[SECURITY] [DLA 2502-1] postsrsd security update

[Adrian Bunk]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2502-1debian-...@lists.debian.org
https://www.debian.org/lts/security/  Adrian Bunk
December 20, 2020 https://wiki.debian.org/LTS
- -

Package: postsrsd
Version: 1.4-1+deb9u1
CVE ID : CVE-2020-35573
Debian Bug : 

A potential denial-of-service attack through malicious timestamp tags
was fixed in PostSRSd, a Sender Rewriting Scheme (SRS) lookup table for 
Postfix.

For Debian 9 stretch, this problem has been fixed in version
1.4-1+deb9u1.

We recommend that you upgrade your postsrsd packages.

For the detailed security status of postsrsd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/postsrsd

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-BEGIN PGP SIGNATURE-

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl/fzUsACgkQiNJCh6LY
mLFMlRAAvxnfM0p39b4NE0v6hGPnH5F2kn08joV+SvPeHeqtNwXu/LI1EvZwhPa2
U1wfHeqCP7iilCAzVUblKgrn3oE7pkBaEaZckNKv1P8Jol6Tj4QROk7f1u8EsA3/
MamttW5JN7SbHDg64x21SVaav3CJvon6NlN0o1WXELggYrP42LxKh+9+Hj0ocjIJ
zNhlvxi2uDOQEHBn1t17Yc4axeGSd2ZPt7mz7hfawjm7RItRo3xHsAFTk+6Dz/4D
/DT59mavNW5g/yH+9pFlrCD3a93WPORT2PL/lY2kk63Mym9PY8XloejJQ+rccwMx
7Wq1yhv7woNBNC0kkUaW2/iAVetannTBNVENxSuaVNm++p2yMkqnkUVqCswXd+y1
RaIL4afASBjzsIRlvGTpbmdq3ORsqvCCTIfaKXm+k0oFFaaGhg/9I7TgARoMex6N
YE5nJMdiVdqF4jv10NcVpasCkHW/yK0ksBmr5u52ytZhXoIm0rnXB116O7Vz1YB2
/lTVOiJ4Au0E9Vr6n98udhZD3I7dmkGBZE5F93sMkz3hRA57bV4dBy2jBd/ITqS4
Z/d7Apmxd/sEj2+WbFe0xnCaUHw5HpCMqVJEyU/08xUNDJiKji5JUKnAKq3pw8yl
TIk8yriyINpLsiCQeuRd1ixcAShib6mPR7O97rLcKTt/5BZKomE=
=Y8u6
-END PGP SIGNATURE-

[SECURITY] [DLA 2501-1] influxdb security update

[Thorsten Alteholz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

- -
Debian LTS Advisory DLA-2501-1debian-...@lists.debian.org
https://www.debian.org/lts/security/Thorsten Alteholz
December 20, 2020 https://wiki.debian.org/LTS
- -

Package: influxdb
Version: 1.1.1+dfsg1-4+deb9u1
CVE ID : CVE-2019-20933


An issue has been found in influxdb, a scalable datastore for metrics, 
events, and real-time analytics.
By using a JWT token with an empty shared secret, one is able to bypass 
authentication in services/httpd/handler.go.



For Debian 9 stretch, this problem has been fixed in version
1.1.1+dfsg1-4+deb9u1.

We recommend that you upgrade your influxdb packages.

For the detailed security status of influxdb please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/influxdb

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-BEGIN PGP SIGNATURE-

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl/fCzdfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEd5MRAAgcYaZ/z5QtMJhfY2KO3xaRzqwpl13xmmdKN8ryFGQraqDbEccggWaDih
f7kXJrbC9uaNGq5IbOJdCaIF1pEioO6JHmL9HKgKnkjhggjNfXLyjDfM+yEMg6H0
r/Oxvhv5Zvi2a+bkDtPKFHAddYCilo+Bo6rWvw0YIHiAiRfrWma23QDsPvZOyeRp
yxX1LbgTT+UsS2pMt5e+Ipo8GJd511eGxrNb3J4mXQH6PD6ipbtTrTNkqkm5UlIx
sXegm99CSHFSx3B/HnwBr0Ym78ELRAkhjZBkcr5PBQgsmzrurHFEegGQAiRsWkIO
Q1ZsPjU3JUeJYxvmot0d8w/XEScW+Gbno2Ph28sBb9pjkvh9NWVbkq4Xub/FPAVg
Mh+46Y6aXZCd0G/BPpyZOPPZil2RGJXDrzQu7wZ0BgtkXbprRMAOThDoTIWd+p6O
ZGGS1zf6sn0EVJQZyAIVBwGnTCqCjFXqa1rJsziknju3D02nzZY9zPiIQ7XTmRlW
O37ucr+vcLEV43yICihkMhiHvcyyktEvtaccDlA/l6fss+JqN24b0yqB9NjI+92n
1SICVek4XCzC6DLHSR6+AX+V5iSCC+i9enWwPJ0Fs6le+yHwCFSwMsHUjp7PlcB3
rg4MIy5YcCMRi4SC1FpnniIIK9IIHJygk+MgWDiIvnYBfI5yQYw=
=oymj
-END PGP SIGNATURE-