVpKQIEY3eR
Accepted mbedtls 2.4.2-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Sep 2017 09:29:59 +0100 Source: mbedtls Binary: libmbedtls-dev libmbedcrypto0 libmbedtls10 libmbedx509-0 libmbedtls-doc Architecture: source Version: 2.4.2-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: James Cowgill Changed-By: James Cowgill Description: libmbedcrypto0 - lightweight crypto and SSL/TLS library - crypto library libmbedtls-dev - lightweight crypto and SSL/TLS library - development files libmbedtls-doc - lightweight crypto and SSL/TLS library - documentation libmbedtls10 - lightweight crypto and SSL/TLS library - tls library libmbedx509-0 - lightweight crypto and SSL/TLS library - x509 certificate library Closes: 873557 Changes: mbedtls (2.4.2-1+deb9u1) stretch-security; urgency=high . * Fix CVE-2017-14032: If optional authentication is configured, allows remote attackers to bypass peer authentication via an X.509 certificate chain with many intermediates. (Closes: #873557) Checksums-Sha1: 387483bc2864ffbad43d7d8d9550d981b021f878 2248 mbedtls_2.4.2-1+deb9u1.dsc 71e0aa93e4548611fdb15af93e8b93b30c764e4c 1925368 mbedtls_2.4.2.orig.tar.gz a834a8283e89aabcb7fb5eb53a01a33f798f971d 12424 mbedtls_2.4.2-1+deb9u1.debian.tar.xz 33faeaa5af8aa12b27fb67b04072209d2a073456 6171 mbedtls_2.4.2-1+deb9u1_source.buildinfo Checksums-Sha256: dca38409f50f68221a7c452a8d446ecbca41ce24c4bcdb6a33a5ed7911df35a9 2248 mbedtls_2.4.2-1+deb9u1.dsc 17dd98af7478aadacc480c7e4159e447353b5b2037c1b6d48ed4fd157fb1b018 1925368 mbedtls_2.4.2.orig.tar.gz 9059433533496b9ed2b63d77c121c25d80ff64f72432788361dff07dc9894cec 12424 mbedtls_2.4.2-1+deb9u1.debian.tar.xz 009d3e996cf72b9d19717af294b32e2338c076c0431d6e3a22c7bb1574f34c2b 6171 mbedtls_2.4.2-1+deb9u1_source.buildinfo Files: 5cc1d78d00eda04d9b15e1bf2d2d 2248 libs optional mbedtls_2.4.2-1+deb9u1.dsc 8e3a8357e0fc23a3954a819027f5167e 1925368 libs optional mbedtls_2.4.2.orig.tar.gz bb1c71888e031b85de4d4dbbae2d32de 12424 libs optional mbedtls_2.4.2-1+deb9u1.debian.tar.xz db358bec72552b71eaf3ef9762df0168 6171 libs optional mbedtls_2.4.2-1+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlmwOUkUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe94Jg/9F+D/OfD3tHg/jpxZID/kaQgZ5dou n0r8e6s2TFr69pBGQZYYmO5Qs4yhkaXFhUKt/JfojMcvkEozBxc/OYJSUug7T2b4 9tlsfY8EDbXHSDKHU5y0kFEpOaKG0hruCTaocGuW0oWqY0eFWGML9bghyuY+guzt 6XI65fGJTg9YOFX+jntD7F5KaYbNf9IavrDaKZEl9Wx2DthwGWqt2ITrbnxqMct2 R74N5FJjhmEegc7OnnzIfLbvSqkcuXu/xRmm47VaYwwLLzU5br6fPNE60TZg7UNk +6ZmAAxuoYyu4bHfVo0C3yTufQGCqEbqIuFP0U9WSfBt9/YuO407C9cV96NpupR0 TI0D4SDW8eTz8ySGYaKGMD7dAd/bEjhp7iBV6fiKRRii3jXBBKOYfWhDweLS8mbh /KWVj/32HCdeSP3hY+MvvJOpcCgRDrNu7Aa+OsYNoTA1lgVQVS60ALsuDC4TgsRK oBW6BBR4+RQc1jfGW/qpI58u73rU2GlzTm+yZ3eDCd1JCUbcd0M26oOBjPpuVipU Drt86lQVWzO7a4KI82qH6jL4EU+jFwehc+WpUlKyjotfAABcapBGcBCivZqernp9 jh+vYFqfM92mB4uUKsxK5U2iRMr2iHQPz/7r1qArhAMCMACvJ2paWC0AE7WqU3uq 9sqB6vKS/IldzJI= =Kh9F -END PGP SIGNATURE-
Accepted libopenmpt 0.2.7386~beta20.3-3+deb9u2 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 15 Jul 2017 18:33:57 +0100 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.2.7386~beta20.3-3+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 867579 Changes: libopenmpt (0.2.7386~beta20.3-3+deb9u2) stretch; urgency=medium . * Add security patches (Closes: #867579). - up8: Out-of-bounds read while loading a malfomed PLM file. - up10: CVE-2017-11311: Arbitrary code execution by a crafted PSM file. Checksums-Sha1: 1ae2a6b831007c4ad1b3797766ebf491c66e5497 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc 702ac4b948eac1893ee42bdea4adf846ce759581 15224 libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz b72d2c7f60ab2006aeb2caf27ed8b3bbc3d8eae2 7824 libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo Checksums-Sha256: 093256d212de75fc608b1ab83d83b3a2cf2e5fb169a4f2318db4cf69176c09c3 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc 34baba5847acaef01b3c25143e3bf3a4f4e83aa6a2ad4cd4f34faadef94af58c 15224 libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz a8843454132e3781a2b55d1a8c1770d3ad06095c5e4087f49de5893c911a1f6b 7824 libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo Files: 9580b25a4c0657809baabe826aa9bab5 2721 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2.dsc b0d3445c04833100e9f706e434d467eb 15224 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2.debian.tar.xz a79b0a456f73330b58e773716bcf3e3d 7824 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u2_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAllqjxsUHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/K4Q/+MVg4kbtTfst5F2esc1gtGbGr0iGW VwpYhXK1y4IoWHtDZFStT3nMyH+8v7YeD2yg4B16ShhHnuyZtLzR7qORvMvM1Rxd pFlEMpo6/t4zDEewbmjuaNUjfF7pxeU0+33H8apPO1GJeT1o16P8qFBI54Wj0T5i Zp0541uP4ZczxdDEyBpUsAgAw9Sth6rSYDDC0qAu8mdYvmbQ8CxJ4Mz4PqqUt4Eg QqxVST8P73Zqbo1XzHR/pIZ38K7tdHY29WDbxUXg/LsPcIgUbRYvZOCTjry3JSta dM+NFvNIMHejTokFnGD7hii/tpDy9iZt5LAFBj/wN19WeIpRIvfZ2hSvAGts74aD R+JM4Z2MTaHYvpXzh96Y0UpxAfW7QbHrBVi5xI9ebl+Q6r2ZzNJK0zzFtbIQgy+s 0jdc/knAr//I1UKRzdUiqGJ46tptCKFTTM91yzD6V2MyP+b8f8I1uBksIoNbUums 5vezAbIxFi7gwm3h1Fv1X/GVsUHyxCr6SJEBlBdr5g2etaahGrt42aDqi/crYCed NSBqYyfaMRgBpuUu5JmiF4fnSDqt1f7/Zlm/eCa4tt/Urqx85+BLUqB+rHmZtuGj 7a3t7BGViF108xLmY2KaTDewqcLgoFdIXbnbkxN0ntqXBBeeK5U6zYgMtm2QRr07 KzHTyRv3Q1N5OcA= =TZXL -END PGP SIGNATURE-
Accepted libopenmpt 0.2.7386~beta20.3-3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 20 Jun 2017 08:58:50 +0100 Source: libopenmpt Binary: openmpt123 libopenmpt0 libopenmpt-dev libopenmpt-doc libopenmpt-modplug1 libopenmpt-modplug-dev Architecture: source Version: 0.2.7386~beta20.3-3+deb9u1 Distribution: stretch Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libopenmpt-dev - module music library based on OpenMPT -- development files libopenmpt-doc - module music library based on OpenMPT -- documentation libopenmpt-modplug-dev - module music library based on OpenMPT -- modplug compat developme libopenmpt-modplug1 - module music library based on OpenMPT -- modplug compat library libopenmpt0 - module music library based on OpenMPT -- shared library openmpt123 - module music library based on OpenMPT -- music player Closes: 864195 Changes: libopenmpt (0.2.7386~beta20.3-3+deb9u1) stretch; urgency=medium . * Add various security patches (Closes: #864195). - up1: Division by zero in temp calculation. - up2: Infinite loop with cyclic plugin routing. - up3: Excessive CPU consumption on malformed DMF and MDL files. - up5: Excessive CPU consumption on malformed AMS files. - up6: Invalid memory read when applying NNAs to effect plugins. Checksums-Sha1: 573b6ee36f377b672be218695ac376ab189ad156 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u1.dsc 0d9fc1da11c23179c078fbaba95d37d34399a917 14504 libopenmpt_0.2.7386~beta20.3-3+deb9u1.debian.tar.xz 1ff23df5959b7637683ccc1f641784d4f2926ec5 5688 libopenmpt_0.2.7386~beta20.3-3+deb9u1_source.buildinfo Checksums-Sha256: ab1faa249f38fbd8e164f13e5f9b7e58014cc8db57098ac7e4aa1e4f3d2dda2f 2721 libopenmpt_0.2.7386~beta20.3-3+deb9u1.dsc 6ee155da2727629116985258cd0f694aa06e5087ec6d88344db7903d69962570 14504 libopenmpt_0.2.7386~beta20.3-3+deb9u1.debian.tar.xz 25884de9a4ae6f2f9703b812289e1ffcd6a91866a6c16b0c6b3fcefe92101258 5688 libopenmpt_0.2.7386~beta20.3-3+deb9u1_source.buildinfo Files: 4a77ca456a53a8c6f15959fcb2aebd5d 2721 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u1.dsc df466fe8b734e7d1260bba79e6d006d4 14504 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u1.debian.tar.xz 664a15de4ead25417249aeadf1711c5b 5688 libs optional libopenmpt_0.2.7386~beta20.3-3+deb9u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAllQ4E4UHGpjb3dnaWxs QGRlYmlhbi5vcmcACgkQx/FnbeotAe/wmhAApBKnvAKmCg6CFzChtUiufobRHK9b shVs2LYPvzYM8kXap3QnRAvisKIUdFs4VzD3xknniuVrYs5ijJ9Vu+LBmTJzd5gH GMySFHNq5FaAPzHtTefhQfn+gJHlBDk5/bnIfqbue7U20FwN9sQikijBbbdn9Yir YDcrrCGLjs1EaawhBTRlP9mQQ6zvkuURo4Pk6K2R3H2GcxuknaJ0a9CIqQC3LBFx Hrij4EEMzzwjY/iTo1WxGO800j0Dwm3Y6GHSzEnrb4uAP1JSbqp7mOTO81RnzAQp G8W6Tv2eS8gBLZ1LOegJ5DONv5T2OxfD7BKP9GiJ42VDpEKfJXXNy5TbFBB+Ht75 aiUarbJ+3UJz7r/IqcgouNppanBWiQVpSEKcm1roPKdiP5YVTiLlEeEXCxYs0+Fy pNRg6fb+BuGvUIRfe/+luGygavLHAG9gFVdwnx354Kcwt9YMDIwVk7TIS0n9eQPJ 7a+shMNLltrLXfghP+3wahv46JiyY3zWfI3OLfZ3+CSq71qHVUpgy9BGiSUWZUB4 BVNeN2MxRduZoy6euKgl5x2IggGaYVLtN5Ob3wAK4uMO0B+6YCX4Afh6UsJm3YPs nTOPLwquHlFJfhAVASA27p8Vaq1BXgWMFHcLnL+zk3K5kqfK4gU77BF3ca2tn7e1 CyFDpX3ZjZVVgLM= =GLe7 -END PGP SIGNATURE-
Accepted polarssl 1.3.9-2.1+deb8u2 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 09 May 2017 09:42:21 +0100 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source Version: 1.3.9-2.1+deb8u2 Distribution: jessie Urgency: high Maintainer: Roland Stigge Changed-By: James Cowgill Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Closes: 857561 Changes: polarssl (1.3.9-2.1+deb8u2) jessie; urgency=high . * Fix CVE-2017-2784: Freeing of memory allocated on stack when validating a public key with a secp224k1 curve. (Closes: #857561) Checksums-Sha1: 917394c6dc4bc3b6d52631e4966bf3dc36890852 1898 polarssl_1.3.9-2.1+deb8u2.dsc dbdf2ef546952e9c1c163266074b3d9a579d7b8b 9600 polarssl_1.3.9-2.1+deb8u2.debian.tar.xz affd95436ea21972e41ec193401f01591ef44f3c 5575 polarssl_1.3.9-2.1+deb8u2_source.buildinfo Checksums-Sha256: 924b06b5bb03ab5cd9981b57fca713ff156df04b43ceb06587d6559d8265125a 1898 polarssl_1.3.9-2.1+deb8u2.dsc 3a445eb6efb0207b1d949019ee4e2ddadde6807a9d96eac724a3ba2762d2483f 9600 polarssl_1.3.9-2.1+deb8u2.debian.tar.xz 73d80573ddc8658e3d513698ee1f220667a3675f186f40827f54f4fa4dd0cc11 5575 polarssl_1.3.9-2.1+deb8u2_source.buildinfo Files: 96673751fcb0634f400a83f587f1437d 1898 libs optional polarssl_1.3.9-2.1+deb8u2.dsc e07fff4c09d47586fc62b4f62135dc67 9600 libs optional polarssl_1.3.9-2.1+deb8u2.debian.tar.xz e31f53055633f37f134231a6895a84c5 5575 libs optional polarssl_1.3.9-2.1+deb8u2_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEE+Ixt5DaZ6POztUwQx/FnbeotAe8FAlkSz2wACgkQx/Fnbeot Ae8EtxAArVdlR0G+bLtKcV41HP8SPziJCWRS8JzsnWsrtJzonnVx0/bp1uBO55uQ gsmUXgHToTfEOxNgAVJw8Z5wclUkII+NPBA16RbNe6/xpyyqlZS9tZ69lRLOFRtb so0vsd4BUgfz/4KQITN70n/rAEvbpawJPmp2XUNhmpzTvnwQiDMzuliEApyXknkh NpBlX+rc1gHRiJZRrQ6s8Rrj/MPMx6Cn0BUFovTRLZhi4mYWVK/qnSV0Xx4/dM2R OhuTAs1A3/X0BFNP0p3zTdLVrJBTqqolYcN9Kl5oB/EhtTBOygoV8s5TeSnaoEbr UjBGgOcanPYPD9DPpPYJ/JTOZJGzosqbmSTJMItntTRh7Kj4FLLtySWyJTbZRWWD z7fI0F0A3+qc/04OigIB0ggW8T9Ew4/ECn+lrrL4h1MHZIHIu8jnCtgO5Qc9Fq2R raI9aHvBMMn7HNDmXfGsyBkc+qFm2jtnLcMyShmWU0h8X6B4iVXgL1aYZsjRyKLm 7vy/2B0wB9BLk3ZueZW9HnYeqgBFpgiMkOiAFIZE6IBFBOIqI3TBiHKOQBzo/aKB vS7C0q3H+NPzcFJN1xvaqlYA3ykaSIHEEB72l0l2T8i3SKeHEzO57AfuQClKjZ/a pddjgOT8ZG/TMmx2q07CZzRMidEG+nY6PO9iW02OiZochCkaP4M= =H9Fc -END PGP SIGNATURE-
Accepted minissdpd 1.2.20130907-3+deb8u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Oct 2016 22:46:46 +0100 Source: minissdpd Binary: minissdpd Architecture: source Version: 1.2.20130907-3+deb8u1 Distribution: jessie Urgency: high Maintainer: Thomas Goirand Changed-By: James Cowgill Description: minissdpd - keep memory of all UPnP devices that announced themselves Closes: 816759 Changes: minissdpd (1.2.20130907-3+deb8u1) jessie; urgency=high . * Non-maintainer upload. * Fix CVE-2016-3178 and CVE-2016-3179. (Closes: #816759) The minissdpd daemon contains a improper validation of array index vulnerability (CWE-129) when processing requests sent to the Unix socket at /var/run/minissdpd.sock the Unix socket can be accessed by an unprivileged user to send invalid request causes an out-of-bounds memory access that crashes the minissdpd daemon. Checksums-Sha1: 1d4e123c34c7e3d23a1d61ead86f4be2dcfd4ecd 1912 minissdpd_1.2.20130907-3+deb8u1.dsc 515c45758c0e8220012c8687a60fefd1526ae7eb 6440 minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz Checksums-Sha256: 2104bb177beee002212ea9fac5eafb848b666bdcda10b1cf6833e30dba395b41 1912 minissdpd_1.2.20130907-3+deb8u1.dsc 7fb1982fcb81b2d4eb62b1fff2ad43bdc24e52a59a5e8d743d966630d00e61db 6440 minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz Files: bafcb48b4c6d0f6bc69716a2aabc7ee0 1912 net optional minissdpd_1.2.20130907-3+deb8u1.dsc 134860e3a3a12933aa9f2198ab666098 6440 net optional minissdpd_1.2.20130907-3+deb8u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJYGK9vAAoJEMfxZ23qLQHvw50QAIJOvs9LdZJnXS4scrWyxQft Lc8EO1M6OszA6GVB1GuQdZb0YQNFBIB5Pi2Lnqw6TI3Rv40SFrSfRy876fPGk+TS 5aR1ChzksDcDWsuFje2QYVdxhkZ4w5j6v9iIYrUpmXwuY7oa5+5f6VF1O4gxGVVT oWwJGw0HRAKyY2M8qwa0tZIcE7JeNBrv7/qjM+2IJDdwclMPGGjy/RE8yKGz7DyK YfQ11Z0uIELwT7tnHZq9LF61w1BpUIV3Iibs3TgLdmtJTJdjoxqcBf2yAO6T8aCa yA/P8uPNNmgFvxaC2tn3cfwzmmnep+15Gl6aBcDAdEw/R0kZ4CAAyfxl9ScLuVg6 fhsVGcH48AcdLQDod0XRQKFMKQMj1mnSe2b2P3eqIZHWw9r4cpe3MmMc0RGACSVF oGfvX5ANF6xylg+23mnvF6PhOkjEkQ6NVTS39j7ycBajwTnXyUA0AYtAq2vBfHJH hsRiC7ZiEmmlvKDKexySUlPu9YmfwGeewDBNCJXTnDDMlUOqtiPPEClvtQYaSDCk s/csE+7ceIXIH0lAb9yh8usA/d3XX4NzFamw4TSeyPXXctFYgDz+HhvjM4HF9Tak OT131qfyKIaLPwFMkDk6c7T0GwxIduLd/RKRPwt3oQXBqaKEmKDBagEjVRkO78OO T4ZVSaD34S+C9Tlfedch =nQVr -END PGP SIGNATURE-
Accepted mpg123 1.20.1-2+deb8u1 (source) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 04 Oct 2016 11:42:56 +0100 Source: mpg123 Binary: mpg123 libmpg123-0 libmpg123-dev Architecture: source Version: 1.20.1-2+deb8u1 Distribution: jessie Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: libmpg123-0 - MPEG layer 1/2/3 audio decoder (shared library) libmpg123-dev - MPEG layer 1/2/3 audio decoder (development files) mpg123 - MPEG layer 1/2/3 audio player Closes: 838960 Changes: mpg123 (1.20.1-2+deb8u1) jessie; urgency=high . * Team upload. * Fix DoS with crafted ID3v2 tags. (Closes: #838960) Checksums-Sha1: 8287fdd7b80fd5b90fcefea218596d1be23b491f 2252 mpg123_1.20.1-2+deb8u1.dsc 0967bedf5947c83cedff2f9d03120d5ec7df622c 19048 mpg123_1.20.1-2+deb8u1.debian.tar.xz Checksums-Sha256: 41850ae55312c4a183e9943fcc18920674b26735858933a3d8291e3748c9f577 2252 mpg123_1.20.1-2+deb8u1.dsc 99d31376d601232c68b5853e219247a72e3d3723cce11b543ce43ea171308d14 19048 mpg123_1.20.1-2+deb8u1.debian.tar.xz Files: d80dd3f4c20867ea00a04ff54c1784b1 2252 sound optional mpg123_1.20.1-2+deb8u1.dsc d578439015b0e55161aba0f446b87fc1 19048 sound optional mpg123_1.20.1-2+deb8u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJX/A1sAAoJEMfxZ23qLQHv5JwQAIvjCB4Qvy4tUSyhF+zR+r+G MAywJvEajOjyyV0BnW+0ET6Y9suMDESy0mQBMfzvSB5P/A0G6RTfcOcM/emeRC+J CJ0WTn2I6+rRx+rIxxoKChCnhx7+4G/iHZzUtjW8xpFSeF+d8tHU1aMJaHg/trX9 7pO+zCQYjVQTP2RAg3qm1MMUV1EsMtBevuoFN2Dr8FzKn6EumNquTVh/Ygr+Bwrk qrIZ1fNwQF2SPw6i4LpfxEcgvVkJKizrYyyjBMAR87GeJhQ3EFm6A6Sm0yXyszmu otU/JxeFGOlQHxXOHtp0dDrqJbj4hm1RJKUP/hZ6CcrMHhOPdEmUWagl+pFGI8T8 6YTjC+LC1jzG5XaX2gcYskcgE60QzWniHQBtABgOZeYFyszeTuWR8JcAp80NhR1+ r3qZm9fsgsMgqn/+Vgi77TOtNj1990IpiPAqr6jtwaN/nwHLS5pDl0YEIJZ6uZF2 x/mFW/fzJfB22OTolTuq+N5s8Y2XUvrBg+5Em5MTZLxvIbp8BvOc1JUVCVsMpXXR Uw8rutyU/wuZ0wTBL2EPMXWUp894JgauSSb5OnGUCSZhWg5M2Bk+6zBK65vDzx0t DFYZgL7q77yb31C+nEaOsdEj7iRXxZ2lF+i2zWUTLjQiH67sydqDhjcjsxS6Y0Pj ld8hxa2QbE19kk3elpJb =zTKY -END PGP SIGNATURE-
Accepted audiofile 0.3.6-2+deb8u1 (source amd64) into proposed-updates->stable-new, proposed-updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 14 Jun 2016 16:39:49 +0100 Source: audiofile Binary: audiofile-tools libaudiofile-dev libaudiofile1 libaudiofile-dbg Architecture: source amd64 Version: 0.3.6-2+deb8u1 Distribution: jessie Urgency: high Maintainer: Debian Multimedia Maintainers Changed-By: James Cowgill Description: audiofile-tools - sfinfo and sfconvert tools libaudiofile-dbg - Open-source version of SGI's audiofile library (debug) libaudiofile-dev - Open-source version of SGI's audiofile library (header files) libaudiofile1 - Open-source version of SGI's audiofile library Closes: 801102 Changes: audiofile (0.3.6-2+deb8u1) jessie; urgency=high . * Team upload. * Fix CVE-2015-7747: buffer overflow when changing both sample format and number of channels. (Closes: #801102) Checksums-Sha1: d3058882b7dfbcc5cb2b12754ef08fd344c073ed 2216 audiofile_0.3.6-2+deb8u1.dsc 42f92b79025c63a460d7e8158d3a7587943fe077 12084 audiofile_0.3.6-2+deb8u1.debian.tar.xz 2e6a7da1c58441d4a8f4811530639f75cb061f42 34724 audiofile-tools_0.3.6-2+deb8u1_amd64.deb e400cac3ada3c64533d20733912718f08357e1fc 58748 libaudiofile-dev_0.3.6-2+deb8u1_amd64.deb dc43e86e651331ad3b0732f7cee56fc937cb7f3c 114430 libaudiofile1_0.3.6-2+deb8u1_amd64.deb ce0bf161be64b4c5ddfc9fb8cd6620688ba04164 595382 libaudiofile-dbg_0.3.6-2+deb8u1_amd64.deb Checksums-Sha256: b869c097202b5560fdddb81cff0ad768dabc0f6c8f571334a9104f11609ba501 2216 audiofile_0.3.6-2+deb8u1.dsc de88f0a307824b82dd51758528ebf990d53e54c471f5ceef1d314fd117c45177 12084 audiofile_0.3.6-2+deb8u1.debian.tar.xz d70ef948be8bb2e655b010fc3324da8b02f1cbb9d36856d3fea82f4e79ed22b6 34724 audiofile-tools_0.3.6-2+deb8u1_amd64.deb 598b370456c5aebc7efd9000f784ef694c581527dc48feb7ccf16af33423048a 58748 libaudiofile-dev_0.3.6-2+deb8u1_amd64.deb 501cc29d87e0e078bfefcbf768ebb83f0abf8971dfd394c39f54bfde3c7ae8d7 114430 libaudiofile1_0.3.6-2+deb8u1_amd64.deb 7e6bf25c33816807a6cf10afbd44c34a22a6c411071873dd4a8894b2bd58062d 595382 libaudiofile-dbg_0.3.6-2+deb8u1_amd64.deb Files: af29958010465ce3f5d8c4779f573141 2216 libs optional audiofile_0.3.6-2+deb8u1.dsc d4e1b4b3c15764ae03a2d60d300e1560 12084 libs optional audiofile_0.3.6-2+deb8u1.debian.tar.xz eaddfc1d67697c8a2b96c82ab47885dc 34724 utils optional audiofile-tools_0.3.6-2+deb8u1_amd64.deb cf69ac70d4fd2439c8a9b54a4cecb25c 58748 libdevel optional libaudiofile-dev_0.3.6-2+deb8u1_amd64.deb 2a56ea3b9ed291dccd03ef0606f654ef 114430 libs optional libaudiofile1_0.3.6-2+deb8u1_amd64.deb 7c51b697c522424128c51a5030794c87 595382 debug extra libaudiofile-dbg_0.3.6-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCgAGBQJXZHN0AAoJEMfxZ23qLQHvLHIP/10CJFAJeGAzpjf7cm0GPdFE M66X1BvfRqWXy/07sYjhx/CggtiVM2Uz+yhJvPC4AVs/YDj3YDhteWzUM/xqtcB6 vrSz+NULADHAuQ3YC13QpqnoWjFMcIC1Ylw9afIElpAfZqSBwdP43ukYuJyFf/NO Xj0WaKMh8fDS8wG7MIygD+Yq+lrRMfW02DPF5DBxO78gosvqAxYtjBXm102GWl8h DYGbn/hR4OlhJVfG9Cr+MI9LOZ66lgXi/Rkbb8dFV9YGJP4kUZU+QFKw2N/k6eOl JSy/Vbf3Vc9/sUBlpxonyZ9JvDVB4DPB5EOZIzObzsKe5Fbozmsh1G5NMzDYtXW1 7WbXSkEZ3TEngvTJeW/nMzEpEsTo4ynIFY+1ArXG2l/9NA+OqZdcYIu09hywWXtE /OOue9TvN5shpo5vT/oYGoCO5LwcGXqijDgHsKD/3BswY6BaVnR2RiayJjVdaduZ +34vJDAkzY/NvBrGYZjMEWWeNKyPOJdlhwKMBeScMvCrM49NSW4l8MqJh3auvWS0 OZN0sUbrto6C9aWRc+KCIR7tk4mGG1TO76z+9QMCL+eOv8D+jJA/f7MBPEmB8DxF Dtm6E86aAkr07Q4bJD8Lo7UxyovnSdsSPS2UUb4IGyeBR9rh9NbgjhUVJg+DZ/Ao UB43bIARjKuAnFwHuQHt =k7nh -END PGP SIGNATURE-
