Accepted libvorbis 1.3.4-2+deb8u3 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 17 Dec 2019 16:03:02 +0100 Source: libvorbis Binary: libvorbis0a libvorbisenc2 libvorbisfile3 libvorbis-dev libvorbis-dbg Architecture: source amd64 Version: 1.3.4-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian Xiph.org Maintainers Changed-By: Thorsten Alteholz Description: libvorbis-dbg - debug files for Vorbis General Audio Compression Codec libvorbis-dev - development files for Vorbis General Audio Compression Codec libvorbis0a - decoder library for Vorbis General Audio Compression Codec libvorbisenc2 - encoder library for Vorbis General Audio Compression Codec libvorbisfile3 - high-level API for Vorbis General Audio Compression Codec Changes: libvorbis (1.3.4-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2017-14633, CVE-2017-11333 An out-of-bounds array read vulnerability exists in the function mapping0_forward() in mapping0.c, which may lead to DoS when operating on a crafted audio file with vorbis_analysis_headerout() from lib/block.c. Checksums-Sha1: 72f5a6df110ad40f701acb36182ff52d323bb345 2459 libvorbis_1.3.4-2+deb8u3.dsc 1602716c187593ffe4302124535240cec2079df3 1632091 libvorbis_1.3.4.orig.tar.gz e77c09cbfe75fcc7bc7a26d924be80eaccb5e2ba 13736 libvorbis_1.3.4-2+deb8u3.debian.tar.xz d590449f1e00711e83523625604b4e18530ea0cf 92756 libvorbis0a_1.3.4-2+deb8u3_amd64.deb 9ac7ee862503305bb951761e04367abab6be9a40 78326 libvorbisenc2_1.3.4-2+deb8u3_amd64.deb 3c59c641b5bf56213b6c60f333a1c59ed3823000 24070 libvorbisfile3_1.3.4-2+deb8u3_amd64.deb b8ced77d9011dd61a9ac6280cde3a89e47b3eb2d 348034 libvorbis-dev_1.3.4-2+deb8u3_amd64.deb 41d0624499b99d9bf911dd4bc054d84ae17b19ab 229810 libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb Checksums-Sha256: 33292df04151efb9398f3562ac101a0b7e616c644cd948f8aa289c0e1e1ee339 2459 libvorbis_1.3.4-2+deb8u3.dsc eee09a0a13ec38662ff949168fe897a25d2526529bc7e805305f381c219a1ecb 1632091 libvorbis_1.3.4.orig.tar.gz bf1d01b39700408036cc944805e0c66f2f63f4fd0ea040f9b0c0507ddf06e208 13736 libvorbis_1.3.4-2+deb8u3.debian.tar.xz 9701d8b6ed48783fa0c1bd480dd1afc8e6029727473c34e4786cfdec17b8d87e 92756 libvorbis0a_1.3.4-2+deb8u3_amd64.deb 571dc6a1c9c66a2047126709ff5d2c5827e02181d17dcc3fc7a7277f65feeaf8 78326 libvorbisenc2_1.3.4-2+deb8u3_amd64.deb 262ecac361f5e0b3f9833e6cad897272fad8930be29d0a983457ee5266135bbe 24070 libvorbisfile3_1.3.4-2+deb8u3_amd64.deb 2f8e3e2d87b82bd2e41f5d0708950154c7687ac7623b2b3ee5ff7ed1ff66c72e 348034 libvorbis-dev_1.3.4-2+deb8u3_amd64.deb 23ffde89738872e856381cd1eab1b030dc79add336a73a0865f358d6e967c4dd 229810 libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb Files: 6ba53de5046c81e007b751a1b16a2d22 2459 libs optional libvorbis_1.3.4-2+deb8u3.dsc 8851c593a52d1ef9c526d95174873852 1632091 libs optional libvorbis_1.3.4.orig.tar.gz 5e2fcf8a597f9472c0e8b591afd72e23 13736 libs optional libvorbis_1.3.4-2+deb8u3.debian.tar.xz a08dd6562a00b8864988772876774459 92756 libs optional libvorbis0a_1.3.4-2+deb8u3_amd64.deb 46c32affb26c8526c0afd4efa8658631 78326 libs optional libvorbisenc2_1.3.4-2+deb8u3_amd64.deb 1ee3112979fef6d98fd3b9fbb015ae46 24070 libs optional libvorbisfile3_1.3.4-2+deb8u3_amd64.deb 51228dac2109c67fb1261ac75d1ca49d 348034 libdevel optional libvorbis-dev_1.3.4-2+deb8u3_amd64.deb 2ca0cdcc1eac7036037d638871fdf3fc 229810 debug extra libvorbis-dbg_1.3.4-2+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl34/JVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRx4qEACHKoeSdG6zgTPX7roWyXPW0GLCGTw0 62gDYoz/L8fGbbhs3TM5BO/xUsZRFIlXPsewAqT1WsxTeqepZV3bsJSQpPROA4ts 0jgpDqyo/LSjCVTjqjLOVJs2KwSta8orEtsUsngcMLotquF1CwWV8eYN2JZf1yRM z1q3vbR7dY7zkoMy0qZFpeVNlT2q16FVJN96jK2wJUIMnzcaEjzHQPn1p9oXtDHt LRdF7re1y/SKOsIjGO2EQloL850ljuxLcVkPimwg+Lnk57t8AXmzAcB5Gal7XdJk DNXTv6ib5xoJOu+DJ7TmdSWPtLdO/oVwvOfCn0sgPZuk+LCMSIVgkYjO9hi2qiSd 9Vlnh01wtsleLJcJHW6zbTdDlBBdW5b8XFIF1Sy3rDWdZSSZPB7KxLXR3aVRJACE aH3Yg5R/TzQ/npEk+e2rIHzDS9+1xpWvU5LbKaNHigXIIZUk+dnyHMi8bkshp/09 ke/Vp80j6IPj1rh7HsM7law6w04SY9KIrMhr8WDDNxDcJmn1nSvZ/9IzARdqivHR zDjc2O2DAAmf3AVQG42MLr6rsqeRr3t1oYwRXbWhPIzlckgwzdiN2LDrC5eEusD1 yW8lVpRJJ1mk7tProji46OWKfyInNpUUBX/uWWmpQN5fABVqf2DuuKlwCyRu+lY5 z5o+3wUs6O/jHw== =79g2 -END PGP SIGNATURE-
Accepted harfbuzz 0.9.35-2+deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 16 Dec 2019 16:45:02 +0100 Source: harfbuzz Binary: libharfbuzz0b libharfbuzz-gobject0 gir1.2-harfbuzz-0.0 libharfbuzz-icu0 libharfbuzz-dev libharfbuzz-bin libharfbuzz-doc libharfbuzz0-udeb Architecture: source amd64 all Version: 0.9.35-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: أحمد المحمودي (Ahmed El-Mahmoudy) Changed-By: Thorsten Alteholz Description: gir1.2-harfbuzz-0.0 - OpenType text shaping engine (GObject introspection data) libharfbuzz-bin - OpenType text shaping engine (utility) libharfbuzz-dev - Development files for OpenType text shaping engine libharfbuzz-doc - Documentation files for the HarfBuzz library libharfbuzz-gobject0 - OpenType text shaping engine ICU backend (GObject library) libharfbuzz-icu0 - OpenType text shaping engine ICU backend libharfbuzz0-udeb - OpenType text shaping engine (udeb) libharfbuzz0b - OpenType text shaping engine (shared library) Changes: harfbuzz (0.9.35-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2015-8947 fix for buffer over-read in hb-ot-layout-gpos-table.hh Checksums-Sha1: f7ec1be28ecde5fa37e93b85c4926d4207f01b14 2850 harfbuzz_0.9.35-2+deb8u1.dsc 6f4401af396069214be2ba15b884361ef540e501 1165359 harfbuzz_0.9.35.orig.tar.bz2 4c4f81716a8330ca14b061acf4f1b06ce66c7016 7872 harfbuzz_0.9.35-2+deb8u1.debian.tar.xz 1ebbbab20dca626986a39960986b63861c87f997 485878 libharfbuzz0b_0.9.35-2+deb8u1_amd64.deb add310ec5963763701933ff9ef54a7fc5ca32ed4 365470 libharfbuzz-gobject0_0.9.35-2+deb8u1_amd64.deb 3abbca5d504b2a444aec6593653d1dd2ded33d88 369210 gir1.2-harfbuzz-0.0_0.9.35-2+deb8u1_amd64.deb 8c2388f31ff8082d090f834c664044fe44eb113a 359970 libharfbuzz-icu0_0.9.35-2+deb8u1_amd64.deb 71bbab5482d67a78c81a4295a87c90e36176055e 532358 libharfbuzz-dev_0.9.35-2+deb8u1_amd64.deb 2702196aa9f39df136c93adb585be10cb2946286 380536 libharfbuzz-bin_0.9.35-2+deb8u1_amd64.deb 8c8ff9a5180d4cf6c064b6dd841786e5bbd6dc00 400032 libharfbuzz-doc_0.9.35-2+deb8u1_all.deb 230b7f76aeef9003b2a613e995bb91ac8b54c9fe 124146 libharfbuzz0-udeb_0.9.35-2+deb8u1_amd64.udeb Checksums-Sha256: 8b96ed6020b9a9ea9a7e6143528e7281369a2f0fb8722e45c4892edd86d6c54e 2850 harfbuzz_0.9.35-2+deb8u1.dsc 0aa1a8aba6f502321cf6fef3c9d2c73dde48389c5ed1d3615a7691944c2a06ed 1165359 harfbuzz_0.9.35.orig.tar.bz2 02915188c2e048db3eb12b152a8809c07099d35b9367f790c53afc5013c4cf97 7872 harfbuzz_0.9.35-2+deb8u1.debian.tar.xz f0b6b5b28a78bb73595430a12e07d10a3bbc8c9ab66efc8c4ab7c6f426988676 485878 libharfbuzz0b_0.9.35-2+deb8u1_amd64.deb 3ac0e13e7c6ccd5d4c1ec47eb0a44765f46bc4d9e5391d91ddaef1f23a8b73aa 365470 libharfbuzz-gobject0_0.9.35-2+deb8u1_amd64.deb ea8747ec410dd435f8790c00c6f484833858b34a776273fa236996e82111d6e6 369210 gir1.2-harfbuzz-0.0_0.9.35-2+deb8u1_amd64.deb 3fa92d78e8b1740bc8c2d2a09703e9a225bb2797dac2dcd4c4c0af150fd2113e 359970 libharfbuzz-icu0_0.9.35-2+deb8u1_amd64.deb fcf3fd1ae0ce60671371eb228b8f6c65cb195e7a8673d441b3996bd9beb7ce49 532358 libharfbuzz-dev_0.9.35-2+deb8u1_amd64.deb ec25bdd72933b6b1bf9bbf50d301c0ba2c2aadc61e4ced5eeffa1fa795d37bcb 380536 libharfbuzz-bin_0.9.35-2+deb8u1_amd64.deb 408b3950a6d251492a02b6beddcdc58bc5ea04f145a78a07efe280c2ee8dd04e 400032 libharfbuzz-doc_0.9.35-2+deb8u1_all.deb feb6451559d46887ea60831eccce10722b5978e7e42320e8da39a42e2fa6af29 124146 libharfbuzz0-udeb_0.9.35-2+deb8u1_amd64.udeb Files: 37cb203a41d103a6f8b5076229349261 2850 libs optional harfbuzz_0.9.35-2+deb8u1.dsc 531ee8650626ecddcd90b2a4637e31d4 1165359 libs optional harfbuzz_0.9.35.orig.tar.bz2 63a334fddc68b179ce8c4f2874ca68ce 7872 libs optional harfbuzz_0.9.35-2+deb8u1.debian.tar.xz 0e970a66828176dcf809acffeaef3e48 485878 libs optional libharfbuzz0b_0.9.35-2+deb8u1_amd64.deb 4006f3db15d412f7f18060bbd346293b 365470 libs optional libharfbuzz-gobject0_0.9.35-2+deb8u1_amd64.deb 866d12bc01dff277c9890f4280c3ba95 369210 introspection optional gir1.2-harfbuzz-0.0_0.9.35-2+deb8u1_amd64.deb 37e8c1008de006208e6384dcdc3b26fa 359970 libs optional libharfbuzz-icu0_0.9.35-2+deb8u1_amd64.deb f965e1a093cdeb689b98cd8ed4d26905 532358 libdevel optional libharfbuzz-dev_0.9.35-2+deb8u1_amd64.deb 4949267b98bcba3d8897936b06c9178d 380536 utils optional libharfbuzz-bin_0.9.35-2+deb8u1_amd64.deb 42c3e9e95a3a8fca47d62bcd74abb044 400032 doc optional libharfbuzz-doc_0.9.35-2+deb8u1_all.deb 265d531187b19e6513de2fdbe9b3bb29 124146 debian-installer extra libharfbuzz0-udeb_0.9.35-2+deb8u1_amd64.udeb -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl349tlfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7XMD/90CsMaWuPijup8CJMl3FlCNMsvNbcf ubkDSvMkPsY2NCzzCd20l8hyYuCtcjb15YxWfXTmwlvfmlJdQGcZYrfMCKCbgKGS vKts8Ygh18B8eaaOfbeeA+QyNDBEh2iHNhdEq7CUA+m29cmlvXzvGFgmFAIeRdNA
Accepted libssh 0.6.3-4+deb8u4 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 17 Dec 2019 12:12:22 +0100 Source: libssh Binary: libssh-4 libssh-gcrypt-4 libssh-dev libssh-gcrypt-dev libssh-dbg libssh-doc Architecture: source amd64 all Version: 0.6.3-4+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Laurent Bigonville Changed-By: Emilio Pozuelo Monfort Description: libssh-4 - tiny C SSH library (OpenSSL flavor) libssh-dbg - tiny C SSH library. Debug symbols libssh-dev - tiny C SSH library. Development files (OpenSSL flavor) libssh-doc - tiny C SSH library. Documentation files libssh-gcrypt-4 - tiny C SSH library (gcrypt flavor) libssh-gcrypt-dev - tiny C SSH library. Development files (gcrypt flavor) Changes: libssh (0.6.3-4+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-14889: abitrary command execution in the SCP server. Checksums-Sha1: 3f850fd2939da2bcf608d0edbd20d1731f9f17fd 2334 libssh_0.6.3-4+deb8u4.dsc 8189255e0f684d36b7ca62739fa0cd5f1030a467 279492 libssh_0.6.3.orig.tar.xz ba80b05739986917b2fa6173cdabb5ab0fc90ff4 34312 libssh_0.6.3-4+deb8u4.debian.tar.xz b4d8f44e3aa82bfd27d79d68389ca3a91f96b876 129868 libssh-4_0.6.3-4+deb8u4_amd64.deb 5fe420c4436a225cf987cdddf76441ebab34a6e8 129850 libssh-gcrypt-4_0.6.3-4+deb8u4_amd64.deb d10e22cf4b3be6dec6318027d570b731dc19967d 162910 libssh-dev_0.6.3-4+deb8u4_amd64.deb 1b17bc59c5ebfbce1390da5ccc8b6603e02755b6 162584 libssh-gcrypt-dev_0.6.3-4+deb8u4_amd64.deb 5eeb9c8be41cd9d0835f3f2788c72b6ccf8a1b6d 768948 libssh-dbg_0.6.3-4+deb8u4_amd64.deb 461e2c038400d23db2e20b2622ccae22081117f5 199950 libssh-doc_0.6.3-4+deb8u4_all.deb Checksums-Sha256: d4b89c7c6464da4b0fd4682c5a35cd9e9304a626af1a1dca0fccc0640cb0fcc5 2334 libssh_0.6.3-4+deb8u4.dsc 2bb5d7c595059f990a8915c190169257328ffa828ced0c05b09bbe186092cacb 279492 libssh_0.6.3.orig.tar.xz 2705378af5087e7994ece96eefe7967b42448faa72b051d58db7219a59a5770d 34312 libssh_0.6.3-4+deb8u4.debian.tar.xz 93ec1f9cdda805abbb0a45319cf66383cce74c180d2da3ee1a88d2c3dc7cb1b8 129868 libssh-4_0.6.3-4+deb8u4_amd64.deb 4770081fca715d00f3dc346a4bea97dd79f55dd9ddc97b7c16f09dac45d71388 129850 libssh-gcrypt-4_0.6.3-4+deb8u4_amd64.deb 1e24471ba89de9b20bc485c719e31b30970ea875e2a3c25bc31a7f992ef91433 162910 libssh-dev_0.6.3-4+deb8u4_amd64.deb 81e6e57e352ee5c604e12a7515940c909769d35534dffc7829aed59040dc3f46 162584 libssh-gcrypt-dev_0.6.3-4+deb8u4_amd64.deb de25fe1a0a8977c746a249cacc3dd2ee8f63d4f94160dbd70ad6d1185337f43a 768948 libssh-dbg_0.6.3-4+deb8u4_amd64.deb c8d553f2acd2480beae4d1d05b5a64bdcc8f166e6e1b3ddee5fba47024bebee3 199950 libssh-doc_0.6.3-4+deb8u4_all.deb Files: ec1f4d8837146bcaee30a6f774eb5d72 2334 libs optional libssh_0.6.3-4+deb8u4.dsc 66cf16e77f60913b4d54f18c92cdbf71 279492 libs optional libssh_0.6.3.orig.tar.xz 43f5a2c7de72ca40a4ff024f4dbd9fbb 34312 libs optional libssh_0.6.3-4+deb8u4.debian.tar.xz 268951cf793c44f7dcef82f9ca6dce70 129868 libs optional libssh-4_0.6.3-4+deb8u4_amd64.deb e9e8a1d7f4146987e4dc7e0e37e68720 129850 libs optional libssh-gcrypt-4_0.6.3-4+deb8u4_amd64.deb 22c8c882213d691b34ceb0436f944a60 162910 libdevel optional libssh-dev_0.6.3-4+deb8u4_amd64.deb 69348b8b6ccda556654c12175cef174e 162584 libdevel optional libssh-gcrypt-dev_0.6.3-4+deb8u4_amd64.deb cb030e87019442f87eb51f95423c5e5e 768948 debug extra libssh-dbg_0.6.3-4+deb8u4_amd64.deb df1619888ed024b87793822d36b13c04 199950 doc optional libssh-doc_0.6.3-4+deb8u4_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl34wmcACgkQnUbEiOQ2 gwIwlA//Za0nzognSs3Xep27pjfD2MqHnTDq7x6g2MKxtXNsBWsmbsyOrtKfdU/M n6SDP96isjjNov4av+LpmS5JvaxMBxn5TWTO3S9javfwWi9LzKpXk24GqUXQ9Ncp 5bAbsyAfKMD2pV664qD7WjJpOEzNbPUIFEkpeWHukf2NFhfmCGHLuAayN4hmOvBq eb6xbHazfHJ3+7t0jX1XBD7lnHldr6GwkfMw1zKwryWdQUFI3xUUrhBeu8AwWXt6 PucKFYuFXU+02bLIMnltvskEOIkB9JnchsTvepI3B2SmKZVVDe9agyAXxBQr6hVn eKMp6TvDR0dbbtqVHAbjX1DcdL7hKJIx2/ypfpgWUTEkPGeRA+QcSEonpHuotDB8 pNvnUauuxQyCrcKm+yR9FMIkor0IaZ9ecs2f+RTRXE0yFvPKQcreKgwdWR8Tss1m adNRrQ+oIuMUO9TZl6u99LSG+pduw6Jbc3bvWWD8mULV67s+OxyEVN0EM6e0RgmF sq1LmbvxtoxNzVWAG4vvigLubWA/vvKt16UhWoQRwZR4NwadnEOzCRUuJ8g69hQz 0aXlYcNOQOd6cb4mLaTTgUUzadZFx0uK1moMkjcetopiUlwbxPKpk9bOiDxLiVAZ 9s9ONCrYw6qbd5fsg42N1a4xfBqdxzbkzzqPpOrjj1uuIWVQyPA= =g0fx -END PGP SIGNATURE-