Accepted gst-plugins-base1.0 1.14.4-2+deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 30 May 2024 17:01:41 +0300 Source: gst-plugins-base1.0 Architecture: source Version: 1.14.4-2+deb10u3 Distribution: buster-security Urgency: medium Maintainer: Maintainers of GStreamer packages Changed-By: Adrian Bunk Changes: gst-plugins-base1.0 (1.14.4-2+deb10u3) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-4453: Integer overflow in the EXIF metadata parser Checksums-Sha1: 903eead0a09619bf31743b0468ec545231189f12 4123 gst-plugins-base1.0_1.14.4-2+deb10u3.dsc 204ad46dca52230adb80bd96fcad923555251af2 3703232 gst-plugins-base1.0_1.14.4.orig.tar.xz 117f022f3615a11ff7ba71b4e258aefbc3d28f53 46980 gst-plugins-base1.0_1.14.4-2+deb10u3.debian.tar.xz Checksums-Sha256: 295bf49a8d061df0a0577b2dad27cbcf18d2638b6fe55a8a1c77fc1e0caaf407 4123 gst-plugins-base1.0_1.14.4-2+deb10u3.dsc ca6139490e48863e7706d870ff4e8ac9f417b56f3b9e4b3ce490c13b09a77461 3703232 gst-plugins-base1.0_1.14.4.orig.tar.xz 9f3a2e761cc04c3bcc3d725728f491579148b2113f272f5f2ff0efeea073391e 46980 gst-plugins-base1.0_1.14.4-2+deb10u3.debian.tar.xz Files: db60035765805eac840643ce1627dc36 4123 libs optional gst-plugins-base1.0_1.14.4-2+deb10u3.dsc 4dbe20c1bf44191c2b8833234df5cb2a 3703232 libs optional gst-plugins-base1.0_1.14.4.orig.tar.xz 73e1a6a268a48c7541567ef1b24f299e 46980 libs optional gst-plugins-base1.0_1.14.4-2+deb10u3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmZYikIACgkQiNJCh6LY mLHXhg//R1230p4OXN5sZdhtfV+WuxEnJ2Qlsa4iXVjjLRYU+4VyEZR18e7OcIef XKJXgSxnGFjO4f0ool7I3Yeq6ylz7wC6Gz8OHJlx0kW7/4I/sfjZnFjx+7VTwjlu H41cl26eNyDI/UxMEDg/tZjZdDK/7plL4dUgYpcd58jz9/gatB7DqTh3kr7EFo2+ NebNrnhI2/tB07JcLLVHlXGy7b0AIv1gp8MbkyNEVYM+XFBPlIVCgwxOL2Nu1f1U bFPNHV7RaBTJrGUBZl/dUda5AKEJFqtIdDmA3NV/i5Tmac5WyWbRKfj4y6jSWRCz kgPOn1zl/1Opc6wtmjL61E0wOkj6AvVHe/u9psBoxPSP/YfuC4mWa8v2Gal1ik4m lnzaCS6SsRBZRzOhT3cr5Z3hltEv18jGip9gFSB3h5n7oun8VqNwpChJBJvLhAvZ Z/sQwuUTyDekyrL2HMEMwdkF3RwuJSRXXXdWLD7sRBzQLxjiXNEC12dcAyJKG+bD NGOUkxqnEshvNYo+fQC/tb0+jsY300zsw6HoZEhu0MVpE9lt6duEjcq4YZ5v5mUy gaAJbpz2j1D/WGzKHA58a63mMOAFDLfk/0fiROkLQgB1rBT2bTT0LAnbkdupugJ8 wLmN5KLMtNGDd2awFW8GyWFQZuWN0HinNOI+dy5lfVwaQnNDVpA= =YpNP -END PGP SIGNATURE- pgpNRM5qQaJcc.pgp Description: PGP signature
Accepted less 487-0.1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 27 May 2024 19:20:40 +0200 Source: less Architecture: source Version: 487-0.1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Anibal Monsalve Salazar Changed-By: Guilhem Moulin Closes: 1064293 1068938 Changes: less (487-0.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2022-48624: LESSCLOSE invocation doesn't shell quote filenames. Closes: #1064293 * Fix CVE-2024-32487: Arbitrary command execution via a newline character in filenames. Closes: #1068938 Checksums-Sha1: 1b700fcb7ea016018ff9f706d19294d8db852cf7 1755 less_487-0.1+deb10u1.dsc 8a5c4be2a51f11543793defec7ccb77c525f007e 318488 less_487.orig.tar.gz 8604b0c441c5dbb74542334d7fed72a15dd35737 20624 less_487-0.1+deb10u1.debian.tar.xz 07396facc7c583b65ff6ce888699cb0bcf84482d 5982 less_487-0.1+deb10u1_amd64.buildinfo Checksums-Sha256: 046cd026bb122e954524c5c397bd8f708bc7430c1617fadb1b27770d4f86850d 1755 less_487-0.1+deb10u1.dsc f3dc8455cb0b2b66e0c6b816c00197a71bf6d1787078adeee0bcf2aea4b12706 318488 less_487.orig.tar.gz 6b1e3a9fe1dfd19bfa7a6e551ef2e151c8d3ed25f2e112a3e62277a32d62a853 20624 less_487-0.1+deb10u1.debian.tar.xz 1086552bebd52122c1126e32e7c133778b4194b90fbfc0f72f481967e041fa5a 5982 less_487-0.1+deb10u1_amd64.buildinfo Files: f4919eff010d58827b89dcad915a7cfc 1755 text important less_487-0.1+deb10u1.dsc dcc8bf183a83b362d37fe9ef8df1fb60 318488 text important less_487.orig.tar.gz a8b0dad685efa87c590e7717688472e6 20624 text important less_487-0.1+deb10u1.debian.tar.xz fde52250bd49d7ce071b3416b315b35d 5982 text important less_487-0.1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmZUwTAACgkQ05pJnDwh pVLlvA//YI3xViwaheiN26ecixDAsHixE7ZvC0Lm/DV1vuYFA4swrbgdgKDSUgmM dtxOF4uWpTc8t1zaaKrlNLiXiDm7d5AlZKyHsFu6cVJKWlnHbFEX3L31cpmvP3HQ ET81kVRnD0hDImY+7JikgPCGTyVxjZsObzJ9xNhvHF/dk1p/pneMgbzTddKQ58R7 iM/r9H0NtyvFUITiFa5Y8QulYfzvzRwu+VYcOQgzCDwvPustIU6zzAmPVddWRnC7 RaqOKaPcFXflSuJvRdEOd/4yQkwZBxMwtaXyitD3e5HIkNiJpgOBDmWDi4ATrrYj QZjIQP2jz8NR96BqZpo9f8b3Dt0ZXv4EKb/ppzyFOO1s7vYiCOsenjDCFLjk6g3e yMBUWO6i5W43vtjALhFvysrnP+Scib2GxfSdYnuPwU59pdeS3LqNeyXpNmmoWdxY SOz0UcSBu5BK0BNW9kF2ipjsd9V09FkGHuwi7nOcK5Dp9XV7K1qedUB1/yKhqzBr oMV6iD4MaRKf8OfsqdP9Gfk0RjgJNaLjAXMgshjJfL4H9jN3i7OgMrriVPf7ao6X N0hxP7ir/aybT1YdbFnfoHwzJ7ErGH6Ju+IlDaloPIkG2cDQQNMqZAlBk1IqHpEf AWibyj/IfQi2XxPldx+++5Xglhfl3/KclQh8ji6cg2NBrL4+1ss= =RcfC -END PGP SIGNATURE- pgpdGMd0zk63V.pgp Description: PGP signature
Accepted python-pymysql 0.9.3-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 27 May 2024 10:39:18 +0100 Source: python-pymysql Architecture: source Version: 0.9.3-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Closes: 1071628 Changes: python-pymysql (0.9.3-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2024-36039: Prevent a potential SQL injection attack if the program was used with untrusted JSON input as keys were not escaped by the escape_dict routine. (Closes: #1071628) * Add debian/.gitlab-ci.yml. Checksums-Sha1: ae7412428399398ca6200334601f00e95403405c 2464 python-pymysql_0.9.3-1+deb10u1.dsc 26207ac507e7b9593816d9b060e52d7a9a9d2eec 86715 python-pymysql_0.9.3.orig.tar.gz dd1a00ccd0193a6180d4fba99da45a0be803e5ae 6724 python-pymysql_0.9.3-1+deb10u1.debian.tar.xz 64a96bc29660cb64595107213334cef4e26900a3 10310 python-pymysql_0.9.3-1+deb10u1_amd64.buildinfo Checksums-Sha256: 80d475807b9a373f5c9c7fc49ccf77fc2688b572f7b5f6994a4757cde10bc7c6 2464 python-pymysql_0.9.3-1+deb10u1.dsc 5a85599a69b51db185f9447ba5034501482496e481574bce972c7dcb5abe1d57 86715 python-pymysql_0.9.3.orig.tar.gz accd36fa79dadb1f18ad7a856622c2c9e69e8e2845b2fa575311b9923ffa25ce 6724 python-pymysql_0.9.3-1+deb10u1.debian.tar.xz 0a42929c2ed8da9b32f07f44cb94beffeb0dcb659f3a8c6af0ea639ed7204fd9 10310 python-pymysql_0.9.3-1+deb10u1_amd64.buildinfo Files: 93e3c8421a40202aea5b5c1e2dcac4bc 2464 python optional python-pymysql_0.9.3-1+deb10u1.dsc 7afad735628571b6fffd74086ce451b7 86715 python optional python-pymysql_0.9.3.orig.tar.gz 0857db6b154a2c3ad5243ef47914aeed 6724 python optional python-pymysql_0.9.3-1+deb10u1.debian.tar.xz cfcd030dd5d77d7bfe6f507775aa7f4b 10310 python optional python-pymysql_0.9.3-1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmZUV7gACgkQHpU+J9Qx Hlj/MQ//U05zg1cLerukeIe4PrgvGwIo2qCSyDCtbywkWtr1BMNpk4Gbux+PI2OE t30V9r+cXf776u3tYQlZyZfitCnsB8amGKci9ida7S3TuXlkWl5ptnHjYFLuD0Wr GLgF7+K2JmF1TB7P8zRyOhBl+bBgcvRkD6pXwyD6dGDjSqTss0dUFFlBpbg7FDIT hIAiDwqrNs1PyMXvZnBhYpmeop/VFq+yGH/64hC5rljMvJWYk1Lo9IzPgmJDpffz bftVUVj4YUCx9UPler3htCJ3bdqSaRQY/xsWUav8lClJHQiy+lo/ZxqJgs2RFMW6 l++2yEplW4MwpLJv+KsS0pw0k25192X3XNASQqy6LXnxko0WWGR0yiRncVBNzPMk CRFwCiE+PjPPHgeDniTTDp062gp5n9nfFjl6kw6vfbSfSJKQDE+V5Uh+blbHMMK3 80yEVD8WUm1q4N1R7nZOrOgp4as6j2ZHdkhNwwaBjNapc+AAg4RZXYMeWxibr0y1 gMDPaGUtkFMbuZMF5Q2pY2p2nnM2eRTfm/xZkM3R0iuZv90GbHymQf+TfMNnlOkc Yk/hGvYS4vyPZAgsUJpEYG0ApSOXK9vBX2E6UybxlygpGWVkIF8t9QjUUH4Oafsp HFVXw2xHw285be0P/BEQ4RhnnSx+BpuVwo29IcZYkNr0EqwRzzU= =CMZB -END PGP SIGNATURE- pgp796fJEFGUl.pgp Description: PGP signature
Accepted libreoffice 1:6.1.5-3+deb10u12 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 25 May 2024 12:25:34 + Source: libreoffice Architecture: source Version: 1:6.1.5-3+deb10u12 Distribution: buster-security Urgency: high Maintainer: Debian LibreOffice Maintainers Changed-By: Bastien Roucariès Changes: libreoffice (1:6.1.5-3+deb10u12) buster-security; urgency=high . * Team upload by LTS security team. * Fix CVE-2024-3044: Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allowed an attacker to create a document which without prompt will execute scripts built-into LibreOffice on clicking a graphic. Such scripts were previously deemed trusted but are now deemed untrusted. Checksums-Sha1: d5923e0ff586d6a529f972edad2258e7772545f5 27758 libreoffice_6.1.5-3+deb10u12.dsc 58077e38859fab6567e654b3ded268635a165d44 10025768 libreoffice_6.1.5-3+deb10u12.debian.tar.xz 6d648b0a188682d38257d92befba9a39c2a66403 45409 libreoffice_6.1.5-3+deb10u12_source.buildinfo Checksums-Sha256: 9e3423a0d85cc81dc523bf3e002e184b777eb2131ebb4e6770da6d0f362ec6ec 27758 libreoffice_6.1.5-3+deb10u12.dsc 4f05c0feb34263fe88fd835ed10e9ed81ab3e8e381acfac765dd556f98947c01 10025768 libreoffice_6.1.5-3+deb10u12.debian.tar.xz 303940ae665df8190b2ab8b2749331e25c99f2b70cb1712139f1b06db37774b8 45409 libreoffice_6.1.5-3+deb10u12_source.buildinfo Files: d714fa3d2a4e9a96da18af6f117f9496 27758 editors optional libreoffice_6.1.5-3+deb10u12.dsc 242230381ad0b49437b012e7635c13b2 10025768 editors optional libreoffice_6.1.5-3+deb10u12.debian.tar.xz bbd539526b190cb31f4a21562e877c02 45409 editors optional libreoffice_6.1.5-3+deb10u12_source.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZSO+ERHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+XdQ//a+k6EPXQEJ9b5dQUpllLtgH+oHE6wx1K G56/t4aPFh0zz10yH9AsBovL5AenAe0LBcGQ2ZbulNAECN+Nd1NeWG/0NP6KfaZ3 0PUuofxmYASzLmMFOnefu/QISFsFCcyn2Q+tdPPUtWuiNRZn18ZDeYzo7ZlV+w/j NJxXtBAcYrCyyJkAikDJDrFpQ+mg3TXjOExBscGVPbJ1RiBChwyIvFhVTq4NloDy 4NDq/A/qc80GmgI89uImki8DmKErMElvea0KgBhm6H8S7U5rcD2NgneO4uVZ/E1H UxhnzaUygjlBnRdY98tUpl/9FUZnPpDNFvZzPDnVWRinYQ9EyUe2QDpdC0P/SxJ8 /xuogq1jLw+dToume650o84t1ZnRiB7RKY4qHjszrrCcwUHcNfSocSWasqAUDKxQ e0ag08OZy2cU0iUuw8CfsaPTkeReK2gKhPezLrOegd9YvKpcPtzf+2PyCo9AZMLm 1nJMrADHHd7MC59HkCt2QLMpDIRs4jqHUi11jxyR+mivKGE1O2+4P6Ib+lNgEChH 2W+sideAd1GrnXVw5lV2kVYrZM3DqCzkXyestUewjNbqPjDUa2zO02HdwIg3NxDl qvi9JqlpoC4n2RJmNSbeqAOCurLzV94tO8pzdLLz24oIZAR8hDDeWjqt76bLL3IJ sAJeZ9ZM3uc= =1YDV -END PGP SIGNATURE- pgpUUOgkRBlly.pgp Description: PGP signature
Accepted bluez 5.50-1.2~deb10u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 21 May 2024 22:00:06 +0200 Source: bluez Architecture: source Version: 5.50-1.2~deb10u5 Distribution: buster-security Urgency: medium Maintainer: Debian Bluetooth Maintainers Changed-By: Arturo Borrero Gonzalez Changes: bluez (5.50-1.2~deb10u5) buster-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * CVE-2023-27349: Fix crash while handling unsupported events. This vulnerability allows network-adjacent attackers to execute arbitrary code via Bluetooth on affected installations of BlueZ. User interaction is required to exploit this vulnerability in that the target must connect to a malicious device. The specific flaw exists within the handling of the AVRCP protocol. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Checksums-Sha1: 72936f19e40ffb543ba657dcb6d739119cb300a3 2613 bluez_5.50-1.2~deb10u5.dsc 602d67656176d98efa476d8f7de5418f34551a84 47008 bluez_5.50-1.2~deb10u5.debian.tar.xz 4dbd22bd4ee48c610329969343342539fb79f26c 12485 bluez_5.50-1.2~deb10u5_amd64.buildinfo Checksums-Sha256: 66c68f6ce7836c4acdb93e912fa53481f09c8c0bbd071c00581064292078df67 2613 bluez_5.50-1.2~deb10u5.dsc 174a9d98aaf412f8ce51391c28c07e446eb51b7c477ed59774adac2f72e5b00d 47008 bluez_5.50-1.2~deb10u5.debian.tar.xz c9d50f0cb1f2b65a618dc6ec80f452d13161b830f44612a66c9f2be597369dd5 12485 bluez_5.50-1.2~deb10u5_amd64.buildinfo Files: cfefe7ad50790ce944ce2d1372e78561 2613 admin optional bluez_5.50-1.2~deb10u5.dsc a1a8ac9c044a60e657df4befa8e70212 47008 admin optional bluez_5.50-1.2~deb10u5.debian.tar.xz 608b9943033da7b7869421f8343d6dcc 12485 admin optional bluez_5.50-1.2~deb10u5_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJGBAEBCgAwFiEE3ZhhqyPcMzOJLgepaOcTmB0VFfgFAmZSBAMSHGFydHVyb0Bk ZWJpYW4ub3JnAAoJEGjnE5gdFRX4opsP/RH6Bh6+pQfLaOJe8zw5b8wuac0d58O7 93G42t4Yt8YV1F9R5s350K66flGxrPEiSrfyt5PfSkLZGWDBp9tQw6uuNss1ipGk PPrwJDrftcJe01FtAvSkaT9Z48gIg2leRiUG30hwNhGpJeNR4q7cl/16hTOPXZBB gFYs0CGyGWn6Z1Fv9gBRTkOOHy8BFczLngjqhaVbOvDFxxAfdmAJE+tdhDzekZHz MoTKZqwnfVvXYG2pTrrGfOqoEIiEiqhRbZ+Xb1OtLYsCIofAK1/9fbhf8bRPCWpP LQeTlcfwk/I0HADB34KC1MptHaBlAj9qvNM3/0H5fcgMCyLSVa6TgPmV8ZkZzwAD k12ZQO9hg1ddFLYc3qjiLqzXQP+Zg4hUPTGH9vcU3VUBHSJjoCfkTxDR4eAp2vWz bS1hen841ZAtYtn8Ioq/Obmocf3R+Ilk3KI/bS1i+adlDRn5+OJUVmnvHIAvK9hO 0LvoL5s4BBJt+6Fvtrunz8kwv4Pnut2iLGaSqF1VofugKLzL8cFRvJPLCt3EgKM1 oAeeSm83CY+qx508yE0RlBSJ/Y5eIWPU9SgdAMnSJymixY6FoxLg2eBrbjKZImFS Ty5cwVNUrpXvWayb3rP7aW6IlZWDaSwEI5K017NcPGZ/P1Pik7mz7sk22eAl/IYV euEVYTdUxQHu =ScE4 -END PGP SIGNATURE- pgpfLbkfrxrIo.pgp Description: PGP signature
Accepted apache2 2.4.59-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 24 May 2024 22:36:21 + Source: apache2 Architecture: source Version: 2.4.59-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Apache Maintainers Changed-By: Bastien Roucariès Changes: apache2 (2.4.59-1~deb10u1) buster-security; urgency=medium . [ Yadd ] * Team upload * New upstream version 2.4.59 (Closes: CVE-2019-17567, CVE-2023-31122, CVE-2023-38709, CVE-2023-45802, CVE-2024-24795, CVE-2024-27316) * Update test framework * Drop old patches * Update patches . [ Bastien Roucariès ] * Break against fossil Checksums-Sha1: 8a912097817d7bc33990fa7f0dbffc62c82b63c8 3603 apache2_2.4.59-1~deb10u1.dsc 7a118baaed0f2131e482f93f5057038ca6c021be 9843252 apache2_2.4.59.orig.tar.gz 837cdf46898d962c4c05642745566249fc91e52b 833 apache2_2.4.59.orig.tar.gz.asc b1ef5772edc74f2d68f0e0acc4a7e7487f723d05 816476 apache2_2.4.59-1~deb10u1.debian.tar.xz daf41e13e7a4b25054913e5e67918fb5083b 12200 apache2_2.4.59-1~deb10u1_amd64.buildinfo Checksums-Sha256: 573fdc1aac407151b2ba3d83f4666298b23193fdfec15f0e761353f83a496b06 3603 apache2_2.4.59-1~deb10u1.dsc e4ec4ce12c6c8f5a794dc2263d126cb1d6ef667f034c4678ec945d61286e8b0f 9843252 apache2_2.4.59.orig.tar.gz 0ad3f670b944ebf08c81544bc82fae9496e88d96840cd0612d8cdeaa073eb06d 833 apache2_2.4.59.orig.tar.gz.asc 6fb00dbf31c8f169ce7281ff641bb683a1f2889cd0dc6c0284c1efe3b21d2c36 816476 apache2_2.4.59-1~deb10u1.debian.tar.xz 341c8e426e3b1aae84c3dc97d34467d11424ab7fc53ae98f9d8b3d81aa805ebb 12200 apache2_2.4.59-1~deb10u1_amd64.buildinfo Files: 9c00ceae55000c2e301f1e3376be88ff 3603 httpd optional apache2_2.4.59-1~deb10u1.dsc c39d28e0777bc95631cb49958fdb6601 9843252 httpd optional apache2_2.4.59.orig.tar.gz 3c342b3dcc0fe227a1fffdf9997987d0 833 httpd optional apache2_2.4.59.orig.tar.gz.asc 8e09a8bbc86ee980d18d3c587f83782f 816476 httpd optional apache2_2.4.59-1~deb10u1.debian.tar.xz cbddc8abf08a54624d784670f2806532 12200 httpd optional apache2_2.4.59-1~deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZRGdQRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF8LyQ/+KIAv+24kmJsgyvBvXxzUOoUpe3NRriwK woDDD/9WJoRaURiyOGLw+0Jq5rgG5aSTmOhnjaDYSendJqy8y1Y4BmmwgB+Ydq/j XMnyY4s8YWEDX0Y1fOVp/MXwasGwmBZZi7/HPQ2NT8x+1yabszIEZF9I0q1SL7wA 51m3f2QWbAx4Ip5J7iULsAEUdnwaxivmoF8pbVIPjAvgAMbPlORvKImhdszcDwl5 lyHwEl1/qFxq37xhgPgcJXl7UHcFKUAhsQ0TjgUF/QXD8uqxJAv4ahqTtID7F7v+ HaksucQ1BtNqUsWOZi5SqLBQXOkCb4840BdD8J1dnN4H/Rnv8nHF7wcIZReT1AEs 6U1ivSYjY1WMz1f+KkzaARY5W7zkzF3kF73zHREl7maLXaQ/NAopOddPpcG+mCL1 qX257+XylUMW5OqIncIy7C/GIeVPdAhLAX1iWfH8VVizX0UN0Z6Q1FIQ9vNyu8DS J2kn7+6UJujfqXExQe5wkDqoIlcyCKt1D58np/mF+uBKia8FGHPWzESQchOcYJ4W adsg386CoDIrN63KAetfgJgZLsZ6EgziWS6m5qqXMzPCw/L9DtVBGG4JIXhbnr1n cLcP7j5k6LqzSLWXYeSFy6c34YqGSiYpf12yhF9A0kGJD5fFjyyUj/NRhJnG5W25 1z6UqWz+FVw= =lPrA -END PGP SIGNATURE- pgpK8eBfZ6c7R.pgp Description: PGP signature
Accepted fossil 1:2.8-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 18 May 2024 20:03:31 + Source: fossil Architecture: source Version: 1:2.8-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Barak A. Pearlmutter Changed-By: Bastien Roucariès Closes: 1070069 Changes: fossil (1:2.8-1+deb10u1) buster-security; urgency=medium . * Non maintainer fix by LTS team. * Cherry-pick fix f4ffefe708793b03 for CVE-2024-24795 and add "Breaks: apache2 (<< 2.4.59-1~)" to stage fix; see https://bz.apache.org/bugzilla/show_bug.cgi?id=68905 (closes: #1070069) Checksums-Sha1: 63d782724ab0e6202cc699d912d8208344d785ff 1876 fossil_2.8-1+deb10u1.dsc 5b44481a47d49e1b552ca0cf74954f2d958686af 3697636 fossil_2.8.orig.tar.xz ed35d88057721b4b7a722408057e8b287927 16728 fossil_2.8-1+deb10u1.debian.tar.xz 14a2ea392aa1e46eba732e41f2630b2d3d1bbf65 6657 fossil_2.8-1+deb10u1_amd64.buildinfo Checksums-Sha256: 324409627134d37db38b138a046a0367b296c796723ec510880ee9010899ccc1 1876 fossil_2.8-1+deb10u1.dsc fdc27fa021971f495452783db404d47227697563bbaadd555ddb84bcfe6f3566 3697636 fossil_2.8.orig.tar.xz d043d72efe687d9f1ca2fcb56dbfe4654ea2d1f45eeb027314710d69b35589a7 16728 fossil_2.8-1+deb10u1.debian.tar.xz 4e48d7408e65bf9538a648c0c76ec8313c3830929bd96d30d301c58013bddacf 6657 fossil_2.8-1+deb10u1_amd64.buildinfo Files: 8b066bd8feac32586d8e1296296aa256 1876 vcs optional fossil_2.8-1+deb10u1.dsc da7b64e2acc1f5e47abadc9b08d3afca 3697636 vcs optional fossil_2.8.orig.tar.xz 6df98736f1ef2aa79aff08bf220b67ec 16728 vcs optional fossil_2.8-1+deb10u1.debian.tar.xz 8d0b24db554fcb88c0e4a6fae5a750c3 6657 vcs optional fossil_2.8-1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmZREtIRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF9Lqw//ZVVh20S4TwLaYTSTKM/2aogFSdD/nkJK 0QLAfWATKyCp8swqRxw+UhdVzVtspJSvHtNO6OQ1HVSQUyRZdfLPFWyEztaCi4g0 OAcCgZw6/3mmbGUyycLyiBfAXifuNq98/2oHFawnf6wAm5Cd9Lng/67e5smGRHfA mwnn6s4qUsX55BJJHWATbis5o57NMzTgu4vjZH1gdpMa9PaSFb3OrpAJ70HU8eSr znB8uPEvfyIiNbylz2hzhRB5yoSSHfa8zWg/1QCz00/wDD3L9ZXXp3Ed4LSFZPeM /4YyteJmBJ4Yzfp2XbQ8myzOLb88x3A3GImcWuhLgCU+l8/RSOTAMB0nM8ArcYrx /UBzKddNcQ9Vi0yN1AyF5YzNtRQ7hDN7Mv3S1piGLmVeNzs1e0zZr09tGJu71I+Y KFgw2Iqw+N334C4Bo+AYF2ndNk2zZY/7DcNNvVgqnL6e/HNaA6tAfEYkVHkdrTx5 +4Bzg7nXZFtFq7QblY0OUBR7aIT+XR89luvm1vR3eWxvr1pjM/6aRbX5hs5L6yj8 cwTvjPI6HaIjlp1GEp90OO9TGO6wsDt4rd4Ec3yDrCJJ9V/RaX6MICkapOMfuYlu caHpDFOYNFR/E2Wurfm4hTSYmVVKBcKRmT18TfWXu7FDID0V0iFC2x73CSzh/rlS pcF4hbqZp74= =8gEc -END PGP SIGNATURE- pgpk_rlMM9Otg.pgp Description: PGP signature
Accepted bind9 1:9.11.5.P4+dfsg-5.1+deb10u11 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 17 May 2024 12:43:53 -0300 Source: bind9 Architecture: source Version: 1:9.11.5.P4+dfsg-5.1+deb10u11 Distribution: buster-security Urgency: high Maintainer: Debian DNS Team Changed-By: Santiago Ruano Rincón Changes: bind9 (1:9.11.5.P4+dfsg-5.1+deb10u11) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. . [ Ola Lundqvist ] * CVE-2023-50387 and CVE-2023-50868 Specific DNS answers could cause a denial-of-service condition due to DNS validation taking a long time. (CVE-2023-50387) The same code change also addresses another problem: preparing NSEC3 closest encloser proofs could exhaust available CPU resources. (CVE-2023-50868) . [ Santiago Ruano Rincón ] * Add debian/gbp.conf to match buster branches * Correct the use of the debian revision in the newly added symbols in libdns1104.symbols Checksums-Sha1: ca3a80d45c3a051aa389bbf27d622b8914a28a66 3412 bind9_9.11.5.P4+dfsg-5.1+deb10u11.dsc 1fe932467e38d44d5c1c919df062f40e1cd4934b 129528 bind9_9.11.5.P4+dfsg-5.1+deb10u11.debian.tar.xz e486c50b4207671764ebd248f6cd417b2a52a1b8 20319 bind9_9.11.5.P4+dfsg-5.1+deb10u11_amd64.buildinfo Checksums-Sha256: c37dd45da95aa0ab2a9110e34ab211290f1c704e15421b8dd54acded4bc82dae 3412 bind9_9.11.5.P4+dfsg-5.1+deb10u11.dsc 80a56119058cc690838baafd839cab9baeee0abf50b9f3941ad29a6412b35194 129528 bind9_9.11.5.P4+dfsg-5.1+deb10u11.debian.tar.xz 846ef91bf5f0724f5d85cb49f640876f205e202d1a5c5f7fac3a658f32b0c76c 20319 bind9_9.11.5.P4+dfsg-5.1+deb10u11_amd64.buildinfo Files: 5074db48497432e162b080599586f66e 3412 net optional bind9_9.11.5.P4+dfsg-5.1+deb10u11.dsc 8ee299a667d196afa25c6ce4e2c5cc6b 129528 net optional bind9_9.11.5.P4+dfsg-5.1+deb10u11.debian.tar.xz 81a50e8f45da0018facbf628b3b81196 20319 net optional bind9_9.11.5.P4+dfsg-5.1+deb10u11_amd64.buildinfo -BEGIN PGP SIGNATURE- iIwEARYIADQWIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCZkeRfxYcc2FudGlhZ29A ZnJlZXhpYW4uY29tAAoJECfePUUQSIbvLiEBAKvpatCs+nmLgwopwl337smCjq/4 9Go2REbsE63HSdjVAQDpy/Jawdwo+Fc2+i4Kvy/j8I4EfEwgfRIQvUzCFy3zAQ== =BRdl -END PGP SIGNATURE- pgp7YenU5Tgeq.pgp Description: PGP signature
Accepted thunderbird 1:115.11.0-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 16 May 2024 09:46:05 +0200 Source: thunderbird Architecture: source Version: 1:115.11.0-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Carsten Schoenert Changed-By: Emilio Pozuelo Monfort Changes: thunderbird (1:115.11.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security Checksums-Sha1: 70eca38b5d85349cd6646c6f37f8eebfb893805d 8401 thunderbird_115.11.0-1~deb10u1.dsc 7559362de1c20df4cdc1593517086861585e0991 12678260 thunderbird_115.11.0.orig-thunderbird-l10n.tar.xz 75843d7e6adb322c6e3d9418f32232385e705068 556586996 thunderbird_115.11.0.orig.tar.xz e4d4ce0b43f062a6a2198da62c7904861407c92c 550392 thunderbird_115.11.0-1~deb10u1.debian.tar.xz d44018679f9066adf0e55b0ca58e049053d56a53 8074 thunderbird_115.11.0-1~deb10u1_source.buildinfo Checksums-Sha256: 469c38f8662d0b991cfff9119d06b78bd75e3944d340b06192e42b9e642a2e75 8401 thunderbird_115.11.0-1~deb10u1.dsc c86fe8e407fe213056ce701b335bd033481a072e27a0d12bb252f03a1707031d 12678260 thunderbird_115.11.0.orig-thunderbird-l10n.tar.xz 977e2c29ef3e64bd09811668af84bd2ffd46d62182ef0d1391361e10e1aaebb3 556586996 thunderbird_115.11.0.orig.tar.xz f45c11bcb449b67a942ea40d200fe12656fafd4ab13388a0eb658a2033814816 550392 thunderbird_115.11.0-1~deb10u1.debian.tar.xz a4918d85da00f7880d790c62051df917a1df16e43c574a775d7f01e6a0406071 8074 thunderbird_115.11.0-1~deb10u1_source.buildinfo Files: f6e1d09c4fd7e8ea7db3a81378bafe27 8401 mail optional thunderbird_115.11.0-1~deb10u1.dsc 62b0ee22406a7b4bd2ced8c8fd09fb51 12678260 mail optional thunderbird_115.11.0.orig-thunderbird-l10n.tar.xz ec7c3a07f1051babc8621000fd88d299 556586996 mail optional thunderbird_115.11.0.orig.tar.xz 799f40a044543e18d83e71ee4e9c3572 550392 mail optional thunderbird_115.11.0-1~deb10u1.debian.tar.xz cce28031b6ac7ee2fafe787d5a41e953 8074 mail optional thunderbird_115.11.0-1~deb10u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmZGNRUACgkQnUbEiOQ2 gwLjoQ//dsfiyYzbsCNpsbc8uS+27vRfqYprHbHe20rWLq/pdonuiFifkUDLsrJk JmY052M357NUFsnrBeRPlgL+QFgqtJ4dbsZi9OQpV2AhTKquNXBSBFm2oBDpjWAt 3gLDoRWAVNl1pohFn9JDuexXX6nUv0XUuPTBWhzlQtjaGPVS5k8k6jwwq8NmOZ7v EHqBlFs8/fw3zxSvviS8FZ/ksimvy3PL3lUQ2uVjvD1Wjjt7KxXKjcS3tEQ81KIm pL11upmaz3evFjxIo07IdlwfhWuMVeOO0LZ2JiMBswDtuMQNTlmtvjLVy8lNh2tl RqrGmYhX+gkCppJ7SPfsDCkO2YygtqhR0fuumjTP0+ipDILseAmZkDOIhwl+mtA4 5dSI1B+Bs47+fHmMY5gLVbrM8R78G8jM7oE5JRBvxZ1G280eDFCUID5JNilrlnu7 me4MQhOpUgaFGnvq/JXRe5hOe3QTJFREecrb3q6KU4UTuzyP0X9mt7SUg6qiaEcO hR7/z7LRRDzZW1+1ILuCl2nyVUjjM7EOEx5vG84usWcmtcaFxLZRyOfZwwfBxa82 QumU2mpZF6GImRyuYkQ+hum7YNG3TsuQsTo40rGepLzDA2XPYndFin53wdz+P59B PkOblKO6nZ+UU2YZNu/7gvbaaQu7DbWHqQ5IhfLMYlv9CAHBdmE= =I0zg -END PGP SIGNATURE- pgpukPm54B5ot.pgp Description: PGP signature
Accepted firefox-esr 115.11.0esr-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 15 May 2024 10:12:21 +0200 Source: firefox-esr Architecture: source Version: 115.11.0esr-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Emilio Pozuelo Monfort Changes: firefox-esr (115.11.0esr-1~deb10u1) buster-security; urgency=medium . * Backport to buster. Checksums-Sha1: eabb671d515ce8c4c72c710d9b7192a02b3280af 47479 firefox-esr_115.11.0esr-1~deb10u1.dsc 8160ce6548e6dd043dc9a19c42dea504386f6d71 184382 firefox-esr_115.11.0esr.orig-l10n-ach.tar.bz2 de881472196d992a1d8a8347986bba12d788ab3e 123165 firefox-esr_115.11.0esr.orig-l10n-af.tar.bz2 67a79f2fb78faabeef60b008010b256050b6a572 221735 firefox-esr_115.11.0esr.orig-l10n-an.tar.bz2 ac9d737d4f145de15fab1993381220168f3ac0fa 260558 firefox-esr_115.11.0esr.orig-l10n-ar.tar.bz2 2facaee1a3ce14d7d83d131af626d7609bf68e65 185810 firefox-esr_115.11.0esr.orig-l10n-ast.tar.bz2 83a8eca572258d8b3aab36210aca14294c49c9e3 196028 firefox-esr_115.11.0esr.orig-l10n-az.tar.bz2 48586ad178e0a09f2c54c38980a47d0371de8ab6 336861 firefox-esr_115.11.0esr.orig-l10n-be.tar.bz2 8b28e4bd66db862e6ede024ee371002f1d676f31 1493498 firefox-esr_115.11.0esr.orig-l10n-bg.tar.bz2 185691513a463c7f44801d77f51c95ce3b643b69 234143 firefox-esr_115.11.0esr.orig-l10n-bn.tar.bz2 cdddb19143d01f11d3fb16d74434ddaae2cf7df7 1681127 firefox-esr_115.11.0esr.orig-l10n-br.tar.bz2 7cea537d5d3bcd3130fb27e874cd157166f5692b 213274 firefox-esr_115.11.0esr.orig-l10n-bs.tar.bz2 abfe9948c174aeec1866982e81514f5377bcb240 242204 firefox-esr_115.11.0esr.orig-l10n-ca-valencia.tar.bz2 6b95f2d2d367cbb58bdd1d1e663887accb3addad 1077734 firefox-esr_115.11.0esr.orig-l10n-ca.tar.bz2 b19b19330e541ea5f844e7d67c65b2991d6e8371 287822 firefox-esr_115.11.0esr.orig-l10n-cak.tar.bz2 b9049be36789a6b4d40ec4982e6a8dfc0b721d51 347528 firefox-esr_115.11.0esr.orig-l10n-cs.tar.bz2 8235c8ac1e74121ec10336b105a5abf1c48f5aa7 331176 firefox-esr_115.11.0esr.orig-l10n-cy.tar.bz2 22288be5d8182cca21316bfe1594b88ceba84e71 1101343 firefox-esr_115.11.0esr.orig-l10n-da.tar.bz2 e40afdd7bda367080932beccd211fcb42bdb7f0c 331682 firefox-esr_115.11.0esr.orig-l10n-de.tar.bz2 21a1a65717f0bec22819237ece38e614b11d227f 337122 firefox-esr_115.11.0esr.orig-l10n-dsb.tar.bz2 44de8e85dd35ffe251bde01973f1fb73df2f5506 2143843 firefox-esr_115.11.0esr.orig-l10n-el.tar.bz2 a58e7764658a08ae3c330bed6edcc44204d4309e 528003 firefox-esr_115.11.0esr.orig-l10n-en-CA.tar.bz2 cb95685414cdf6012c2607224b6ba315c8807618 307997 firefox-esr_115.11.0esr.orig-l10n-en-GB.tar.bz2 1a8ee94128449f2b0c96ddd55c1bd5a4553dbb8b 319597 firefox-esr_115.11.0esr.orig-l10n-eo.tar.bz2 9fc88273d4944b3b36a472a99a7811d92c5521bf 595821 firefox-esr_115.11.0esr.orig-l10n-es-AR.tar.bz2 eb362cee73d36c90b02601632c9f082543186f47 593170 firefox-esr_115.11.0esr.orig-l10n-es-CL.tar.bz2 9479e4643e279b25421e8ce2d4ae6cfa27f5dbdd 591770 firefox-esr_115.11.0esr.orig-l10n-es-ES.tar.bz2 c7cb3d995a4bb8d0c59a27a14cba7b3606e9a8a8 571868 firefox-esr_115.11.0esr.orig-l10n-es-MX.tar.bz2 6fd0f65d5fa2d94549f8e24d4cd56005de60d2cf 1139725 firefox-esr_115.11.0esr.orig-l10n-et.tar.bz2 57c15f4b25d2176abf59bfdf9030cc594790eadf 307365 firefox-esr_115.11.0esr.orig-l10n-eu.tar.bz2 1ba191fbaf0a2b6355095c88c1e8fc00014e9489 239313 firefox-esr_115.11.0esr.orig-l10n-fa.tar.bz2 a38b302acb89ecd9623062fecdf16539b8c95998 202024 firefox-esr_115.11.0esr.orig-l10n-ff.tar.bz2 30e9e8454437e9489adf9d195434bc38cb2e74ec 321532 firefox-esr_115.11.0esr.orig-l10n-fi.tar.bz2 30d95c7a76ba934274bb91752a4b2ea65e600712 732419 firefox-esr_115.11.0esr.orig-l10n-fr.tar.bz2 32df46ed0779b535b4119b1b0aa9e24324bafd58 332192 firefox-esr_115.11.0esr.orig-l10n-fur.tar.bz2 6273f7fb3d24ca38b323f400ca6f4fd7c51019c1 2386528 firefox-esr_115.11.0esr.orig-l10n-fy-NL.tar.bz2 8c7fce9998a011d7941ef452a23956ed14b34e97 183398 firefox-esr_115.11.0esr.orig-l10n-ga-IE.tar.bz2 99e3ff9947af9f18d5d586ffe2a524d345ef3b32 306422 firefox-esr_115.11.0esr.orig-l10n-gd.tar.bz2 9818ab9a88194aa6b0d9aca4e8d3846e16a79079 315894 firefox-esr_115.11.0esr.orig-l10n-gl.tar.bz2 ab1a1e06ed70f60c9eb3b4722f623fd22c3d4106 322671 firefox-esr_115.11.0esr.orig-l10n-gn.tar.bz2 34d6eb6b5254893fd65a9f7f3747afff444b4ca3 196799 firefox-esr_115.11.0esr.orig-l10n-gu-IN.tar.bz2 755329138e62a1aa3e73c084c071354a1353e33c 289415 firefox-esr_115.11.0esr.orig-l10n-he.tar.bz2 bc4e1dedbdc7b70743d719ff79a796deefab068f 222622 firefox-esr_115.11.0esr.orig-l10n-hi-IN.tar.bz2 2be9d652abf21abb69ed464970bc7236d750cb4a 266782 firefox-esr_115.11.0esr.orig-l10n-hr.tar.bz2 c7cd6157f2855defc3c2fbde4a9b00505f06976f 334969 firefox-esr_115.11.0esr.orig-l10n-hsb.tar.bz2 34adce5837f5825aebf11ad8fe0feb127a512182 1055047 firefox-esr_115.11.0esr.orig-l10n-hu.tar.bz2 c776880eb2b1624d67706061e451e266a71281b6 288205 firefox-esr_115.11.0esr.orig-l10n-hy-AM.tar.bz2 a680766fa8bf26c94d1c702203a452cef490e01d 324169
Accepted glib2.0 2.58.3-2+deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 13 May 2024 22:06:10 CEST Source: glib2.0 Architecture: source Version: 2.58.3-2+deb10u6 Distribution: buster-security Urgency: high Maintainer: Debian GNOME Maintainers Changed-By: Simon McVittie Checksums-Sha1: ab2c09cfb08bd7916c54cf7178fdd143c43d706f 3485 glib2.0_2.58.3-2+deb10u6.dsc f5d81b31ecb92f2920d8626768ae24dd41a8d49c 148468 glib2.0_2.58.3-2+deb10u6.debian.tar.xz e6ed366c8aeed9d74630202641a151c2d008993a 8817 glib2.0_2.58.3-2+deb10u6_source.buildinfo Checksums-Sha256: 66bed4b3fa52679c2dc648aa64d3966e585528a99ea38776854752acd9714279 3485 glib2.0_2.58.3-2+deb10u6.dsc 1e5a8b2922d60421ca0f5c8078a6efeaa037b9e5f7b0cdaabc2a4f54ffdc7f99 148468 glib2.0_2.58.3-2+deb10u6.debian.tar.xz 65da2e1663f1df3d6b18c847bc0a30cf15f2ca388928cdd83f9cb7a27ee43790 8817 glib2.0_2.58.3-2+deb10u6_source.buildinfo Changes: glib2.0 (2.58.3-2+deb10u6) buster-security; urgency=high . * d/patches: Backport GDBus fixes from 2.80.1, 2.80.2 - If local users send signals on the D-Bus system bus that spoof a trusted sender, do not deliver them to signal subscriptions for the trusted sender's well-known bus name (CVE-2024-34397) - Fix a use-after-free when subscribing to signals with an arg0 match rule, originally from 2.79.0 and necessary to make the test for CVE-2024-34397 pass reliably - Add a local backport of g_set_str(), required by the above - Relax name owner checks to avoid a regression in ibus (avoids: #1070730, etc.) * d/p/gdbusmessage-Clean-the-cached-arg0-when-setting-the-messa.patch: Add patch from upstream fixing a memory leak that can occur in rare situations with the above changes (avoids: #1070851) Files: 543ceb74c3de35b946b2cb06f71b40b4 3485 libs optional glib2.0_2.58.3-2+deb10u6.dsc 4d808b9288cafb33201d714878293209 148468 libs optional glib2.0_2.58.3-2+deb10u6.debian.tar.xz 5bf8db6bfaef5d7bc0994ef64fb5679e 8817 libs optional glib2.0_2.58.3-2+deb10u6_source.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZCcyFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkT5YP/3l4PDT1AeZThaue8vGBSZhc5ZcYaDTKQjZA RB7rWYf+m7sm0TwZelSinU8+koSF/e0p2xpPijGH06w0NHMnIlcxlmOu1+f2TiHC xagLPsC3TbEiml7AVP7MRZxqHiPwc7HDWeSpyjHgprejHuc7tNuVbFaOQjRs7hGi 78sdwkmko7ont9iWlZVJh4Nm7H+bpeSjI607WcAiUbgSBZcR/TTSH+RJAGQcg4B1 iDa7X430VcHxppGAQWipnK5c2EbZhGkQ10j+/day9qZ7AyhGPKdJj93RKG5oninP dn4lK6APA4f42qZdD+/iFMjjMiGCylY9a1qCMI77nQkExUI9SDAIdv85l49F6+OO 9Gw6LUtZkPX88sH+my6DXR8idcjMo/Ab+k9mzPfXXEk56RKu7ybDMeI0hEi/9JGY lcMC3l9gX9i2kX2CFvqjp7ZjS0ASiZFVOOxeCDPd2FZYmJ9Ef+HmMGXxU0Z65VO6 0CE2gap4+9gi4+wNvy194RDA9hCHjH8Zui3w+SxIt7OEGHizaMHcsxu5STkgl7TF v21hgatn3L0WqgYFeGuWJ1P6XOVdT/Yw3O0gKr8Qp+PD4HTd7OnssC/KDLdZ83Uv DahHBpSum2oafJ0ONv2XPp+mPo8OcOuy0JrhTT1/fqbGMEqTLx1xlvuTAiiQSoj5 nh8yIv6A =EXku -END PGP SIGNATURE- pgpVQXdfVuXZa.pgp Description: PGP signature
Accepted shim-helpers-arm64-signed 1+15.8+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 05 May 2024 11:33:57 +0100 Source: shim-helpers-arm64-signed Architecture: source Version: 1+15.8+1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian EFI team Changed-By: Debian signing service Changes: shim-helpers-arm64-signed (1+15.8+1~deb10u1) buster-security; urgency=medium . * Update to shim 15.8-1~deb10u1 Checksums-Sha1: 59f3e0b5bad978f6e85a2b69b7886af69c79a069 1621 shim-helpers-arm64-signed_1+15.8+1~deb10u1.dsc b65d7d6cae81af1ea5d50804c894bc75eff8e8e7 4876 shim-helpers-arm64-signed_1+15.8+1~deb10u1.tar.xz Checksums-Sha256: 756593b39b40cddda1741f1df00cb226fac3c8dbdacdf60ca31f87e796abb13f 1621 shim-helpers-arm64-signed_1+15.8+1~deb10u1.dsc 2c244915d69f505f477714715bc6c9436996e8cf8568c918a0831e49fdef6dc0 4876 shim-helpers-arm64-signed_1+15.8+1~deb10u1.tar.xz Files: 247747cb237dd3d11e68a5703f0ca91a 1621 admin optional shim-helpers-arm64-signed_1+15.8+1~deb10u1.dsc 6521e6d9c642ba9509edca3108355d3b 4876 admin optional shim-helpers-arm64-signed_1+15.8+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmZBRLUACgkQi0FRiLdO NzbX9w/+OjSWPpdD9ouTAKxlP5kYzUx/0aJ8pd7vox+xzMprqPVrhv8vx80AmBlB m/gmVCOI2KSCJ5aThBZrA0iLbb7lMF5YoD1G72L0ulR9E73lBX0LGGJZoO63KA/1 ZyCZZSeZQFMJZzyTYKppJXE4GIoeLzTGl5DIMMLW6XjSDw7RAOXSHkvaN2WxlP4Z p2253JrI9fU50ho2XnUpVHUPV7Z7Pf+KjiR9gdkwB9iyoBawacxNxqXqMMPe31xb J05bDhrfGOXc8IUubrryEJuAfzpGju1q2h4edgv+v1mP9Opy0AYJyHhD+oODbw1x HLetjAjOR6+RcM+Wql8leeH4u5ofPPPU230B/PtYNhkSW5tS+qN7lm20NaxAPUZv mh4vBcklxSaEK2sIlpmkOeuzbyM7mjOFll6aLi8t4hw9ac9Zwi7lL7BOZUWeS3aL v9IM/2cseNY7KdTRJTSe3IEPNz6wYZhbazmtl6yyv6A4IGMa8iVG+JV8B1ulZbx5 Fhsdc2HdKzBXL2S3yJWYbOKv8QPMa6i5vzQwOC+w3xrpgm4PvTAdpDQppnFtT0XC am7/HVsoAyg1n1sTs2jbRwtJMNYW0urZtomVhFmv3/vMo+w7wPDELhWDlaQNP+3N bewPnJaGrMAD7pGm7+DtPD4euwYby8hsCEGAbe40yyGowYwcVMY= =Ho9w -END PGP SIGNATURE- pgpDKLKJANZMB.pgp Description: PGP signature
Accepted shim-helpers-i386-signed 1+15.8+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 05 May 2024 11:33:57 +0100 Source: shim-helpers-i386-signed Architecture: source Version: 1+15.8+1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian EFI team Changed-By: Debian signing service Changes: shim-helpers-i386-signed (1+15.8+1~deb10u1) buster-security; urgency=medium . * Update to shim 15.8-1~deb10u1 Checksums-Sha1: 26c668784b893759d0324a4c7ede873af99d9509 1613 shim-helpers-i386-signed_1+15.8+1~deb10u1.dsc 92dec1a4f1b24bfba9bb4f8cdca68ab88b01ead7 4880 shim-helpers-i386-signed_1+15.8+1~deb10u1.tar.xz Checksums-Sha256: 4d8c5d6a4cd028d9c8ec83e8b3ca098e7eeb6baea02f684f56148658ab94f20d 1613 shim-helpers-i386-signed_1+15.8+1~deb10u1.dsc 823213d2c698d2df671218e405dd8b177594bc31b54ff7129a6fff0c51290e19 4880 shim-helpers-i386-signed_1+15.8+1~deb10u1.tar.xz Files: 2736b1fd8b41f1517416e3d79bbd8d27 1613 admin optional shim-helpers-i386-signed_1+15.8+1~deb10u1.dsc 5be623904a9b06b705f0d20488580dac 4880 admin optional shim-helpers-i386-signed_1+15.8+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmZBRL0ACgkQi0FRiLdO Nzaerw/+Ot0uq1bOfhtPQVZ0m3pGVqg9AcbukLVWt0wRxmnBXo6a9VAKDZ6XsKQt tl2aYfczBellHP2BGb5+wd4IzjIqLzgcROGuG3tIOq8FpGDDlbatCPspbWzxUvvr I8uh+o45WZcXFBFtN+zZQ1q29djZgyQbaoH1H4TR2LGOaSBITDiPl40chDdaZAiI sCtJrfQwPmq8LDi6wewoiuByRpbU5KeWZsJ19mGhKV4H8U0zrIBXd9+N6ycENVyo i2ItdWisPKMxk6RGk4Cz8piW1fZW3T0a3eo9/wexcZGPncqABI+4hpcHKfr24UUy JfvRMVirt42k9Y3XS7vzKjQDSey89968aECBKUUm6NH3QYfMU+ZepTSmy85cVfuK 4SW3pWhEKDyyaf9FHe1SBHSxuBzuJoolBiVCaMe/O8mXpXjse+HQr2yb2Af4ID2V 2sDHX/sDve35LQEjRK0ClbvtK6aGn2af62XhtuIYGSlC3nH52Nvz3uHn6rOfDDHk htIyS9gCWcLyeZWdKgNymkwAj62rRUFwv8H9Im+oa8gby+/3ZQAnojrnp4qd2UUM 8XlUmA1PdoJTWuFi7c+LvZ7PIPJyf3Db17k83aMDKK8DS4saSL71xeZGkroBEZLL GAuU4qbBk80YNyoINiINV/oHGPaQXmJkTFfcqs5zPitUexgSHgs= =ZWU0 -END PGP SIGNATURE- pgpMYEdOgh2MX.pgp Description: PGP signature
Accepted shim-helpers-amd64-signed 1+15.8+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 05 May 2024 11:33:57 +0100 Source: shim-helpers-amd64-signed Architecture: source Version: 1+15.8+1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian EFI team Changed-By: Debian signing service Changes: shim-helpers-amd64-signed (1+15.8+1~deb10u1) buster-security; urgency=medium . * Update to shim 15.8-1~deb10u1 Checksums-Sha1: cfafc3ab7f12c0b23a4a4b90035d4507db60 1621 shim-helpers-amd64-signed_1+15.8+1~deb10u1.dsc a0f43ff3a5bb9c67a31412ebb234527679903e95 4884 shim-helpers-amd64-signed_1+15.8+1~deb10u1.tar.xz Checksums-Sha256: 3aa785b45a08d54ee6c85a98f072a96a97974ef5ec890cd680799fca5adb805c 1621 shim-helpers-amd64-signed_1+15.8+1~deb10u1.dsc f6d5b21709c3d32864129c424b578ee486f0f00ab3899eafa03860b617b81a35 4884 shim-helpers-amd64-signed_1+15.8+1~deb10u1.tar.xz Files: 4849589a0dedf4686ee034d1b64c3e68 1621 admin optional shim-helpers-amd64-signed_1+15.8+1~deb10u1.dsc e23079013fd4381771d8d0e647204e99 4884 admin optional shim-helpers-amd64-signed_1+15.8+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmZBRK0ACgkQi0FRiLdO NzZDZg/9Ec99AY145j9QXOUuvXXNLBZt3ahFbHiqKb0grBkgk15I5bpopZvTy2Kt dHcRvS+mdtcrctPMd6jrK4fZSdvDLj4ZaHTpU/Z/yH4IBK3/KGbfKAM2DbolmZKt /BLtiKqj1U5oluGQ4Oua0CXC5zc+VPyNCTopPy4ADXprrBRgiq9zJB6ILDDdQMyT xBeh1lsOBDmxhd4uJ4miVlXKSoUQNtwDnZTSxmmtFAYdEeh8H9XbJqGsXObGRB3w J+JPTERNGmLqBQir0a2NqcAo30qVTckW7OJe+dMUC8u7zGj9ySYGtqalXPxrpVUv cWBZ1MrsUrQojZvHgGNSAp+V/4XlQWboSdgAogEOA58pWax7POop0S4TshyGHlhO MM1DL2HNAQfmaHfJr4m1wYKWOGdtI3fB5utFX6VnS0eHYnwN5ijomSXk+1GN6g0R xnibqU2ZhQOaCTLFhMsAlVOXJVmpoSYVVFJBIF6E8pT/IrFI6Yo3XZFNU5oXEpGF SIqabC9lfvHJDg5RiJ2M5t+TVZSP8FPr0QeIzLqChkFpOjX56k9f2vkfSlbrAcC3 9WwWuFXllG302D0HeeAP0bp9tR7HSbvLVz0KTUn/niPb2LYy6qI6p6XNkvcVEc+/ tJKxWfbmL7u+HVxsu1UzrBhVB20aW5rg6mVcumFxf46qVhi+304= =tkW0 -END PGP SIGNATURE- pgp8bfLSpJ9aP.pgp Description: PGP signature
Accepted shim 15.8-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 05 May 2024 11:33:57 +0100 Source: shim Architecture: source Version: 15.8-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian EFI team Changed-By: Steve McIntyre <93...@debian.org> Closes: 1046268 1069054 Changes: shim (15.8-1~deb10u1) buster-security; urgency=medium . * New upstream release fixing more bugs * Remove all our previous patches, no longer needed: + Make-sbat_var.S-parse-right-with-buggy-gcc-binutils.patch (now upstream) + Enable-NX.patch (we don't want NX just yet until the whole boot stack is NX-capable) + block-grub-sbat3-debian.patch (not needed now upstream grub SBAT is 4) * Cherry-pick 2 new patches from upstream for grub revocations: + 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch + 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch * Log if the build is nx-compatible or not * Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" * Install a copy of the Debian CA certificate into /usr/share/shim. Closes: #1069054 * Clean up better after build. Closes: #1046268 Checksums-Sha1: 2160a2f36df9be7c0cb0f7cde75f808ce8219437 2326 shim_15.8-1~deb10u1.dsc cdec924ca437a4509dcb178396996ddf92c11183 2315201 shim_15.8.orig.tar.bz2 30269c6e79531b5d0a39ce928fd603c16266abf9 34676 shim_15.8-1~deb10u1.debian.tar.xz 01fa8832609438b4265c932c4dfa792fb3503528 6319 shim_15.8-1~deb10u1_source.buildinfo Checksums-Sha256: 5e82fdf15f33fc68eca2ef995c788c092df3512a8c35273d2494a0d62af595ea 2326 shim_15.8-1~deb10u1.dsc a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9 2315201 shim_15.8.orig.tar.bz2 c76ea4b6db6db0f290483e54bcca679b46d6dbfbb66c43019ffb765152df098d 34676 shim_15.8-1~deb10u1.debian.tar.xz 28790d7d3307c68e681f1d568e86286ca3487a6b2ad9b8ab81d718d7bf30127a 6319 shim_15.8-1~deb10u1_source.buildinfo Files: ee8d6c9a7be8d839086b359f6d4d4d31 2326 admin optional shim_15.8-1~deb10u1.dsc a9452c2e6fafe4e1b87ab2e1cac9ec00 2315201 admin optional shim_15.8.orig.tar.bz2 083c62cc33687d05a9fecafd814f9c20 34676 admin optional shim_15.8-1~deb10u1.debian.tar.xz cdf19a4f94c8764e93760b40c2a696c9 6319 admin optional shim_15.8-1~deb10u1_source.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCAAvFiEEzrtSMB1hfpEDkP4WWHl5VzRCaE4FAmZBNRURHDkzc2FtQGRl Ymlhbi5vcmcACgkQWHl5VzRCaE6+HhAAk0ZPk5c/kFiBkk70sXqYzPwR+bf8BLux Qgv/cqxQO0B3+V6UyPB5mtZvrS+RXeBtvCcDOKOCj2nBkgX6wFUjD5V6nmEvgSw2 2CCTmYkH9qJBxuQgHvwWUcqsWCON6bijrZJGf30SMED8E+JX+ZrcQj9/tNQOr0Wn GT2rOibRPAcceQfRKfgTjMTNYxCcOQuJaRiLoLalzv04LVO6/bGRK5/bLksVA8S3 Cd3qpU4IkLp2sYntEhKJZ4mCLLQFdZMwvwmStx0LRUuwYrZVP+4yLx4cBkUHJM9M pWrLOIUHRlVurPfjPH2xogG6KuLY2zhRh1Ttb5zKZQMIBqrdQ2WIJtpxlBhBaUY2 Eo41vbW0flm6CR1Ooihgb2OloBPaVR+n1OcsHcK2PTJwUNyGkbJJtIdB+bZ5+Lg5 Nwjrg9dDNVxc1gfV1yyFJ2ngMJ70K9zwTpGagxoWuU32HOHSyz6d6CLRfHc4b0Nx Ej2RyGOQKEy5HIq9JoVULGqTinPGD8gMqvNO3umPxGNrIg5o9XxU3Mu3RhXhZoqq dSgITtWgnRoA1kUkbJbnqiUAk2efxugYLjVQRuoKst8LMDP9Qjlyf1Smw6EDgJKn Yp7E8Imad924uUXFmfVIIJZdSCwmgS8QaPSJ4gplFWwmS6+rqcSYKxYPI7iYD5Og 9svJ2clEUJk= =Cncq -END PGP SIGNATURE- pgpWM22yX67o3.pgp Description: PGP signature
Accepted libpgjava 42.2.5-2+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 9 May 2024 23:28:54 CEST Source: libpgjava Architecture: source Version: 42.2.5-2+deb10u4 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Checksums-Sha1: 781eb60e4888e39fd7817a681aacc413a3f75d2f 2736 libpgjava_42.2.5-2+deb10u4.dsc ca500b3da863bbe2083e84b32e814260cff95ee3 24784 libpgjava_42.2.5-2+deb10u4.debian.tar.xz de7aaf886e9912df92f7ef86faf67967242f1839 14354 libpgjava_42.2.5-2+deb10u4_amd64.buildinfo Checksums-Sha256: 952b3ff093a1fbae761fa3c9447de8c2cea710497c8d71b200cb05f61e35b9f8 2736 libpgjava_42.2.5-2+deb10u4.dsc d74b185498b719c033de2c845bc068d32d122295807f2d1c708e98e9dcb621b5 24784 libpgjava_42.2.5-2+deb10u4.debian.tar.xz 79bd50bfaff7d6f3892f1c4f44482c10c2961d02e7745d74c8c65bdf5fd6e67a 14354 libpgjava_42.2.5-2+deb10u4_amd64.buildinfo Changes: libpgjava (42.2.5-2+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2024-1597: A possible SQL injection vulnerability was found in libpgjava, the PostgreSQL JDBC Driver. It allows an attacker to inject SQL if using PreferQueryMode=SIMPLE which is not the default mode. In the default mode there is no vulnerability. Files: 12dda815e1b5152129731f43c9dc52fa 2736 java optional libpgjava_42.2.5-2+deb10u4.dsc 985b0e471e26587ec69a161ec5b4d8a4 24784 java optional libpgjava_42.2.5-2+deb10u4.debian.tar.xz d0704334a1f33962dd54c9d8fe584c5c 14354 java optional libpgjava_42.2.5-2+deb10u4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmY9QGxfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hktl8P/1VGZyO+koRIjjeLxVTwcsYyqVSJpZpIozT4 +LG2kwQTTRsoa/V5DZVDsT9OSQE6+Ju+tFz1BIHcXziWwK+DtrFOV8GgdLCNYr64 brd8YRjH0vOzwrgTG+0736oOrpoQ+2vnzeUR1X5y5TMY4NYZm7B2oOT3+/z8NXL4 IuwzWsPI+vxrt4Dst4hKV1BbPqabIkMYLJNIa5puP6Xjzc7Qck+234j5VmmrDRUY pyIE/Btar2lsjwtZvlm4Br2IJ9+/mjo6JuqQn9HQBiVI9KHqTsjKqo4zcHLUgaKi BO0oLpEbraMKl+tTcbxCMvBNBsKFwAa4kmtw6/jW+s4LNc7giIqXHE3Nj8v/Mwet nwr5CWAqCxrMnN0NU6NN0KbWuVPM2dUPg0Z98800dgl55nPbKKvIc8JSCfACIW0n y3+a56g/GTEQ3kFeRVLnKasiF9kls5rXVQbJa2NrS1wM41M/4Az8JE5/L7gcjmDg JqD2OKlxd25GeH1JVdXvzkNNRlgWXP+QwcP6tWebC3i1OHQGw7PdiEpu/AjAWd4U kVR8zF2C8SCIQt6Gt1fwnxGqZYIzh2cwwsMPpxmEoe1d77nWqZM1Vl+36uV+MFo3 YTeIWNhgQ5aYv8LiLbGziM0R9Uf+O1GU/88p7lfg5dHVIaiwtEgViB4Wa1NGaeIE Wc60WeRQ =gY1E -END PGP SIGNATURE- pgpjPZdUMmxqi.pgp Description: PGP signature
Accepted python-idna 2.6-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 08 May 2024 17:57:07 +0200 Source: python-idna Architecture: source Version: 2.6-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Guilhem Moulin Closes: 1069127 Changes: python-idna (2.6-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-3651: Specially crafted inputs to idna.encode() can consume significant resources, which may lead to denial of service. (Closes: #1069127) Checksums-Sha1: d6af0da4367d4def659fddbe0f4bb5d1ebe78f83 2243 python-idna_2.6-1+deb10u1.dsc abf5e2e7d8f52dd00e658f1ead4eb9f4d2240bf4 135992 python-idna_2.6.orig.tar.gz 337ec85d6e9207dbac783252e32bcde673b3cad5 7532 python-idna_2.6-1+deb10u1.debian.tar.xz 9d2d9a7b6cc55a2caed6e5c976655e14271b6b03 7377 python-idna_2.6-1+deb10u1_amd64.buildinfo Checksums-Sha256: a9173579a521361fd5667ae308eab68d92b0e30804fca834cbeae08405d22d8a 2243 python-idna_2.6-1+deb10u1.dsc 2c6a5de3089009e3da7c5dde64a141dbc8551d5b7f6cf4ed7c2568d0cc520a8f 135992 python-idna_2.6.orig.tar.gz 31df1cece917291135d3f3dcdd15332ac7a783e4db4f89b57b7be561d0c4605a 7532 python-idna_2.6-1+deb10u1.debian.tar.xz cbe2907522a8ad570f58f42a2952768098e0e991a9d081408748b12a61c66ce5 7377 python-idna_2.6-1+deb10u1_amd64.buildinfo Files: c7b1294952e78673536f70b7e8942ae9 2243 python optional python-idna_2.6-1+deb10u1.dsc c706e2790b016bd0ed4edd2d4ba4d147 135992 python optional python-idna_2.6.orig.tar.gz 1b00a6d5c42b374e58023fc44c0e0a0e 7532 python optional python-idna_2.6-1+deb10u1.debian.tar.xz 14f07f605394616614b08f913372f444 7377 python optional python-idna_2.6-1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmY7oQwACgkQ05pJnDwh pVIzCRAAoAongfv9PMgVZ7QilYetXJLqEtY1Zd6Pif8zDt5ElYRjML5vVk+JUczX Lze35hxCr46+FsxiOjRgO0TzCbm5n8FpJCJ5ngpopaE3piT2UfR9k2V7nvgO9/bs wCr5OMnJQfNYfoMz1gEFV9RInS4J1T3LeXyZNQxFBn9yUBfRUJLJ+uDlIZKHyRVe NCbsYMc4f6zi4KgoxiWtg4jFvQ6VXaCcmFFxjXRpB9vdRQkR8pRhRQV3/6LFDFkr zVnyyU4L9vVeR6kapdiEsntnr1nWchGWZNbe1qlD1y1TjWLHhyzvItdVPkSEYF0U Cjamd57gC469yHYPqwoV+nFQe+XCbkm/Bzsf9b1+ETCSot1plOANL5Y2VJEXw+cl RCKhcyFC43HXeUdfdd1HR+sQG3ax9hECI985XG8ZN6x8csNor/6S6IRttEchiUUn OFAs0AAyZWDb5zfBoW4PeaYBOrwhKH7EQ8RattItoN4dLBPDUnEUIIxslhdTWDk0 IuJv+GLio3KZ3koGmQQOZ26qT0N19mcTYj8P8xX6YEyMbMb1vfzkr03zyHJ0YlJo Ejfd4cgh8VENl64ipPds+jRNRQ/So+u/y/03zI18Aud43WLSUp4RvXXz66xflMzG GyQq97LHHZYuYbH+hu8Mytgz/+s/+wOw+D3teNMNF3ogteJ6+dM= =12Ik -END PGP SIGNATURE- pgpRA2FHABV8j.pgp Description: PGP signature
Accepted linux-signed-5.10-amd64 5.10.216+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 May 2024 17:02:06 +0200 Source: linux-signed-5.10-amd64 Architecture: source Version: 5.10.216+1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-amd64 (5.10.216+1~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.216-1~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.29 Checksums-Sha1: bfb5f9b5be6fc6b5408c5e65a528b0b85692d3e9 3000 linux-signed-5.10-amd64_5.10.216+1~deb10u1.dsc 74f3396fdbcdcf2b4b370347ce3d4a9830b3ba11 2917456 linux-signed-5.10-amd64_5.10.216+1~deb10u1.tar.xz Checksums-Sha256: cffe1daaf5a27300690c7cea9ec190bf41dfeccbf987e987399c09919f9d4e94 3000 linux-signed-5.10-amd64_5.10.216+1~deb10u1.dsc d597dafc7212fdf3abcfc149d44e65bbfe0abb443bfa0a4e4a63edbbff31e74e 2917456 linux-signed-5.10-amd64_5.10.216+1~deb10u1.tar.xz Files: ab21676d1a36169795eca9bc7aaa389c 3000 kernel optional linux-signed-5.10-amd64_5.10.216+1~deb10u1.dsc bb10ec676f000b6c08ff4010f818968c 2917456 kernel optional linux-signed-5.10-amd64_5.10.216+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmY6T68ACgkQi0FRiLdO Nza72BAAqXp80qqsyKweWD5hFwM487Mkvwmb9AEu+rDaFLvurnvgNxCEJ9dWoca1 kUgAcjq/1MTedXHtR5MhgKFCAsNXbNzL7XxXN5OgQUUOMmNUK8ieMbUVvAfPQEYd Ajj2+B3S6LuT/L652WgvqL8+7vlEkBoKATah4nFDQl6GZi6KGXJTa9OoNcWXEjC3 b8k4r21F/Xjght0TcIJBcLhAYcr1Kwzozd5h8u7ygKeuNUUDoB46jISzjkO2XEfu hfnwshzvwFmflSr+PBJ7/ek+jVJ9wj67bpO4huST2ocWNjbgEDjDpXDMzoMihPcs AH+VuMqvEW9g8UuGPvUS86laPOOUXd/LNr4Vttheq8/l6RZ1oAzhhfAajdCHX1jc dXBf9mor0YXViukrB/GcLrDXp8NEJ2IT7yaZ4EDkE7mzALDLUMb12cJMOgr08VI2 KmNTKSa4sCqwSuYMtLQheZS7r8De3daQAffM5I/wrvToREEtZOdCmrJ8pjnnfX3+ Uy70CLJHVgbxCOdXuX5TXmiWcHyeD+l2wmI2ieJgNY0qbclgh75lLeutL/1WZRW6 INbrIPCNqKeiNJSsoAYeoO2Py8EjlZ2kJpOT9K9fZOd+OdMraxSBNMfk8e7MA/ZU BtXiL6E7zDJOTJHf4XVoh5R3xrJnSvgSL8tEFopFJZ6wcyH0iaI= =wSfI -END PGP SIGNATURE- pgp_ILdLUSdLC.pgp Description: PGP signature
Accepted linux-signed-5.10-arm64 5.10.216+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 May 2024 17:02:06 +0200 Source: linux-signed-5.10-arm64 Architecture: source Version: 5.10.216+1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-arm64 (5.10.216+1~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.216-1~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.29 Checksums-Sha1: 5f54ba1bbc552b1865581512f4c14d94d4fda125 3000 linux-signed-5.10-arm64_5.10.216+1~deb10u1.dsc a1e6d19f56eb4918a438303b2dee77063fbcb464 2662456 linux-signed-5.10-arm64_5.10.216+1~deb10u1.tar.xz Checksums-Sha256: 8b99b303cd7cf244428bf03a83984c7690e0f1326ef1e83311ae0371a825dba1 3000 linux-signed-5.10-arm64_5.10.216+1~deb10u1.dsc 7ab4524503da32a5e0c808a8efecf6110c5d524d77aede7b2a2e2614a9a7322f 2662456 linux-signed-5.10-arm64_5.10.216+1~deb10u1.tar.xz Files: f16243938dff9271ef9db88cb7c52404 3000 kernel optional linux-signed-5.10-arm64_5.10.216+1~deb10u1.dsc 0f91ca6f35eadf448bb5f8c0ef26c7c5 2662456 kernel optional linux-signed-5.10-arm64_5.10.216+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmY6gOAACgkQi0FRiLdO NzZAQg/+Kr+totZYE7C933OAEHY3Iovzp9S7/XaOewcYIknwHId4Mb1kDtZEDF5U 8D2hS/Lw2O/mqwGKex6pEPCOVSxMma1H+NvSqrYUXvNrtW2IWWhapL9SV8tuELTW tWRrBuBZiC4bJVOCSC95cBlabRM307/3UNFhBf++3j0HjHTSeWRYQgHPVLjGCoG8 MXaYXuhs/No58kMzOr6VuaVEyLJ+FPCSeOeeuKWOTu92bXeV9nw9OIQdK1ckMB6J RJ2Wcx0P89eT8K3TiE0dSWuUeWoFsJIso3h18JUZUEfNpufA38znhb6u0vu/SHmh KwwEeU9tKEWoMM6AOsIF0X2s8ID+c6vi1QRvOJUVrJ87KntJjMsLl1th+4i6xqXB j90AVpU+1ZJTAfbdEGHHnZ0ALsJLIcnNpLtjM/HjIVyUKQRhIJZM/co6EMU3SVtm y/wiBG3n/sWP6kT4DbxqzWaaO6ZPdr1BclOmG8FgkzFzrInj76riYRVGcCQBsjLD Q1hH48fefJ7bpJ8+X96yk4fGJptqaFqQp81jTADluUvioBSsj9Y/oTL1J+mJUKI3 wKv6O5im0crqPvDYXmFA10uvgQxbBmK++5xpeVB7g+Husq0JXAvH5nbluLQ1bQuv If2H94XZk5UxDSAStx2nSnJ1gUsohhylhD9jK1BBSlszErAK+fs= =QAB9 -END PGP SIGNATURE- pgpLgBkVcS0v5.pgp Description: PGP signature
Accepted linux-signed-5.10-i386 5.10.216+1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 May 2024 17:02:06 +0200 Source: linux-signed-5.10-i386 Architecture: source Version: 5.10.216+1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-i386 (5.10.216+1~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.216-1~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.29 Checksums-Sha1: 8395375e30a10d6f34977fe99fbeccf537707519 2955 linux-signed-5.10-i386_5.10.216+1~deb10u1.dsc 7e9692ffa2d1ccc3b475b61bd9eed9ec1465f8e1 3859440 linux-signed-5.10-i386_5.10.216+1~deb10u1.tar.xz Checksums-Sha256: abe671c6cc75ec8eb07e4eb0b8cdee1a40e3d7f3f0d905736f7d0ef7aba8ffea 2955 linux-signed-5.10-i386_5.10.216+1~deb10u1.dsc 9e671cade0d4f7a921a1668d19970876c588bc5d2afc54704304bd0fc37d6d94 3859440 linux-signed-5.10-i386_5.10.216+1~deb10u1.tar.xz Files: 1a8c4793fcbaf5a694c98d034c11e04b 2955 kernel optional linux-signed-5.10-i386_5.10.216+1~deb10u1.dsc 72b8d11103fb048e133f8d6c567525f0 3859440 kernel optional linux-signed-5.10-i386_5.10.216+1~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmY6Ha0ACgkQi0FRiLdO NzZHUA//dELkxoI5TDQBbDSPIG3ludptlzEX7G0sXIvhK5L/AWCgOPF+Ew27f6yu xyuj1c/6KzLPR8ND5F3kVNSsVDH39n7kDSNjq+VD7AuupX8ZXVGZ+VdUdC5BXIP0 x+6cOCN1Z5cRMeKK7FcxLR3oc+qqrkTyBlY9WMP4Awo7X0SUh11ZpcdrzIbyD1AX d5EHCz7WEU6th+IpnGW7WPBy+XwXxQpGgputsp4bGcnNy8Lp02DFJUqTmyfN+++7 s8dbqpiYwGaMtVVpZVL4/fn5yxcFkMQgFz8CnzQToye9Dh0RC7roUdhyhll+RGTO vr9xkJtqFFKHGMJ+i1shUyt3Z6HR5XqtiXfvFRxZ+jhegUqQWBchq1/IP3fDGy/9 GhFqcZURyzSX+bpS/Qi9fJO26Ey+4ZTB+d7uPudj7WJDvt6HI2XnfF7RRMMiy86X +aBjAWR1/9HhdRSgE4sWM6qUTrFCpEoOPUkBxlZN7KqIiNpKwBtBrGCp3z8ZFdab nmDxgHWhbZCX4OPP4TyGEJWVQ2puz2FD51ZRt/bux0wFa65411MZu8npsisu7IAr rCHuubdO9b6I43q8a56njICOztTsbOw0En7uYYIZXJUwMfFqPvIiYO1j7EbHxWb0 2Js9OO+EnchSk8ZR5d5Ufc8cQfYcB/0fKiCMX8wGulCPJwxGqhg= =s765 -END PGP SIGNATURE- pgpAulVwPRflE.pgp Description: PGP signature
Accepted php7.3 7.3.31-1~deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 07 May 2024 02:47:26 +0200 Source: php7.3 Architecture: source Version: 7.3.31-1~deb10u6 Distribution: buster-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Guilhem Moulin Changes: php7.3 (7.3.31-1~deb10u6) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-2756: Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. * Fix CVE-2024-3096: If a password stored with password_hash starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. * d/p/CVE-2023-3823.patch: Also backport upstream commit 62228a25685 (a no-op on Linux.) Checksums-Sha1: 3f3cc4a570e87184ebf3b3f6af4f95d6a712e8bd 5867 php7.3_7.3.31-1~deb10u6.dsc dd58696a4287a4ad99145305e6ba8af375ed8510 86992 php7.3_7.3.31-1~deb10u6.debian.tar.xz 92a5fd56cb61aab5a319ee28b0601884cd14a7e5 35906 php7.3_7.3.31-1~deb10u6_amd64.buildinfo Checksums-Sha256: 2aea4fd63d9b4c986a49f99c60ef7fdbecc54d26f3afd40fdabb78e49db9588d 5867 php7.3_7.3.31-1~deb10u6.dsc a306ee0b9dad8b5566483a17f56da5f9a5c08d4233819347ca140204b65842b7 86992 php7.3_7.3.31-1~deb10u6.debian.tar.xz e8cc29adba8f45c91a5bce4e217a4e26c436c867da53a5c56d17ddcd9ac580e1 35906 php7.3_7.3.31-1~deb10u6_amd64.buildinfo Files: f151f11801207262583c6300b75885ef 5867 php optional php7.3_7.3.31-1~deb10u6.dsc 71bf69cec419ce379c44d132cef55ab8 86992 php optional php7.3_7.3.31-1~deb10u6.debian.tar.xz 8f167c0fa62ed329350d09ab442ec58f 35906 php optional php7.3_7.3.31-1~deb10u6_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmY6QmEACgkQ05pJnDwh pVK1yhAAs+682vPubwLN2R28wkO0BEtF4PFSCK7JvZhgUsE51lE/UvgJX3VAdXuD WaB2jMGfD218bt+G+gn4Fs8/jO+20df/AJLfR3prkX/d+HtWpLZ1G2X0CGXSkY6m D3vUfgZSG2am98Ieh4syxAXg9eZ6tPN8kriupoN6oS3LOLm0xf8J+BaS4Wd5i11z dnuG/QX3ARrRrEpUXSccTE5AyOyM2/uy3eHEqn/K5y/ZvPubkqkgaVNiBXV87aJR 6Gcta+ixJ4reuQxmuv5ZH/4D56P0A9SwebX3D2rjiOJsIRONi5ZPKO86j+Q5y1/c m5aLsoyvxE6W5Dr9aNoarhzb6SSB6PTUpCHCtj4iMSsEarg9qtv7GtQIWqhASCDP sifxeNtZavV8vFuWFuJX0ZzHq5oHGoe4Y1EVwTFNCD5ynqPi8w7SwMhO3TVE67Ng Sws2a2J2QB/d4RFyREird8zD2/cVjYTMiLxwjFs8Y0wUU41/O3xiFAte8DjSg9Jf lH6V445W6ps1ao04qGulvQ5kW4pDdYf6G2FO+SAa6WNKNI9RAf7obXM4pck/Yp7p YIJhqsJO9Xgba47WUcnDxqXb+TCvtfZXkEdoNDQUGh+x3Nx7XfiRPcbt3e/vfcZa 9rTustb4JFK0QXKPh5TSefDhTCP5wrJ8EWcZsfMDd4/vxuuZXTg= =lKW1 -END PGP SIGNATURE- pgpVk16DhlC0l.pgp Description: PGP signature
Accepted linux-5.10 5.10.216-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 06 May 2024 17:02:06 +0200 Source: linux-5.10 Architecture: source Version: 5.10.216-1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Closes: 1064035 Changes: linux-5.10 (5.10.216-1~deb10u1) buster-security; urgency=high . * Rebuild for buster: - Change ABI number to 0.deb10.29 . linux (5.10.216-1) bullseye-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.210 - units: change from 'L' to 'UL' - units: add the HZ macros - spi: introduce SPI_MODE_X_MASK macro - iio: adc: ad7091r: Set alert bit in config register - iio: adc: ad7091r: Allow users to configure device events - iio: adc: ad7091r: Enable internal vref if external vref is not supplied - dmaengine: fix NULL pointer in channel unregistration function - iio:adc:ad7091r: Move exports into IIO_AD7091R namespace. - ext4: allow for the last group to be marked as trimmed - crypto: api - Disallow identical driver names - PM: hibernate: Enforce ordering during image compression/decompression - hwrng: core - Fix page fault dead lock on mmap-ed hwrng - [s390x] crypto: s390/aes - Fix buffer overread in CTR mode - bus: mhi: host: Drop chan lock before queuing buffers - async: Split async_schedule_node_domain() - async: Introduce async_schedule_dev_nocall() - [arm64] dts: qcom: sdm845: fix USB wakeup interrupt types - [arm64] dts: qcom: sdm845: fix USB DP/DM HS PHY interrupts - lsm: new security_file_ioctl_compat() hook - scripts/get_abi: fix source path leak - mmc: core: Use mrq.sbc in close-ended ffu - mmc: mmc_spi: remove custom DMA mapped buffers - rtc: Adjust failure return code for cmos_set_alarm() - nouveau/vmm: don't set addr on the fail path to avoid warning - ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path - rename(): fix the locking of subdirectories - block: Remove special-casing of compound pages - mm: vmalloc: introduce array allocation functions - KVM: use __vcalloc for very large allocations - net/smc: fix illegal rmb_desc access in SMC-D connection dump - tcp: make sure init the accept_queue's spinlocks once - bnxt_en: Wait for FLR to complete during probe - vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING - llc: make llc_ui_sendmsg() more robust against bonding changes - llc: Drop support for ETH_P_TR_802_2. - net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv (CVE-2024-23849) - tracing: Ensure visibility when inserting an element into tracing_map - afs: Hide silly-rename files from userspace - tcp: Add memory barrier to tcp_push() - netlink: fix potential sleeping issue in mqueue_flush_file - ipv6: init the accept_queue's spinlocks in inet6_create - net/mlx5: DR, Use the right GVMI number for drop action - net/mlx5e: fix a double-free in arfs_create_groups - netfilter: nf_tables: restrict anonymous set and map names to 16 bytes - netfilter: nf_tables: validate NFPROTO_* family - net: mvpp2: clear BM pool before initialization - fjes: fix memleaks in fjes_hw_setup - net: fec: fix the unhandled context fault from smmu - btrfs: ref-verify: free ref cache before clearing mount opt - btrfs: tree-checker: fix inline ref size in error messages - btrfs: don't warn if discard range is not aligned to sector - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume - rbd: don't move requests to the running list on errors - exec: Fix error handling in begin_new_exec() - wifi: iwlwifi: fix a memory corruption - netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain - gpiolib: acpi: Ignore touchpad wakeup on GPD G1619-04 - drm: Don't unref the same fb many times by mistake due to deadlock handling - drm/bridge: nxp-ptn3460: fix i2c_master_send() error checking - drm/tidss: Fix atomic_flush check - drm/bridge: nxp-ptn3460: simplify some error checking - PM: sleep: Use dev_printk() when possible - PM: sleep: Avoid calling put_device() under dpm_list_mtx - PM: core: Remove unnecessary (void *) conversions - PM: sleep: Fix possible deadlocks in core system-wide PM code - fs/pipe: move check to pipe_has_watch_queue() - pipe: wakeup wr_wait after setting max_usage - [arm64] dts: qcom: sc7180: Use pdc interrupts for USB instead of GIC interrupts - [arm64] dts: qcom: sc7180: fix USB wakeup interrupt types - mm: use __pfn_to_section() instead of open coding it - mm/sparsemem: fix race in accessing
Accepted libkf5ksieve 4:18.08.3-2+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 05 May 2024 18:20:57 +0300 Source: libkf5ksieve Architecture: source Version: 4:18.08.3-2+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian/Kubuntu Qt/KDE Maintainers Changed-By: Adrian Bunk Changes: libkf5ksieve (4:18.08.3-2+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-52723: Cleartext password in server logs. Checksums-Sha1: 14a7798c731f553edc3250f5b6e3daeaf8160537 3251 libkf5ksieve_18.08.3-2+deb10u1.dsc 9419f1139da72a91641f4b6b12ca6878a0993fb7 550060 libkf5ksieve_18.08.3.orig.tar.xz d01d79d2aaec288a5ffbdc36e6c9829304d112db 774 libkf5ksieve_18.08.3.orig.tar.xz.asc 6459deb410cfe1f8712ea52de10e86444c368452 19592 libkf5ksieve_18.08.3-2+deb10u1.debian.tar.xz Checksums-Sha256: a5c3a85e79aa3b5a869c983f6991964a913926256f902a20e7b2c3c29d42722e 3251 libkf5ksieve_18.08.3-2+deb10u1.dsc 68e0fbc8129ca27dc2078ec72eba2873118896c85b8caab9470198c00c16d7b5 550060 libkf5ksieve_18.08.3.orig.tar.xz 42f42a4c62a428acb42efd74e90e11d1e345f901a467e1816c26b96b1130d342 774 libkf5ksieve_18.08.3.orig.tar.xz.asc cfad5b58cbf3d0aa1373114b56565b7d68e5f05e4f10fc2c7d1972c5266ed056 19592 libkf5ksieve_18.08.3-2+deb10u1.debian.tar.xz Files: 8c0273a5fc1768e0a136d7df24a4bddf 3251 libs optional libkf5ksieve_18.08.3-2+deb10u1.dsc cf4d87f5799b1a8ed3b9e3c1eedc7b64 550060 libs optional libkf5ksieve_18.08.3.orig.tar.xz f60162d96aab338679d12ebb2f58e3e7 774 libs optional libkf5ksieve_18.08.3.orig.tar.xz.asc 5a0bf605e3b1a79a7a3aab046d8782ab 19592 libs optional libkf5ksieve_18.08.3-2+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmY3p/IACgkQiNJCh6LY mLG63g/+PKHyynjdSf5qglZ/Fwrxpxhnbb+LQ9v37aAWNuF5s5gM16x0OYmQhckL SxX5PHHuut901HMW7U7WAEr50zmsxoBp0+CNIiPrdosUEXvTbygfcC3/bubu5YlS zrUQ/GxjB3CxxFL1i29aqQ1MTQnXcKgw1Y2jc24S8019QKPRXorTV+MfYqfh2hAH GGkf4wL7xcZw2mAa882/sn31yXpAzfLh5jRdPXu2CLG0YStjZmjJMbWjXeAixgb7 w/fhu7eLF4uZAXgSXN0psBCQq6HgehWdL7b1/p3pC7AMb5MJrgQ8GqY2mW3gF+K1 apryrBSrZFojiaOJSEfq1Vquv9S7QXSbTPSnQhbYzVob8DP6BXKz0Gf7A7dPhDJ2 WG+AgJJr/dBGqjztjpwevMtF2NWE++hhWmBiXYxBQRaZD773f25UobkGOzaFJu4b DQyORdWIGJ4MR1I4G1/ifCQaTjLJfqXpvmaORnRz4CCjqkc3zppqGrDiALXoY1RE +1pUJdDBL9//Io5o2WeO/QDW0gDIxbw+f5U5CxEfUcO1HxCZ8HnVhLqqnGG/ug9S YDQkQhi0BuDUvRzghCnQktdQpyiRKKGKZcHJOFpW36IACGi+ZpSRgh1BudO2WBu4 FiXLnkbve20w2Rmieg1O04dv3+Jg/h5Jb6ExozOlxLm30yTzLPo= =uDWK -END PGP SIGNATURE- pgpgnIeVoobtK.pgp Description: PGP signature
Accepted intel-microcode 3.20240312.1~deb10u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 04 May 2024 16:16:32 +0200 Source: intel-microcode Binary: intel-microcode Architecture: source amd64 Version: 3.20240312.1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Henrique de Moraes Holschuh Changed-By: Tobias Frost Description: intel-microcode - Processor microcode firmware for Intel CPUs Closes: 1066108 Changes: intel-microcode (3.20240312.1~deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * No-change upload of the bullseye version, rebuilt for buster (LTS), Please consult the changelog entries 3.20240312.1 and 3.20240312.1~deb11u1 for details. * Adresses CVE-2023-43490 CVE-2023-39368 CVE-2023-38575 CVE-2023-22655 CVE-2023-28746 (Closes: #1066108) Checksums-Sha1: b3654bca27445fa71d025ce33bf389b220da54d3 1821 intel-microcode_3.20240312.1~deb10u1.dsc 72c04747bf9d6f830f2293381bfec6f9620cd056 7674952 intel-microcode_3.20240312.1~deb10u1.tar.xz 711a4a6024164e8be4600ec386b4e73fff2317a2 5768 intel-microcode_3.20240312.1~deb10u1_amd64.buildinfo c7adc2078891c530b1405e81315286615a6b2614 7008964 intel-microcode_3.20240312.1~deb10u1_amd64.deb Checksums-Sha256: 8874cae7bf44ee4766f8613c7a35f9c54f0a49ceb93387ee331998c7bdcc9913 1821 intel-microcode_3.20240312.1~deb10u1.dsc 7287f0a1722bb84ef10da58f709f805cd2de73c33b2f3d55fec8cdfb4e50b37a 7674952 intel-microcode_3.20240312.1~deb10u1.tar.xz 51e11eef28b58420b93cea8866896ada7bd194c1c86ffc4bc90882275c97a87c 5768 intel-microcode_3.20240312.1~deb10u1_amd64.buildinfo f273eccdeff1e12def1f76ce0f34854e3c9c80e84ad73cecff64b8f24a8114e1 7008964 intel-microcode_3.20240312.1~deb10u1_amd64.deb Files: 7945bb17885c30c1a07d39e7a712c80b 1821 non-free/admin standard intel-microcode_3.20240312.1~deb10u1.dsc d6245fb7aac403d3d169f212d7aaeb5b 7674952 non-free/admin standard intel-microcode_3.20240312.1~deb10u1.tar.xz fd8805f88c6da4428e18106e88dc858c 5768 non-free/admin standard intel-microcode_3.20240312.1~deb10u1_amd64.buildinfo c51f59eb8356a2dac6bacc506e393c9f 7008964 non-free/admin standard intel-microcode_3.20240312.1~deb10u1_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmY2RBYACgkQkWT6HRe9 XTbHFg/9HTpvSndFbkQy2qWaYV3cnmTmGyHzyzPMw3DKtMpYBAHKdfE5FlulMPgB ezuL1/xcRGii7u6TYVRpEbGuzuT+hGT1eD4UlEPnvoQR2psSM5/NdabHEvDOfA+V fQCRolv+OayEBkKp1TknhC3TV0V6Wj6eKsBvLmcftRz72Mgij+MzBi/7slKP08+P Tta+/ud1/hyYpgRmUBlyMiqDjvlBpZyXiM5ui7F3aAkrgL9rVaxCJCGq0yoyg5BG shJeXZ2itYXF9z+tyBwMnKmZwB2PIqKtoy2fO+47cBUDVeg5Suo7MTS3sHz1l/Dx cj3e25/X+2UER/fOF9I6aWVZiRWQIOM9M91IUk9yv4cmyJcVfGqakzl9x68UmC6X woM8wLiXyAWsPvjnX6z5XN9GcbvX8AF3+YeOnaiK9ObjMPHdhx7xMYktdydxSIRi f8AIz5E4lhwgAaN0PWoTxt3MGvkG+W9TcN7Z86DwQz4E1pbQYh9DmAM0SZFFbD77 kf0Ob/Qg3YJrlWN7DC1zfEvlACQhzSyqIyLRcDk+dWqYeprAGeWkszlg0CRXZtL8 +czRVtUfSpSrVGhIvsKIIjQP1vqQwsEdhQ5+EfRJbqZ0wPHmWK/68+anqQVSAkgx AhUPUvyLifuEdH+ORmsMzxVa7O9eOW26a8FCloYfkuiYE/WuA1Y= =7gnN -END PGP SIGNATURE- pgpvgKXAFAEZu.pgp Description: PGP signature
Accepted glibc 2.28-10+deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 23 Apr 2024 19:23:00 +0300 Source: glibc Architecture: source Version: 2.28-10+deb10u3 Distribution: buster-security Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Adrian Bunk Changes: glibc (2.28-10+deb10u3) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-2961: Out-of-bounds write in iconv ISO-2022-CN-EXT module * Don't ignore test failures during the build. Checksums-Sha1: 440f86acbfdff5b029979f954cdc28d58473cf38 8921 glibc_2.28-10+deb10u3.dsc 2d661b89603cc44217286eb86f2e2093cace9595 17061292 glibc_2.28.orig.tar.xz 7b3e8d05073977c8457dc591d1df24e2b38c84be 924552 glibc_2.28-10+deb10u3.debian.tar.xz Checksums-Sha256: 731d162af297ab2f042e73b0910388a84214e48b68766ded409e6c391ca5e9c4 8921 glibc_2.28-10+deb10u3.dsc 53d3c1c7bff0fb25d4c7874bf13435dc44a71fd7dd5ffc9bfdcb513cdfc36854 17061292 glibc_2.28.orig.tar.xz 552ddba370dfe93ae9360b17ad4772b9f72b43223bf5e40a651797a2cbebadc2 924552 glibc_2.28-10+deb10u3.debian.tar.xz Files: 3cf31cd78b313daaf1f2729369e20096 8921 libs required glibc_2.28-10+deb10u3.dsc 2d78d5b080fbe4fefa2e1ccef9c39dbc 17061292 libs required glibc_2.28.orig.tar.xz b3713583a27b26a1a6e051c3f9447782 924552 libs required glibc_2.28-10+deb10u3.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmY1DjwACgkQiNJCh6LY mLEx+RAAkv8pPjvYvpu7bIsBoT5vjeNnh/n2fBwNXJ3g5u8LBD0YFm/sr+mxSY81 E+LnC02wUZS3p/e0TnuV4Fo2naCUzsGpV+07ZnILs3NyVTjxm0aSRRwi8nLWjmyr gXAI82zCGxC+1/SIlwjYBvRDgGXlwOmPjcn4GzTYN3Inse4RQPqs5XiAAuU1sd4+ T/yTFAgM1FVGkCnQuFIIqgdLk4uqvRAVqW7/oBQE0LJpIuIt0IFOt1kSG3qNXRHx LtCiPAyR1KGmDtWosxqT1/EksPh1CtChPlF83ilS3GgZJDuetMx7KapiyMVdTwzO Ki8KpH4Qm9IdJGJ1Lev8YqGwbqCuNEG6v6C8mINLWubL7cPPT+wDIXWr2w+edOg+ c6tCanatAvd+I2RIdCyOXjVJTpvga6dm+6Y9iZpKSJs03rDFnl2j6Yx5EwgvwUBh 53jgF/bj2ZWmj+cFWHPJsYVgZHei1SAVC2kYWiynqWghF+st/QN9PEDN2XSYRsTK /UfhV4ey72v4nU6DnvSTmlfnlx0Y1E8PNnRHo/nCxBRqjpzV5cLugHUNup+e/crO 0nybbsfKYQ/QCv3WaC88BfoQrkHZDwzfqUGBglAwFw65xGe2RUS1t92bOJdvacCe Kct6j7a3FRjY4VuMOeuR0/oc6F8D/m+eGbklaOEqKVb43gj3DB8= =QW/l -END PGP SIGNATURE- pgpADrAqvaZoN.pgp Description: PGP signature
Accepted distro-info-data 0.41+deb10u9 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 21:44:30 -0400 Source: distro-info-data Architecture: source Version: 0.41+deb10u9 Distribution: buster-security Urgency: medium Maintainer: Benjamin Drung Changed-By: Stefano Rivera Changes: distro-info-data (0.41+deb10u9) buster-security; urgency=medium . * Correct typo in previous changelog entry (0.59, not 0.58) * Add new columns from distro-info-data. - This breaks distro-info << 0.21+deb10u1. - Update validation tests to match. - Port validation tests typing syntax to Python 3.7. * Update data to 0.61: - Declare LTS and ELTS intentions for bullseye and bookworm - debian: Fix LTS EOL date for bullseye - debian.csv: Fix EOL date for 2.2 - Add Ubuntu 24.10 "Oracular Oriole" (LP: #2064136) Checksums-Sha1: ea1a3bece30c22237165d5769345184cde400f71 1071 distro-info-data_0.41+deb10u9.dsc 51e0e8ccd4af306d328765c11c982ada777e2110 8884 distro-info-data_0.41+deb10u9.tar.xz 0bcd0c25903db52f515bd6963a36269d3cb95386 6005 distro-info-data_0.41+deb10u9_source.buildinfo Checksums-Sha256: 4adde29794d65ab3b39c10395ef03ebf5c559d2a107e12293c4a4e215f1099fb 1071 distro-info-data_0.41+deb10u9.dsc 8711bfe01f6ae626824454400e67f6159a271fb6290e83c6914116ff3e954ba7 8884 distro-info-data_0.41+deb10u9.tar.xz e24aa5e8c842e16019430d006d6c7049695c2d3f484bf776abc5eab4e49dabfd 6005 distro-info-data_0.41+deb10u9_source.buildinfo Files: 827954e02d4c47e4a789798e0bb1f998 1071 devel optional distro-info-data_0.41+deb10u9.dsc 3402db58f86ca9f5e56171890fb1cf5c 8884 devel optional distro-info-data_0.41+deb10u9.tar.xz a4b94cbec8d5a1426df49bdd5ff71e85 6005 devel optional distro-info-data_0.41+deb10u9_source.buildinfo -BEGIN PGP SIGNATURE- iIoEARYKADIWIQTumtb5BSD6EfafSCRHew2wJjpU2AUCZjGe2xQcc3RlZmFub3JA ZGViaWFuLm9yZwAKCRBHew2wJjpU2JIvAP9oLvvHMPnqCYJNDeMWIe+qI7H/Gsti Ki8HNxCO56TEOQEA/Mx8tEwp+rYcsn79KquDGt/6msyyYEt9PbpPJvLDiQo= =u4h3 -END PGP SIGNATURE- pgpjkA1mtpupY.pgp Description: PGP signature
Accepted nghttp2 1.36.0-2+deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 18:59:06 +0200 Source: nghttp2 Architecture: source Version: 1.36.0-2+deb10u3 Distribution: buster-security Urgency: high Maintainer: Tomasz Buchert Changed-By: Guilhem Moulin Closes: 1068415 Changes: nghttp2 (1.36.0-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-28182: An implementation using the nghttp2 library will continue to receive CONTINUATION frames, and will not callback to the application to allow visibility into this information before it resets the stream, resulting in Denial of Service. (Closes: #1068415) * d/libnghttp2-14.symbols: Add missig symbol from the backported upstream fix. Checksums-Sha1: 0c3967e9c47cef280d096227e09b0160ba925c9e 2576 nghttp2_1.36.0-2+deb10u3.dsc 432531d3e42d45719c3ac3b31934199a00928d3a 22668 nghttp2_1.36.0-2+deb10u3.debian.tar.xz fc6c1a9d4119651c29ab99ee93720475f5e0872f 10996 nghttp2_1.36.0-2+deb10u3_amd64.buildinfo Checksums-Sha256: f6ab7fca79781b13788a96f3aeeaab0610f903bcd022939cde0d6670ce1c486b 2576 nghttp2_1.36.0-2+deb10u3.dsc 49f33901378a63f365dccd5cd8e6dd795835f17b2aff67ef4d72aa2402ad94c7 22668 nghttp2_1.36.0-2+deb10u3.debian.tar.xz 0347d3889afe3a1388d1f9f9701c372e5685fa5074e7673c6b726e1bfc989d39 10996 nghttp2_1.36.0-2+deb10u3_amd64.buildinfo Files: fceb3f766900e7c901d1a8f701e11b30 2576 httpd optional nghttp2_1.36.0-2+deb10u3.dsc 22f4b45b39ca9ebd1f3771a4a838185c 22668 httpd optional nghttp2_1.36.0-2+deb10u3.debian.tar.xz bad6c1092c519da85259f4c4b4493d2c 10996 httpd optional nghttp2_1.36.0-2+deb10u3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYxI9IACgkQ05pJnDwh pVKZ/Q/+M5Lbm2qFjdB2Fkzc7n7Ukm8+HICzMHHyugV3OZIv+P2HZ+IDHOMbgxKY JJrquyWlleM4ptynBmHY4i7viuOvgzButBQDUSpw7k/ylZ1upYHY3klDdL44pext gdevc7iOZjQ3kNQ+Zu8656ivAJk6pkpp5dOjVl0axlxVYiyUGsdHW6muf5CNLcOT U3D7X3+lZNXWh/R73n6V0t0v9ozqJ73bxpbX5QDh75oLKVusgeFJftOzfFHUewnt Aor6oLq2a6Q3skhfThLK8BTVPKhZ9wYyrkmH2FKiphKj7jVw2dWWrcrBN5tmKNFE xSGG/Ks+ADofNSvn96dma3XRLJa6REgo5MNw4YFklX//tRtMUIpdTeZkoXg5gW5M vc18DAM3IR9Rq3m/Q4gXRC6WNqCU71nxlSUDgZNsmFFPELkFhng7At72CSpK3CrE Ot5Lzy4XANY8BRlhQ2lyPQoEcgs10TEWfTlZqnKQU3PaY0+8pwqPwiybX3r514/3 PaCQE33cq4XOLvCEIqdtRiJcfQmzyWDPHyFWkMz/fJl87BRdTGg0u2gU3S66jiI0 g8AofYEhven313OeFB4IWeXj/6YcVzLh57yIB/dWUFjWniX81CRAUk9Lzd2OEsBn 3sPRYZ98CAfKYjZKel8gzcWkFIIu0Ib6ZV11yTdTxMWpnBsaE1E= =2puy -END PGP SIGNATURE- pgp2PVEQrhPAo.pgp Description: PGP signature
Accepted astropy 3.1.2-2+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Apr 2024 16:41:10 +0100 Source: astropy Built-For-Profiles: nocheck Architecture: source Version: 3.1.2-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Astronomy Maintainers Changed-By: Chris Lamb Changes: astropy (3.1.2-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload on the Debian LTS team. * CVE-2023-41334: Prevent a remote code execution vulnerability. Improper input validation in the TranformGraph().to_dot_graph function could have led to arbitary command execution, as values were passed as the first argument to subprocess.Popen. Although an error will be raised, the command or script will still be executed successfully. * Add debian/.gitlab-ci.yml. Checksums-Sha1: 580f4908e57ccc4861c00c163ead7c49d9460a14 2782 astropy_3.1.2-2+deb10u1.dsc 401c7e1c2232f2d97a691ce5b0fdc9c892fff1bd 8203507 astropy_3.1.2.orig.tar.gz 246d132ddec5ac451adf8cb37aa90de87bcea4d9 39888 astropy_3.1.2-2+deb10u1.debian.tar.xz 3cd2a45aba0c046f8816e93d695a033e0d236521 12621 astropy_3.1.2-2+deb10u1_amd64.buildinfo Checksums-Sha256: 3558464c9e2b2ee97bb0d4ae5c5d408413dfc207ca85d2eb61c995456f778c71 2782 astropy_3.1.2-2+deb10u1.dsc 4a78a8ec9666d0a51a37f03494aaa5012e241ba37053e6c913c039cddee89ede 8203507 astropy_3.1.2.orig.tar.gz 31ed646ccd4ff13ea23af14c53db1e77a26bef16f56145ad70f86175cf79fd5d 39888 astropy_3.1.2-2+deb10u1.debian.tar.xz fbc1d49ae195534d8858ec932d01a24b59045740d9a2b9395239bb04a7096332 12621 astropy_3.1.2-2+deb10u1_amd64.buildinfo Files: ee1ab509e985acc6507836a65b921046 2782 python optional astropy_3.1.2-2+deb10u1.dsc 2e197984c6ab44672b807bc25ce4b03f 8203507 python optional astropy_3.1.2.orig.tar.gz b34311ecf25ccc25e2065d45f4239a14 39888 python optional astropy_3.1.2-2+deb10u1.debian.tar.xz eb62ad9c12c6025a1db09f8415915b1f 12621 python optional astropy_3.1.2-2+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYxF+cACgkQHpU+J9Qx HlhrjA//UE09QQInU7y5dk6KdUP/ZtzP/796qClQY81faQB98S1eGeSsXur/D9oh yqeJ6TmZf0i4B1cjStpkdVIG8A5rgFOT3gxp+GFDBpdL4XFAS1IjU0uwEIwQy3AP 76CPRBGQWZ1vj6snJWm4J+4eC1XwgTg6b6pMJdeWVc92DqZP0m3YOycEyN6WI4Aq vLBNh+zWUHL3IDIvxj/+xfSvopve81AbjFBHa+55IAl3kWs68SG1OU1Vb/Y5vNea dNM062cMAgmPER7vSfIN0B+mxaV/acYzDV10MWtMuwAbjf2v2yz9j+C1WLW4x5bT lhj/U7GyQ2+B2GgA74td5Aov99ezVxSqOtCDOjaXf3JKPBxCZDsToGWir5jgBcBo /XXqN/gxCnRYMkZpl5q00chK8Lg3MlIiKOsUf8ke6sY8Xvh9J6CmmxH6AyB4slnB MOFpmywhrV5a7oBNlfBHVwtQRMglZuE4yABld/ocCdlgwI84cCiypfkQ6lxnz5yj 1a/rSfspmrUEcIcGEs9GIjANDfSugb3pGEA4JtKnjglA01sSt2Gl+ODERsLSesuQ WqymItiDNmNLLBA9Zzl+VJURHlOwU+CPNHWTiRUDx+ioDCcoUgV5ZmtBVn7mWy3r bT1b0jQnjZlnxRIB9B6X4hIoB6igoOt/7W8bzAKQToYrxU5WKmg= =l6e6 -END PGP SIGNATURE- pgphtR12vCA6N.pgp Description: PGP signature
Accepted qtbase-opensource-src 5.11.3+dfsg1-1+deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Apr 2024 22:40:02 +0200 Source: qtbase-opensource-src Architecture: source Version: 5.11.3+dfsg1-1+deb10u6 Distribution: buster-security Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Thorsten Alteholz Changes: qtbase-opensource-src (5.11.3+dfsg1-1+deb10u6) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-32763 fix QTextLayout buffer overflow due to crafted SVG file * CVE-2023-24607 fix denial of service via a crafted string when the SQL ODBC driver plugin is used * fix regression caused by patch for CVE-2023-24607 * CVE-2023-32762 prevent incorrect parsing of the strict-transport-security (HSTS) header * CVE-2023-51714 fix incorrect HPack integer overflow check. * CVE-2023-38197 fix infinite loop in recursive entity expansion * CVE-2023-37639 fix crash of application in QXmlStreamReader due to crafted XML string * CVE-2023-33285 fix buffer overflow in QDnsLookup * backport of QByteArray::compare() needed for CVE-2023-32762 * add new symbol to libqt5core5a.symbols Checksums-Sha1: eed94415f36f6042bbc0129da0c06ab128f536a3 5336 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.dsc c76bdc29e663609699abc2d81a4b395a315ddf0e 256028 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.debian.tar.xz 613f8ca38de697f3dedacb4b04a209387547308f 11826 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6_source.buildinfo Checksums-Sha256: 7a9b313bbac1295e87b8f90d12e5e1edc482a68fdf67d4d976b0bab5d3397152 5336 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.dsc 0dc40387f0edec85d2f6a77c813d1d9b1fa82c658bb7b8906d14c0a54368c8cf 256028 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.debian.tar.xz c0e43a6958b491dde07195b9ef97be58e6e39f2d3c721c4d28962ee5f2b91021 11826 qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6_source.buildinfo Files: c5d3ba7aa05da0b3f94651f5d27d8df3 5336 libs optional qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.dsc fe28b132219a312f35c324614aea0376 256028 libs optional qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6.debian.tar.xz 096977f8345813c0ade6feab66e758db 11826 libs optional qtbase-opensource-src_5.11.3+dfsg1-1+deb10u6_source.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmYv3MtfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR8y2D/46M0Fz5onSNIcWDY1GA9p/IBV9INIJ MQEpYAv8WDW+gbJJpoN8h2xIQmT5Yd177q/n0BcVPofjWtjHJR/zVDUZkQarxkgc xl3YzW8tQrhODFkIGUpeOBcFrg4M+6Oph6jZa1nkrMgPKyar/7v5N98gLk8fQAPj bC/KWTJYlHIWOll5Kc81w3j0x5HDL9/2YZk7RZyy+MgWTQ/+9ZVCfbXslwc3xUS6 uG9G3mdc8NUo324KkySjbPPGvu/48h2J/dMaMmluakWavJwN1xJveQAGdBDXvJ7B SokDeFUnUxs1Zjh65xVeNKzTyhyS3hkMFeMjOiRaGVcCrd+8crdcipZ3F3F2W/Pd 22vtNd04Tgy455f5pGfCWo7zVCZyCtGg+P/JYQTCUTKrGoeTubSEebgMYGw8SUvG cLeRZt7Hwhgn/Onb91dAFCx993WTdG5q24uYcBmTsiBGIGUuF8qDxSUBdCzDKf/v BfKlO1G4LObtS9QWxVCjE5tzsHNvh+D7icHZ4I3m2gKC5BRh7LXty20iGTlc0n5j YA1NfmGpfg5miyZA5yMFanFdS9xJ/tq4w82KzmKUZ2Vy2sTvZW1HkE51X3ZJb+lQ 7bgFpQfO5cEYWMB0utrnv3VUI/1//5xj2+qhdTlNVJ8wT+b02/LDXjph+RdUkdz5 BjcCao9PkurBcQ== =RxP/ -END PGP SIGNATURE- pgpBNB6qJHcZV.pgp Description: PGP signature
Accepted org-mode 9.1.14+dfsg-3+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 30 Apr 2024 09:42:24 +0100 Source: org-mode Architecture: source Version: 9.1.14+dfsg-3+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Emacsen team Changed-By: Sean Whitton Closes: 1067663 Changes: org-mode (9.1.14+dfsg-3+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067663). Require Emacs 1:26.1+1-3.2+deb10u5 to ensure we get the whole fix. Checksums-Sha1: e7b455ba1329a5dd934c01815a83fff4a4d717cd 2052 org-mode_9.1.14+dfsg-3+deb10u2.dsc b253ae36384952bac85e79925ba658734da2a43c 15412 org-mode_9.1.14+dfsg-3+deb10u2.debian.tar.xz a13b6f1b6f9c478fbb57c80129f3c9bc7bfe602c 12036 org-mode_9.1.14+dfsg-3+deb10u2_source.buildinfo Checksums-Sha256: 1e346250b3725a6d1d8348dcf8937fe8490171b8e72398833848642bb56224bf 2052 org-mode_9.1.14+dfsg-3+deb10u2.dsc 2ba7714264c25e27ff308b6afb483c6899419695bfe2488a8bcb491d3a404209 15412 org-mode_9.1.14+dfsg-3+deb10u2.debian.tar.xz 47ae1ca36d6d9ebb7146898a78c16fa30d0c79720e49f0362c2192e178800172 12036 org-mode_9.1.14+dfsg-3+deb10u2_source.buildinfo Files: bccbe1358efca2ec3c5a7fad8e7ff9e8 2052 lisp optional org-mode_9.1.14+dfsg-3+deb10u2.dsc b788258cbe69369e83fa01f1683fdc40 15412 lisp optional org-mode_9.1.14+dfsg-3+deb10u2.debian.tar.xz 6e3e7417e2b469918e79178d6bce804e 12036 lisp optional org-mode_9.1.14+dfsg-3+deb10u2_source.buildinfo -BEGIN PGP SIGNATURE- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYwsG4ZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQA/MEACOSgBwpjqvmnnJuuqxbszV Yy8e/vgzImZaKZpir0PmpPWCOkkGhxJGJqobUNs8SppI5YBa1wrAHBQfyh2mN+XT uRc+5E863/Q3wc58oquXK0KeojziR+adYwLhePcpm6Q3mIykc65ijzNZyYtAZjfm PGbtZzAuNbsygdYWzFT3KmqxrDqAY5KR2Lb5N9D+3moUVATzVYn8hST/k6KpOjJt ejkYwuGpdnyYQjpB+MzINmL7PJQOn+kvMfsmH2cPw72vwro5bkY2vmpJ9r3cnJVk N4fbXTnvkBvlWnaT0zsVePMvHvai+3CmEA7sKZvC6GJE2u66FANgmLgSX2h3ceSe 7OU4ygbqRJj9croTBIFw6QPOH/LoqqVfoZtouA0/q4pObTNXYGtBaa6nNZYrmLZm 3TR0kfWerZe/EtRX733iOxAGD4hpjmJH1/dhFlatnctheinIrwgLEWTuBHRza8jP xV9cRozTt6W7804v7XfmEKX1LmX7RdSXJwKOvOM9sFjb7tTfITsv30q7oc12X7n0 bDTFdCpLoKO2Rb/0lUmRgk0YPgglQTSpRm8o8oiJTJwYkLfB2oPbfD92Lcra/l7+ JiY3/vcx83xfJwC4JefkA7zvmFQIUzDNIlmJBdhb1ac1qGkfdZ2PJvXhEzEDOIbG crOrmaT+G3KnjVXgQ7URMQ== =CRWm -END PGP SIGNATURE- pgplsLuRinYL5.pgp Description: PGP signature
Accepted emacs 1:26.1+1-3.2+deb10u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 29 Apr 2024 13:47:00 +0100 Source: emacs Architecture: source Version: 1:26.1+1-3.2+deb10u5 Distribution: buster-security Urgency: high Maintainer: Rob Browning Changed-By: Sean Whitton Closes: 1067630 Changes: emacs (1:26.1+1-3.2+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-30203, CVE-2024-30204 & CVE-2024-30205 (Closes: #1067630). Checksums-Sha1: 5a6a04d71166ee76fb7d6406ad1b999de2c07ccf 3568 emacs_26.1+1-3.2+deb10u5.dsc 035b0b0e7922d7ed0d40466ef8ea18fae0e1e920 120596 emacs_26.1+1-3.2+deb10u5.debian.tar.xz 05bc307f582b4a35ab3f17aa8527d7048ecbf632 18551 emacs_26.1+1-3.2+deb10u5_source.buildinfo Checksums-Sha256: 70c7ae028df94dc99db99673718d4cf9f324299e792246ebb4960623d057ba01 3568 emacs_26.1+1-3.2+deb10u5.dsc acf3098b060b4ac624d8475283375e663b30c4f45b36b63f7f231c7e086c2bde 120596 emacs_26.1+1-3.2+deb10u5.debian.tar.xz 1961e3d7b50d0fe16b4be2847baa13c7a5648e412a348aad899adadd17d044dd 18551 emacs_26.1+1-3.2+deb10u5_source.buildinfo Files: 871904e809ed618b831095ed0dc9973b 3568 editors optional emacs_26.1+1-3.2+deb10u5.dsc 9cb4bac6076699bfa6b7c043983b9224 120596 editors optional emacs_26.1+1-3.2+deb10u5.debian.tar.xz 76d88c7773c402e84ad40d437701394b 18551 editors optional emacs_26.1+1-3.2+deb10u5_source.buildinfo -BEGIN PGP SIGNATURE- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmYvlt8ZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQAqMD/0eKYIgELffAs26sks8Icl2 ngG1ufU2DfSK9GG0tV1WnJUwReTjulW/KRb3lSQwPmMv3GAXPYkBspaLtygyav7x 8h4AYItreUftoTTtNxRXrd24ZXdKzEP58xEtHB/okAxpefGSsgqAGXSY9B1VWUna jxCRv7kCkFeStvyauTStFjqYswufr0Pgba7LtLJrVhf8dQ3su59DKOKlOzLkwtAu QT2CqbbkJCZDJyclbUuF4a4Q2OW0aLHT6ISzWYhVjNv8LO8hI6Dp+m4tC2zt/Ytj HgVExODKXQ5TSbur0mfhrpGZIN3InG2WnEiFup4p8saZiG75ixkd5XoICcLcKohW ImBVRDANzPHGEbtszoNrejLmXvXdT1OC4stEZMaTuHvsCjC5W5M5EdYk/Bdio3oq c2MMdYTTcsD8U86G5zIc9fNmuARsFQ+dfaJMV0CesoOIyS5Orm9zpX/erSxFdiMS 45WyjKTIOH1TYpjipBSbUARsgQbP90cBuD7Z9Veo3uL9OHAPu242yseVFzwK6RKu wh9ayLW9rxYXEPd9xIfsF0yfupIdU7X6ZuaOkW5SfJ2PjHRS0ChQuu0qNFpr18X2 mPPehbR8Ij6CwU6CYPY8s68jauCTLe7TwLf8qtev5cZ4KxZxWFN0LusDTlUlszgP V7FXVzMrVCtex02iiVpoXQ== =Iv+c -END PGP SIGNATURE- pgpLOVHWNufoV.pgp Description: PGP signature
Accepted ruby-rack 2.0.6-3+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Apr 2024 23:04:31 +0300 Source: ruby-rack Architecture: source Version: 2.0.6-3+deb10u4 Distribution: buster-security Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Adrian Bunk Changes: ruby-rack (2.0.6-3+deb10u4) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-25126: ReDoS in Content Type header parsing * CVE-2024-26141: Reject Range headers which are too large * CVE-2024-26146: ReDoS in Accept header parsing Checksums-Sha1: 5e28bc3fc251e27c3b31faf4888166dbaedc3fed 2250 ruby-rack_2.0.6-3+deb10u4.dsc bef6a13d81a8000634ea30dae30cb906d7a71f91 253423 ruby-rack_2.0.6.orig.tar.gz a75e17e94b0e344a8663d74c4867f74af2482f23 14892 ruby-rack_2.0.6-3+deb10u4.debian.tar.xz Checksums-Sha256: 84c4e4685dda3aee039db6a422aa793c81a473ed5ac0d8703dfa8f4aaa4ea7d6 2250 ruby-rack_2.0.6-3+deb10u4.dsc 62c3a92e98a61fcb5423ff7f46726a17e48930c4ccc817d93e9038922c5a 253423 ruby-rack_2.0.6.orig.tar.gz 07f82a9595583218f78e12d9947245529eecf27a29c9c84e247b4bdf177a4401 14892 ruby-rack_2.0.6-3+deb10u4.debian.tar.xz Files: 54b8831685e78544a4adcbbefbc7307f 2250 ruby optional ruby-rack_2.0.6-3+deb10u4.dsc a089f87b15056562ce44645965ddbc97 253423 ruby optional ruby-rack_2.0.6.orig.tar.gz ddac9f5d3c52fba170fba414434481d8 14892 ruby optional ruby-rack_2.0.6-3+deb10u4.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYusaoACgkQiNJCh6LY mLGCwQ//Zs59xVnPv/FARbYrsfrcy6aKGZYc2/5t6j4/nCBHNsllMFll89eAsJFL ImNo/xzJYReawFkxhFwD6ynoMnL7+SxeErELwlNgVTVn2dlUNNLa9RGhhm16ZDva YV5QfIFfscyXbwRz94yc5+LjxP1hSpa8fuOhtaUh6nx+Kl3EHrL2FcwewnfxSbpA BnoAK5wo6Jq8AT0MTcMuOIDF4OfZSE2/14I20gKcJuDW9WoOrsT49Ir+yTlPRZIG omFFEnaF6upapt2bhEkWoSFkPOnHT+Ss/xMsqfkAQX73WKxijOeSico/zO8x4Lp9 k5SoL5dlhPWM5PMHLU9ZGUzrOE5nYXyUdGOZlKSn+vuHvxdArf4l2zfY85H91r0v YQUKo3MKyteLHZg35O08gGRfjVm5D0b58DvgHiOQtFEDJsz04bIrLnShf8R/bPrp Q7nHJKGjwoHHlsmHVTtcHG+QUmZoKymLYb+z4X1/sAv7PS8t3tiEHu8lzO7Esvs9 Kr/0h5lchgS03nbbhamG3QhHCf4iQgFEiBxOTKSIlJxgEmOsEk2fg7XZJ+8NIy2L 391Ln/oX86WRlvrOKAMK3Ti+3WzIVwMRcGV+4jkiv1u1R0gfudVbjhni7FZhVvij 9H7wIpi21ED2OYZNkR2VdcPnMCqYjmfPFSlKiwACAW6ZXqdU4JQ= =hByw -END PGP SIGNATURE- pgpDn8voCrECL.pgp Description: PGP signature
Accepted trafficserver 8.1.7-0+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Apr 2024 21:24:00 +0300 Source: trafficserver Architecture: source Version: 8.1.7-0+deb10u4 Distribution: buster-security Urgency: medium Maintainer: Jean Baptiste Favre Changed-By: Adrian Bunk Changes: trafficserver (8.1.7-0+deb10u4) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-31309: HTTP/2 CONTINUATION DoS attack Checksums-Sha1: 8855adcd27a9019cb48db077d6c1f7fcd8a6659e 2729 trafficserver_8.1.7-0+deb10u4.dsc 1ec1f18838d33352cdf494e96284244984d085d7 7919920 trafficserver_8.1.7.orig.tar.xz 6c5f391d29f1df4632355891cabb9003ce7b2a1a 54536 trafficserver_8.1.7-0+deb10u4.debian.tar.xz Checksums-Sha256: 22d031644ff14bd1d0332f12db275134ec583084badafec054489510c38a4a50 2729 trafficserver_8.1.7-0+deb10u4.dsc c472f50f27193de9d516ea545242b80609d05abf19b04f6e43009f4555059b5a 7919920 trafficserver_8.1.7.orig.tar.xz d1b07450ea95a02d5c85c7df985daaaf50d6fe5b7892db2c418443ca13492108 54536 trafficserver_8.1.7-0+deb10u4.debian.tar.xz Files: 993987867b5b7beb380056e27a3eb1a3 2729 web optional trafficserver_8.1.7-0+deb10u4.dsc 3c495598c8068a3df19a19382b3b4089 7919920 web optional trafficserver_8.1.7.orig.tar.xz 824d678182a8ca7368ddc6bb31e4593e 54536 web optional trafficserver_8.1.7-0+deb10u4.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYumcUACgkQiNJCh6LY mLFq2g//SKXnMmNqerqnfU3bbZ/rP+9RdHkCjsEuOP/N9/Lp37ww4BPyEujqS8mg MMceEJO2UuPvHNEz9SCsfZCk3oHpJ9PRrZUGHeBn2LJ3doke+AMiruObuCS8Vxfc rmlZthyXMfqMyt1dyxAjzoWgzlh3TN1tR137LGBfXv+YwcvteiRTN15tMDKdmUp3 9VdGrf4LMzrUM/BErB23Hy86/B+CnLse5ER2WVfWgKdDBQySTBFNk3X3EyTCb2Zs qSztPpTwuFpl+2c3zqk1sfIneFFydisczPdbew6oqH2hYflUyuWHDbROedyygS1Q oCS3/A75uH3AM7tUc3AYUm4bZA5Nm8e3wKPXbqJnjSTy3JOl2nwOArTa6m+c71// KcjvlIqNt8I4jWCFd4bbP7GdI09nX7tjtRQMOO5no4vHNqiQvGXhcB/OARrLlQsn x2wr2B8Y2w39uY7Ts4l/1NuG8imU0ff8aaR+2q5COs73Y3Mul4BS2ffGxISCblw/ WvEZqIn0KbJjho4JKwCvayeD7XmwNHe7MDMc1CBOT1geIQ808bqCFw6Zs4vdH62t yhS4xddhg6fJOzP+Dato+DaN/By6fJgqfvfW4VOlmDm6EslBSx89TgLqrkqqzyNe 4i6nSyoPB32rFwmeSCJT+U/wMj7sVp1+Vx/ji2pyGNr5wEtrQ30= =U37W -END PGP SIGNATURE- pgpgWyfTXMGWP.pgp Description: PGP signature
Accepted zabbix 1:4.0.4+dfsg-1+deb10u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Apr 2024 17:23:38 +0300 Source: zabbix Architecture: source Version: 1:4.0.4+dfsg-1+deb10u5 Distribution: buster-security Urgency: medium Maintainer: Dmitry Smirnov Changed-By: Adrian Bunk Changes: zabbix (1:4.0.4+dfsg-1+deb10u5) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-22119: Improper validation of form input field Checksums-Sha1: d4dc85973f969a30c581ea6d77d1e933e40bfe4a 2876 zabbix_4.0.4+dfsg-1+deb10u5.dsc 3c6d9fd22d054a78a45425fd2e83b606a60c5f55 7880948 zabbix_4.0.4+dfsg.orig.tar.xz 98b7a2a56c598d15373913432c651970dc5ea514 220516 zabbix_4.0.4+dfsg-1+deb10u5.debian.tar.xz Checksums-Sha256: 860c29944c24de81714f030edee38510d43c573fc0c0a0c2bf4eba56c33d13cc 2876 zabbix_4.0.4+dfsg-1+deb10u5.dsc be5a320928ee5cfc87fa50a3f3f8beebc6de24d449fe8cdd89c3762a0e84cb03 7880948 zabbix_4.0.4+dfsg.orig.tar.xz a380ddb4fd54b9ffa38ccd927eb4399959b3abfb3234b19a9adeb7fbc37d9cfc 220516 zabbix_4.0.4+dfsg-1+deb10u5.debian.tar.xz Files: 60364caf0c6aaec7225f5b0515915cd4 2876 net optional zabbix_4.0.4+dfsg-1+deb10u5.dsc 43c4a65f0d27ac1edff4f3b4e9a58f74 7880948 net optional zabbix_4.0.4+dfsg.orig.tar.xz fd373a49012ac8f9005d4371ed65c8b1 220516 net optional zabbix_4.0.4+dfsg-1+deb10u5.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYuXdkACgkQiNJCh6LY mLEMcBAAh3BgX4IAvCa++0RiPwo2oJ+xN7C2o1eQIsrxigew4Ha3Wjr0Ift7nSn7 yrkwFdUsG1zwxpmp9hGjQlJtSNu8aBHFrX6d6pjz5B8wVpKaW4quOxvpV+f7Px2X 1iqU3VtnAIX7lGSlIA21YFPQ7CwSMZd8Io/WIA0XPSmbkg+d4RCdcX84nViawg7J tnfyVct70hyR0R59nEch5D/3kDWeCqP22s8DPZAKYXWavrItZNFWGJHdfrydFZZ7 pP/Yzc8sNQ9tLQBEHprSKpmA3q3lryp12Efi7LdLvl2hS8u4JpXKsx///jSh6CXE EkU9kvbL5uHmsXa0mGHlueK0jF1yMehMKHNrmPRKpk6PxN7SGP6fSeQyEKszCQ80 BQfK4PyT7DN6m+uLW9tfAlhJCN4aRemVRR8L6zAoCgUvqfpr+C4S72+DyEVOjVOa irHjzQP4DmUek3z+EGkbugNIC7ks3ExSFMweVpwfxiYLRZjCyHLel+zkrBlLJgFz +Keq1JI3AK0SMs2/RxGsoyqmswLWcweX0jFECapF5ps/n22FXHjiJb1igR/GPFXC Wk9PvBSxDfUuusOJcgWc29HR1PYgyj3qs3RnEeCTgg/1TiQCpAGoTXZui8VlEUwm Ly7iXKgs5sq/Rez+vJML6Kcdsquesxp9qbOwreNCuqhPQmAokXw= =/MIb -END PGP SIGNATURE- pgp531KlU1Bk3.pgp Description: PGP signature
Accepted frr 7.5.1-1.1+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 27 Apr 2024 19:24:07 +0200 Source: frr Architecture: source Version: 7.5.1-1.1+deb10u2 Distribution: buster-security Urgency: medium Maintainer: David Lamparter Changed-By: Tobias Frost Closes: 1008010 1016978 1055852 Changes: frr (7.5.1-1.1+deb10u2) buster-security; urgency=medium . * Non-maintainer upload by the LTS team. * d/clean: Remove generated files on rebuild. * Backport fixed for several vuffer overflow vulnerabilties: CVE-2022-26125, CVE-2022-26126, CVE-2022-26127 (Closes: #1008010) CVE-2022-26128, CVE-2022-26129 * Enabling patching of the fuzz test vectors with quilt - Add patch to build system disabling handling the fuzz testvectors. - Introduce the fuzz testvectors as patch, as upstream shipped it only compressed and we need to patch it, otherwise the fix for CVE-2022-26125 would break the tests. * CVE-2022-37035 - Racy use after free (Closes: #1016978) * CVE-2023-38406 - "flowspec overflow." * CVE-2023-38407 - Buffer overread (Closes: #1055852) * Backport fixes for several vulnerabilties: - DoS (crash) CVE-2023-46752, CVE-2023-46753, CVE-2023-47234, CVE-2023-47235 (Also filed in #1055852), CVE-2024-31948 and - CVE-2024-31949 - DoS causing an infinite loop Checksums-Sha1: 6235d6f5bf8baf722de3888552fae11d24228167 2644 frr_7.5.1-1.1+deb10u2.dsc 3c3a07fce8e8c4627d3897bf4e753aebfb8a4bd2 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz faa91469acecc5e3272e08c21106fdcc0b8424b6 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo Checksums-Sha256: ec7ca293cb270940f118a97658e9afb2de4e2820b67b8461d6f519ccbee9eb28 2644 frr_7.5.1-1.1+deb10u2.dsc 05267196197e0094e8f8fa1e00c4573c8fa3c59150f4d4af135342746765d79f 114540 frr_7.5.1-1.1+deb10u2.debian.tar.xz 96d801d3d65e5039dd6584838e86bd280a21798783d5147b95025dbf8e44c75d 11689 frr_7.5.1-1.1+deb10u2_amd64.buildinfo Files: 8d7a7957c49edd703cb0abee87227f7d 2644 net optional frr_7.5.1-1.1+deb10u2.dsc 27971459eb5d47684a3f7262adcd72a9 114540 net optional frr_7.5.1-1.1+deb10u2.debian.tar.xz 461accef944d0dc6a9d1e2797ce1e8ae 11689 net optional frr_7.5.1-1.1+deb10u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmYtNh8ACgkQkWT6HRe9 XTZwCg/9HtGBjRu6WSZtaSTFOakm1rUdo8MHKffxTTvzLZChO2bwRP4NXD/8NB/g kZQVHdgXwB9euK6OcyU3M0PRnU5LxyYikPndxFFZPW99L+AqPaMQmxyR8+ufwk/B ILv2plY+HJyPmS8I+Hzt8SkRcfwWvGs3M6mzOjcAL6ye3LLzruM6R1w7Yv/zMm0L ruvezszxa3bwihJP02/W5nHLNj74nkg4GaSuzPmWg/xS7H54aCgwiAAQDK9Nj7KB DMy3Fbn5WL6hmnA1bkx8gT0u1Jkl2s/wkOHjtnp+wUNjtLwpNOa35KaB0/cUivjm 5XYT5FPZjUqkjvIQMmV6W93MLq4oC7puVr7/KQoYajE1p8ADFFkFWYMn0lgCE6pL aO2lvyXQzCLUS3HktSA2Lxcct/VttZlQ2sobY8D+ZtLDTkJ+YMd+8c73msXvym6d EPefuObbTnlbZRQefDRFHTYUAP3sBwFvcQ5hcpzy9VVQEzv7QUPCjmS0Z2V/+2fk BqAOdeIvhud1F/7f3Q4Hq5SFYFRU1YFzN/7K7QUFaZSXW1YE1mR6Rx4eG2bGBBl5 m9brjyJthZeNeXKhqof5wyTrMG4jTsIS/AQIT8vTonTzoFGp4UIXJDZo3denxopE KFzwzb0BNg+SZKLd9PIV7174NB7G26+6P+WuNI3TD5ULEuAM9rc= =IQbK -END PGP SIGNATURE- pgpvetHWdGF3z.pgp Description: PGP signature
Accepted mediawiki 1:1.31.16-1+deb10u8 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 27 Apr 2024 15:06:16 +0200 Source: mediawiki Architecture: source Version: 1:1.31.16-1+deb10u8 Distribution: buster-security Urgency: high Maintainer: Kunal Mehta Changed-By: Guilhem Moulin Changes: mediawiki (1:1.31.16-1+deb10u8) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-51704: group-*-member messages can result in XSS on Special:log/rights. * Fix CVE-2024-PENDING: Denial of service vector via GET request to Special:MovePage on pages with thousands of subpages. Checksums-Sha1: c294c3aa57365831107a9e4d951bc772521f0d4f 2130 mediawiki_1.31.16-1+deb10u8.dsc de399a789c710a3b863eba852ab654a42c615f1d 124044 mediawiki_1.31.16-1+deb10u8.debian.tar.xz ae90601c0376e3b69e9584a5500893e2b0fdee19 6829 mediawiki_1.31.16-1+deb10u8_amd64.buildinfo Checksums-Sha256: 2e04414d8f3c6904efa24f6000a461d0c1eeccddcce2271945344668b1095051 2130 mediawiki_1.31.16-1+deb10u8.dsc e803f6aa5fcbfbcaf5c000547495b79b465a96f8e1daacfbd9de4f6847f99976 124044 mediawiki_1.31.16-1+deb10u8.debian.tar.xz dde716b00ea86acfd819f9afd424a8de87c1293fbe32f4c2be40abb277dfac4f 6829 mediawiki_1.31.16-1+deb10u8_amd64.buildinfo Files: e513d23046097130001b8b1dacb99e37 2130 web optional mediawiki_1.31.16-1+deb10u8.dsc 67cb8ca5c494d0ff61beb7415d2deedb 124044 web optional mediawiki_1.31.16-1+deb10u8.debian.tar.xz 8f42952e81887322c63d1ccd22821420 6829 web optional mediawiki_1.31.16-1+deb10u8_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYs+XQACgkQ05pJnDwh pVIzdw/+MWFRkrysAEBv2AmzblQls3eTf94R7i7d4x26F7SYE6wOH/7y2+ZBFp9/ gQJQBP06acy/2S8vonXvqRsl/WCPXDnubDcga49VFswFh+Gik6sU1p9jrqmsun57 ShnpSTnqRVgX4i5wKAfM2QKTmhJTIR3Ea7EvSQKefNvjJSEXQ9IyTZaDw9UMD0Kz meuXADemlMAhJnWjvDTazyDn/y2SouxY1/CEqMVBjvN1h5SoZM7mwovYVi1sazZk yykhH83mi8R25InQH0PQaPt8wxuA1iqzeD0lNf+M0JnKP1PaAlAiQy4Tjbkpaq/l eQ9WUZmbXgfQA9mt4LNXGTrjI6MV64jwTa24oD9pZoEwnlLZ+ieS0INZ53BCPXNv 3Imj394alLfVXbE2sQWtJxgkcbFnlq/QaSZiTvo5zVSIGjeWvmyxDGpXyJHtKqlI ZI7TR9amr5gb+YaOalLgvDFM8aB+nf5ng+1zA8jlcOWGmPEOq7O3JgDLD68uf/RM UQLSUUFq+K6Xk9+Ir7gWEdvwizAO8TsUZH4LE6GdCfrmBejZYhegIaV+Tijn4+0g rlVePesa9lPRCgo0pSV4QIhYjGUdgZAYraXbrRyIfuguG0VRTfnxEZCXepSQ8Txu T5ojWmYJPQpo1hdAKNpdEDNptn+AO2SahjgoWdsURqrZ0j26+ZQ= =7Gk5 -END PGP SIGNATURE- pgp7IsPhinEbD.pgp Description: PGP signature
Accepted knot-resolver 3.2.1-3+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 26 Apr 2024 06:23:30 CEST Source: knot-resolver Architecture: source Version: 3.2.1-3+deb10u2 Distribution: buster-security Urgency: high Maintainer: knot-resolver packagers Changed-By: Markus Koschany Checksums-Sha1: f6fc96ce23ac41490fe500d993c2eed7af381f14 2931 knot-resolver_3.2.1-3+deb10u2.dsc 8a0d218735e61f4b15e03a0460010aa5c01f2f67 414832 knot-resolver_3.2.1-3+deb10u2.debian.tar.xz 3c243e460f037a52973d78f8dfd428769c37b90a 10313 knot-resolver_3.2.1-3+deb10u2_amd64.buildinfo Checksums-Sha256: 7d1cef1a6b891147f7aa393d9191ea00995f4ea9322f3bafdf49e40310bfb251 2931 knot-resolver_3.2.1-3+deb10u2.dsc e1874422b868ab3ef6841fa33406b2aaf17fb11750dd7a968307a86229a4e3f1 414832 knot-resolver_3.2.1-3+deb10u2.debian.tar.xz 924ec54ee4c62937ee69401b99679d16408add997b23c130c9850c20442f9219 10313 knot-resolver_3.2.1-3+deb10u2_amd64.buildinfo Changes: knot-resolver (3.2.1-3+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2019-10190, CVE-2019-10191, CVE-2019-19331, CVE-2020-12667: Several security vulnerabilities have been discovered in knot-resolver, a caching, DNSSEC-validating DNS resolver which may allow remote attackers to bypass DNSSEC validation or cause a denial-of-service. Files: c912fcb0b9a322377a842458ea7eb738 2931 net optional knot-resolver_3.2.1-3+deb10u2.dsc e58e938302ba2e522b9ff833997d42e4 414832 net optional knot-resolver_3.2.1-3+deb10u2.debian.tar.xz f5a63926a00c4786e1a975da65945fd5 10313 net optional knot-resolver_3.2.1-3+deb10u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYrLH1fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkrycQALpN1AKgRALcvEjoilpFhU9kSFuDO8NJatOu TVpf0vqlqUNORfx4f0as97s3Uur6Fz5x4Wuw+jI8umJtRsaa9wSIEa7gKStVnrXd vXIDPSK/quXHPv0hdTFaY5ZifFofPyAcd6lIIGhbO4APPO1GBN4ST7UyP0GeP+IK 6KLjXVlh5miq1ZCvvd1S2w6M1LwcKLY9cG/FiPPYzswbXxOdEnzDcHZOpSwuhA/t taG+/B3+DijL0Ki+8NT75fGdYXrFpVNNoJv6ozCIC7a1TPzYL45OTPXpAJsPsWCO 01JLZ+hFPE80pn1kggoE107R5Z9PrBTONYkM5evINlX5Qk/LB8E27O9Y3iJN2ErN G8GkCBOpKZXIlJl+KrxyGFqhpbYVxGoqTqS3dFCxlf0gux2JuTQTvDp2sb7p8HzZ ombvexlQUmJ5PBYkO91GyCkQzQ7+O87zEefPmulcuuaAs+GdewDvZzKGSwNWJgN7 wqS4HMonwKo0EeAe4l4cfCPpxwnAJR+Eq0nDJSsLfhRP1xAPUfl8ffNsfiQLBxhg Tlg2FzU/eSlqEXYCKuux0pYRyxImYnG+KSmwWXDfUArhL0uQDTi0VPBGRe5kMpJc ogyyik82fUopsRsRlsq5bBxA/vIdrn9+AOqgBKQB6x3oldO8GvEuzvdE0mqGZqd9 fN9kSgw+ =FXdX -END PGP SIGNATURE- pgpZH0Q7U9410.pgp Description: PGP signature
Accepted putty 0.74-1+deb11u1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 24 Mar 2024 19:14:08 + Source: putty Architecture: source Version: 0.74-1+deb11u1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Colin Watson Changed-By: Bastien Roucariès Changes: putty (0.74-1+deb11u1~deb10u1) buster-security; urgency=medium . * LTS team upload * Rebuild for buster-security. Checksums-Sha1: 5d9bb7ed0ab6a6384fb02fc14130d2fcd8e6ec32 2395 putty_0.74-1+deb11u1~deb10u1.dsc 8a38ea5afc3a326457751cc18c7f0d2c71886473 26824 putty_0.74-1+deb11u1~deb10u1.debian.tar.xz 0ad5f418193716032eecfa2b9a198455b0200d5a 17113 putty_0.74-1+deb11u1~deb10u1_amd64.buildinfo Checksums-Sha256: ec662c52513eb97edd13fa6d15bc5fd7f8a56cc247585b9a6ef4e4b55b689cf5 2395 putty_0.74-1+deb11u1~deb10u1.dsc 5d4b611a4ac8043f10799ed7484d275695e6e34bca83ef6fade57c3a08fbdc31 26824 putty_0.74-1+deb11u1~deb10u1.debian.tar.xz 9a6a24c8e5abb9bee7d46952ca134469dcc2cbe747066cf8f9bfe60cab90c099 17113 putty_0.74-1+deb11u1~deb10u1_amd64.buildinfo Files: 0573d8a3a9c3b92a248cae503193bad7 2395 net optional putty_0.74-1+deb11u1~deb10u1.dsc d921615defeb648617c1d6c00a2cad78 26824 net optional putty_0.74-1+deb11u1~deb10u1.debian.tar.xz fd7162c63b5d6fc96d4acb0ddcb59bac 17113 net optional putty_0.74-1+deb11u1~deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYqsaQRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF8QIxAAgy7+bjkPGPHvmglx3gCNTd1l3gvFsAV6 R7WVPizCOOAJO0R4UWxyA1+5yPjM59+Ul+uG0RXOclylCEKgQ4M2NpweRNJXeaIM Q/JsWcU+oQUUTpXB+YBN5aAIZx9LY/ff+tfInJon4K05KkLZzt7rC+w/j8Ck+f5Z k1W/oG7Qa0sNQxVIKhvNN//EECmk/2bBhdt/tXxfJXrRJAhQQ7Kw2nuB3sACtt77 CzTwf7+5EhevSUE2c8cxaEIOnHb6m6Pyx+/o7U5A8jwyYTCdFgO1xRhbdIblJcXd 6cyGLy1xTgE5jCitXlkIcQvoX3SjI8GV/OTznEX/YRgR8a7her8qn6L1MT1K4xO1 zSLEweg46MyfOrhM6m30kcvgfB+fu34Np7fYiVvYCg8Ws0+cETHbB7NTYoB0wFSJ N2bMkXgM5DTrRFxPBSOBLlm03RraHAW+Y2VwHq5yQyZ8/bqdSclSEdo0p04e1Rx0 Tom2jXUHxgpCT6RIOBf61We4VR+7BkEFQqajSHrTucAr+lSq4pNWCp92YACK30W4 Vsuc7wPZLxICiTTdoGD7bSmk9vGVOwQoOkuwFnkxF+mJh5loZuhb4EvJnqCGezq6 aHjLkxGnc2cXi3Y6gFAIAOYRWXEY71kB96Te0dH8Q01SlVddZo6IjXEUxn2w1UIv PP3YpAawhao= =VkFd -END PGP SIGNATURE- pgpqYHP48ZFpu.pgp Description: PGP signature
Accepted samba 2:4.9.5+dfsg-5+deb10u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 22 Apr 2024 07:23:29 -0300 Source: samba Architecture: source Version: 2:4.9.5+dfsg-5+deb10u5 Distribution: buster-security Urgency: medium Maintainer: Debian Samba Maintainers Changed-By: Santiago Ruano Rincón Changes: samba (2:4.9.5+dfsg-5+deb10u5) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. . [ Santiago Ruano Rincón ] * CVE-2022-2127: Out-of-bounds read in winbind AUTH_CRAP * CVE-2022-3437: Heimdal des/des3 heap-based buffer overflow * CVE-2022-32742: Server memory information leak via SMB1 * CVE-2023-4091: Client can truncate files even with read-only permissions * Add debian/salsa-ci.yml using lts-team/pipeline for buster * Add debian/tests/smbclient-included-share-access . [ Lee Garrett ] * CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify * CVE-2020-14323: Null pointer dereference flaw Winbind service * CVE-2020-14383: An authenticated user could make the RPC server to crash Checksums-Sha1: 166bea7c00fc6f0e9d4654fa06b644963921e630 3521 samba_4.9.5+dfsg-5+deb10u5.dsc 35d2f879cf800976aebe1d032189c6da3916097b 300996 samba_4.9.5+dfsg-5+deb10u5.debian.tar.xz b25481541c0f48517f13185fee3195d3154b1285 21658 samba_4.9.5+dfsg-5+deb10u5_amd64.buildinfo Checksums-Sha256: 76786797fbda963fddb8d55b647871037beb0e8604de153ab1d40d9723d1c02d 3521 samba_4.9.5+dfsg-5+deb10u5.dsc d831dcd4708bf9e676ea1303ef402de16d22fb6a638ddcb851d84fe05a058d3c 300996 samba_4.9.5+dfsg-5+deb10u5.debian.tar.xz bc4cde6388870bbbec393d1ccd4e857272275371fcd8710fd06f95cc64e817e8 21658 samba_4.9.5+dfsg-5+deb10u5_amd64.buildinfo Files: 9c486c4193024d0078ea792c8822e72e 3521 net optional samba_4.9.5+dfsg-5+deb10u5.dsc 4415c236f8fe831284739022cdd6570f 300996 net optional samba_4.9.5+dfsg-5+deb10u5.debian.tar.xz 86b99cac5b713f3c67e9e8b2873238cc 21658 net optional samba_4.9.5+dfsg-5+deb10u5_amd64.buildinfo -BEGIN PGP SIGNATURE- iIwEARYIADQWIQRZVjztY8b+Ty43oH1itBCJKh26HQUCZiZuIBYcc2FudGlhZ29A ZnJlZXhpYW4uY29tAAoJEGK0EIkqHbodTI4BAIDwZ5mGIadvVK9fTMve9fmEgdQX r+RpgkC48+0AQeJhAPoC4xeGsv0+6dIXggy74G9X5pMiVt5KbaYOBwO01RKHAw== =WLLv -END PGP SIGNATURE- pgpOeFXtjwvnL.pgp Description: PGP signature
Accepted openjdk-11 11.0.23+9-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 18 Apr 2024 14:41:46 +0200 Source: openjdk-11 Architecture: source Version: 11.0.23+9-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: OpenJDK Team Changed-By: Emilio Pozuelo Monfort Changes: openjdk-11 (11.0.23+9-1~deb10u1) buster-security; urgency=medium . * Backport to buster. * Re-enable test suite, there's no t64 transition here. Checksums-Sha1: 2af21e0be0603a33d83d4e64deae073c2422a74b 4602 openjdk-11_11.0.23+9-1~deb10u1.dsc c1ff76af3f527ac1f4337371f6fcaaf3cf4ab016 69186200 openjdk-11_11.0.23+9.orig.tar.xz d5281edf64eded141274e08150bc24be35c35c10 171880 openjdk-11_11.0.23+9-1~deb10u1.debian.tar.xz 958faa4313aacee268210dfd93a7935787207cc2 9534 openjdk-11_11.0.23+9-1~deb10u1_source.buildinfo Checksums-Sha256: a1792829ad9596d0d20103aa3c1f17827c44c91c9ff46a1ef74c74d184b794cc 4602 openjdk-11_11.0.23+9-1~deb10u1.dsc a4c598074031b5bf48d97982fca16cf92cb0584a8b0f8aebca6e492c9eddc673 69186200 openjdk-11_11.0.23+9.orig.tar.xz fe1782c94e88cbc2cfd5357df16b95d951403a13019b786867d18a78f3f0fc7b 171880 openjdk-11_11.0.23+9-1~deb10u1.debian.tar.xz 8d1cf2df548bff0c80e6ac2aa29ecaa3055f436099ebabd53eed31b80161c9f9 9534 openjdk-11_11.0.23+9-1~deb10u1_source.buildinfo Files: 7350704926c7daab05aacbe890d5ccba 4602 java optional openjdk-11_11.0.23+9-1~deb10u1.dsc ef279537a892050ab6ab93da64763984 69186200 java optional openjdk-11_11.0.23+9.orig.tar.xz cb22eb527f457edc67c53c37aab0fc8e 171880 java optional openjdk-11_11.0.23+9-1~deb10u1.debian.tar.xz 0ac9c07a083502f6a22fc5b8ae1249b7 9534 java optional openjdk-11_11.0.23+9-1~deb10u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmYmMLIACgkQnUbEiOQ2 gwKLAw//aeEIUlrozQv2q0GytPpn7N4V+h7MLww22cvGQeUATWtOTKzHJu3ylDYz XqN7HriXW6XQl4cWavzOQ6KXI2oD3VI+FrgHxvMWOerHe/wRyTIycGuj85Eq4c39 AthOHgv4eDAZeKsvTLpYrT3/auSnNc1g3LWCCQc8ojOowavBtO/MXnKInshqS1mh qWAniP52bQFro7N/xSuWuEdkcH/C/JS2zdaKD+EygmUDZrAkn5Ntq6pzkwZNgM2W bZ50u6NzlzN86DjDbb628FcUjhy1uay7S6CE8QbC5mO3K7Ug85u9CkNeRYsdsL3/ a8xBUQhgblRDHNmq9N9JcLmMyOGxOBfROHfbHVc/5wcvH6i9S8I9YQrx4IUgw1zl ASLtMWSEpkSleK0pKk6VIuoQQ19SAszNfNGwtHM655jOHe7HA+luwSqkaYOyxCsv qrBKyG6mkHXHYLAhmKYP7wRol8wlsNYuyWCcsngPMPt74+E7AMalxCHRh98FF50r dgAxfhOVg11+wQIZ2AM4XHf1ZgZuJ4Ef44jE4zpQKuPOSt9BAYOf96MPeII50zNb 18qhlZMn5WFT5xd6p3rfFJxPddAVrCLd/0RE75G4AwRQVbbb5N2BMQZyFegL9/AW E71eZJKfoscZW19ycd60YKIuzPbZlKAa5kTZTtdCfjNm8nNNixY= =vfko -END PGP SIGNATURE- pgpAGiFpoWykS.pgp Description: PGP signature
Accepted thunderbird 1:115.10.1-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 21 Apr 2024 20:14:03 +0200 Source: thunderbird Architecture: source Version: 1:115.10.1-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Carsten Schoenert Changed-By: Carsten Schoenert Changes: thunderbird (1:115.10.1-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security Checksums-Sha1: de9f3e4c048a93a649853f33477622c5ab491097 8401 thunderbird_115.10.1-1~deb10u1.dsc 0cbc8c9152252b2ee882cae737e18f940d0943fd 549964 thunderbird_115.10.1-1~deb10u1.debian.tar.xz Checksums-Sha256: 45678834676e48d9b26310e691981efb241a5e923fa7a204974f385814b959ea 8401 thunderbird_115.10.1-1~deb10u1.dsc b488c157b706e409d445e395b082a7780078276ac025be6dfdcbfa64b526467a 549964 thunderbird_115.10.1-1~deb10u1.debian.tar.xz Files: e63b12ece9012937c74eefeb2541f50e 8401 mail optional thunderbird_115.10.1-1~deb10u1.dsc 12d17ce4e6f6c1ebc5e6d9c39836486e 549964 mail optional thunderbird_115.10.1-1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmYlX30ACgkQgwFgFCUd HbCJng//XzYEiuBZmnO7l5dgEVChPoPCCJ+vKx3uQkIaDw43bfCVlMIOVwftGE3T ro3SZpmHDTNF16cUvHnTgU8VmNzMkwH8lVMOVxDPmoVRtw7AtPGG700pffUk7Fza ONOWEm+coLu6qW9gR3IjQStkEn6O+P+s4uSvMpW3M+MT4Gs9Z4UYEotMeNUOBT98 yMNIsuqEL44pudMemIIy3a4nQVVDlQJ/EcO30gtbhF3JDs+zTvwWy495xH4NOlNS yu5at6GmPVUrBBxoYBPRKFxoDFGdoy2KYF4aL3vhKDzHA1so6GMnT6c1HHytoga1 yCEBQpyq1A7UYDTENsnw45Pc/sX8f8+/fK3QDKc0cZ99by3g/E9HDqsEmmcgnioF QeJ5svYQhfoDPxcTVxQvilCKqwGfIjRvgUW4hOYBZs4nVBTw7CaR2w6bfS1CwrHo avXb+Iihmix5JtVZkurY1nG4WjJjHt8f635l/qf1YESl9ik3TAqnXZZOIVESugNM V2/m2wSmnqo6XYCuftoq4cgUKruPledGuYdM+bioXzZO/tgj0yxl6kDF3rMevXHf OWUK1jKvsmUoiaRw1PygjCwPBIVByUf27y56vfE8eVEeJQtGtnYNGgWWTsZbzf7z ibPHRueZ1FQqU+fawz46pkyHCNHYI42xJrK0mG9OqoAesdWrEs4= =kkIf -END PGP SIGNATURE- pgpr1s0ezRW0l.pgp Description: PGP signature
Accepted firefox-esr 115.10.0esr-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 17 Apr 2024 10:42:08 +0200 Source: firefox-esr Architecture: source Version: 115.10.0esr-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Emilio Pozuelo Monfort Changes: firefox-esr (115.10.0esr-1~deb10u1) buster-security; urgency=medium . * Backport to buster. Checksums-Sha1: 9d56e6ddd8ad83e433fe63fc2bb2a56b129f624a 47476 firefox-esr_115.10.0esr-1~deb10u1.dsc ea39095f58724c2c66e14a992a4e367b210729f6 183859 firefox-esr_115.10.0esr.orig-l10n-ach.tar.bz2 955ae0dbb1c80dbeaa4a31347c88a2f6ec76 122878 firefox-esr_115.10.0esr.orig-l10n-af.tar.bz2 83cfbc167a85a21569fb646eba3c7d401da2b01e 221134 firefox-esr_115.10.0esr.orig-l10n-an.tar.bz2 17fb77d6272cbc1e9f4dc5a4188eac4167f0edb1 251014 firefox-esr_115.10.0esr.orig-l10n-ar.tar.bz2 1baef1443d8dcccd1177a6dfe884a830d4ea11d6 185485 firefox-esr_115.10.0esr.orig-l10n-ast.tar.bz2 bd519ef82ac8654e15391d98299a7cd7d7558815 195387 firefox-esr_115.10.0esr.orig-l10n-az.tar.bz2 0cd84157686f86353b41192e7adf4cd81dadde4a 325843 firefox-esr_115.10.0esr.orig-l10n-be.tar.bz2 47ea97dafed9664f9ebf5176ef9ee19892dcb999 1487170 firefox-esr_115.10.0esr.orig-l10n-bg.tar.bz2 42ee7f77948c20a5571abf0242df937b4a11796f 233372 firefox-esr_115.10.0esr.orig-l10n-bn.tar.bz2 1d70755f8ca7a8792784733cb3a5ed2f19520dbb 1669563 firefox-esr_115.10.0esr.orig-l10n-br.tar.bz2 7ca91662b78e892303b952fe3175ec0371b0de26 191375 firefox-esr_115.10.0esr.orig-l10n-bs.tar.bz2 da2c51d7e4605c2201b336e4871782af43490a2a 241396 firefox-esr_115.10.0esr.orig-l10n-ca-valencia.tar.bz2 466442c774d34ba89682d6efccd1ddd391176587 713391 firefox-esr_115.10.0esr.orig-l10n-ca.tar.bz2 af79d54c9f282221b4eaf8fe50032455d16ce577 286038 firefox-esr_115.10.0esr.orig-l10n-cak.tar.bz2 3a2444ee0a685458a4431cd10620067b587039ae 332464 firefox-esr_115.10.0esr.orig-l10n-cs.tar.bz2 69259a37064af0d238d8ca12c2b155f27cb99f11 321977 firefox-esr_115.10.0esr.orig-l10n-cy.tar.bz2 f05bfe1bf9be8b62091689a8e8bfeeffb384d01b 1088333 firefox-esr_115.10.0esr.orig-l10n-da.tar.bz2 b0d2b8d509f32dfece7565f36be97e5a6c318bf6 322496 firefox-esr_115.10.0esr.orig-l10n-de.tar.bz2 4422c227896ddeeed85eef131ba6e5f4627994bc 324812 firefox-esr_115.10.0esr.orig-l10n-dsb.tar.bz2 74664174cef18370bbe4ddc938961b874e8d1f4a 2134233 firefox-esr_115.10.0esr.orig-l10n-el.tar.bz2 4d6726d409dbd6e43629064549b73d367cfd2e9f 511051 firefox-esr_115.10.0esr.orig-l10n-en-CA.tar.bz2 41831465cd0ef74db751eef2867e9df3a01da594 298713 firefox-esr_115.10.0esr.orig-l10n-en-GB.tar.bz2 a9288225b72445c076be79c9e5e929737dbf8454 306853 firefox-esr_115.10.0esr.orig-l10n-eo.tar.bz2 931d2f3e816dd470101c28dea4e7eec76ad46355 585383 firefox-esr_115.10.0esr.orig-l10n-es-AR.tar.bz2 3901d1e1e5a3358a83972b367738e43711948c36 582136 firefox-esr_115.10.0esr.orig-l10n-es-CL.tar.bz2 7cde7b2c698925cfce3fe396cc08cc47af480b8a 579827 firefox-esr_115.10.0esr.orig-l10n-es-ES.tar.bz2 60043169bff93afec64be891f44d43150ab107d4 568982 firefox-esr_115.10.0esr.orig-l10n-es-MX.tar.bz2 64ce7514b86a753d2ffb51dcb4d8d960cf64db2f 1137767 firefox-esr_115.10.0esr.orig-l10n-et.tar.bz2 2517d444558d0d9177b73eeabc83b853aa5df9f9 303384 firefox-esr_115.10.0esr.orig-l10n-eu.tar.bz2 438f7f226779f93fc7016ecb80b387191bec4fa9 238577 firefox-esr_115.10.0esr.orig-l10n-fa.tar.bz2 3f35c8520eba3b237f85c4c5b5988d7adaab9d95 201291 firefox-esr_115.10.0esr.orig-l10n-ff.tar.bz2 be53bc4d3f0961c1f066bd6031998103ef3a5dc4 312385 firefox-esr_115.10.0esr.orig-l10n-fi.tar.bz2 b30660dfbfc832b7bdcd5ee7865398fdfc39cc08 723158 firefox-esr_115.10.0esr.orig-l10n-fr.tar.bz2 abeb9a141716c1a7e19408371915f0dcbe164a7c 322383 firefox-esr_115.10.0esr.orig-l10n-fur.tar.bz2 391ca570d735abe9078826a9967730f67e9c72d0 2380463 firefox-esr_115.10.0esr.orig-l10n-fy-NL.tar.bz2 8748f68928e852caa7de7dd31c3bac937547061c 183136 firefox-esr_115.10.0esr.orig-l10n-ga-IE.tar.bz2 69160277670809a5982c44fde8ee8b17c1b48f6d 302200 firefox-esr_115.10.0esr.orig-l10n-gd.tar.bz2 96ae52f76af63e02f49a58c0ee2334524f537c4a 309985 firefox-esr_115.10.0esr.orig-l10n-gl.tar.bz2 20a02c0297b16dde1a71bcbf43274d7eed8492e6 312631 firefox-esr_115.10.0esr.orig-l10n-gn.tar.bz2 abed6babb06bb9f5e064260aa12e9aaebbc0f063 196384 firefox-esr_115.10.0esr.orig-l10n-gu-IN.tar.bz2 93893b9c04db500ffe174d51036d11694a6a4834 281882 firefox-esr_115.10.0esr.orig-l10n-he.tar.bz2 5953f2eba0858c5715b51067b30469851abbe5c2 222138 firefox-esr_115.10.0esr.orig-l10n-hi-IN.tar.bz2 d52a97ab376f841d110f29717b7a3f07c241d453 265738 firefox-esr_115.10.0esr.orig-l10n-hr.tar.bz2 44ba3b6ac2ea605d8b50b96cf613ee49c7b3167a 324565 firefox-esr_115.10.0esr.orig-l10n-hsb.tar.bz2 84ad2a3ee19be6d72f12c33606393a43cae5d8d3 1043704 firefox-esr_115.10.0esr.orig-l10n-hu.tar.bz2 75c5283c459f292846e1c1c275c3a85655940c35 260317 firefox-esr_115.10.0esr.orig-l10n-hy-AM.tar.bz2 1d7edd3f921cd71d37ad5117eccebcf0ec45217c 314574
Accepted tzdata 2024a-0+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 17 Apr 2024 15:59:03 +0200 Source: tzdata Architecture: source Version: 2024a-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: GNU Libc Maintainers Changed-By: Emilio Pozuelo Monfort Changes: tzdata (2024a-0+deb10u1) buster-security; urgency=medium . * New upstream version 2024a * Drop all patches * Rename Pacific/Enderbury to Pacific/Kanton * Rename Europe/Kiev into Europe/Kyiv * Import translations for "Kyiv" and "Kanton" from sid. * Update the build for compatibility with older zic and with previous tzdata releases. Checksums-Sha1: 0f6f415dd2678b6d5e2ddf24435e9c465abbc2e5 2065 tzdata_2024a-0+deb10u1.dsc 310a281e4551e4e9a11db4f9ceea85a6529af4af 451270 tzdata_2024a.orig.tar.gz 290f782716e4bcc4d70b7fe86a882087635d913f 108036 tzdata_2024a-0+deb10u1.debian.tar.xz a98873b177526a886a17dee428964f8d67b1cfe5 5985 tzdata_2024a-0+deb10u1_source.buildinfo Checksums-Sha256: e7c4648141973d5123deee90c37d3750fb3f177658ac0530cbc6cf98397407e7 2065 tzdata_2024a-0+deb10u1.dsc 0d0434459acbd2059a7a8da1f3304a84a86591f6ed69c6248fffa502b6edffe3 451270 tzdata_2024a.orig.tar.gz 7d9ac44f5a3de97824936a2c50a88af1aeea6fabd98e098bbf91e285d9536520 108036 tzdata_2024a-0+deb10u1.debian.tar.xz 888244cd27178a04ddf655a2f64a4778d2e3bc08fa9e7d37671e4d252d908166 5985 tzdata_2024a-0+deb10u1_source.buildinfo Files: 38d42e93b6edbabd45d4d5f8550aa5e7 2065 localization required tzdata_2024a-0+deb10u1.dsc 2349edd8335245525cc082f2755d5bf4 451270 localization required tzdata_2024a.orig.tar.gz 24a4a46fe324669122dab0599b31960c 108036 localization required tzdata_2024a-0+deb10u1.debian.tar.xz da8978bb41643b6f1fc9721a3784280c 5985 localization required tzdata_2024a-0+deb10u1_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmYf2I4ACgkQnUbEiOQ2 gwKRPw/7BUTLQYU+xqQcBMcWTwkbRt7SGyQG6+buTRmXa5vuKK9nP8ncoilFItDL tgADBolhhqYs8/m34SakyUtoMlTXyG2QcAhFuSwMN5VT79LtJ5nevbbG9RFlhCyU 9KPiUMBM7at3808sMQxO+rk/psoRppuHVwZ2wh6LNcNpCHtJ2moHTQjBlackrlv3 /mA28xUGFC6sazkNU92ZQg2Q0L6MGAs6LozfCL+T1YMScCFs2495EeMs2zeWvKLH 4XNgYv/wS7zC4aKJNPDLNK0EjVUDzqN9q0mZ1Ua6xF0nI/q4MV9eCvE2WqStxHx5 mcRKL+87w//165jEgmCOz1VJwldHKBUs5jSpJJGnRlvXvdEpRrIUD258JM6ez+vp FNkHkeM4MQ8wYGf+ymk8z/RgvtdIcf8NzQ9qUtZFIHT1kP4dkOZkj2pK6HOmXBOh SHMH4gu/chuzyI36hNQAU/9GotcThyPva4BPfiW+KuPGVvYPdFPTNPzdVtmikXbp jOUS/mI+1FjEYF4T9UKZiIJFLDKHZRlKGyz5s/KOP9YPQygOfLBVLMh9hPkwk8cx 3wtoAqHBiArpp9DemGq4hvL3Xc0w9nl/tCTXToWqYwLAF3AhbPR/+jIozm8BhU1R J/e42tXppzsvNPCP3VrLQuqCbJrvzOom9mXHX/+RfrbDpN0aBzM= =aUle -END PGP SIGNATURE- pgpvgLaN1_EQk.pgp Description: PGP signature
Accepted libdatetime-timezone-perl 1:2.23-1+2024a (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 27 Mar 2024 14:01:48 +0100 Source: libdatetime-timezone-perl Architecture: source Version: 1:2.23-1+2024a Distribution: buster-security Urgency: medium Maintainer: Debian Perl Group Changed-By: Emilio Pozuelo Monfort Changes: libdatetime-timezone-perl (1:2.23-1+2024a) buster-security; urgency=medium . * Update to Olson database version 2024a. Checksums-Sha1: 6833411575226ed6c9932e6d38927b5e9acd87b8 2520 libdatetime-timezone-perl_2.23-1+2024a.dsc b213d840cd0e4ef15efb65d6403dc7992f40e2c6 965468 libdatetime-timezone-perl_2.23.orig.tar.gz f1d587daca23682568ec5829c1333fc24b30a168 214036 libdatetime-timezone-perl_2.23-1+2024a.debian.tar.xz 86365106dbe1ca88a5a176256915e3465b7be284 6011 libdatetime-timezone-perl_2.23-1+2024a_source.buildinfo Checksums-Sha256: 3a4425d687acdbd34becfda9c4b0e7ba8ef35ac5d1d307d8246b69faf204e714 2520 libdatetime-timezone-perl_2.23-1+2024a.dsc 6ae40286031853a4319c5b34516f1c09e429d5caa5f782165cc27175c89fe54f 965468 libdatetime-timezone-perl_2.23.orig.tar.gz 018c76a22bf6b149d5a2017adfa78c9fb3759ddabc57ce562c5c82d2d538a731 214036 libdatetime-timezone-perl_2.23-1+2024a.debian.tar.xz e1c386917f1b23a2966600747c73be8a2cc3e6c1deaaa616c9af95c1132d86eb 6011 libdatetime-timezone-perl_2.23-1+2024a_source.buildinfo Files: 6ff26a7f806125c9891f963a6b711d20 2520 perl optional libdatetime-timezone-perl_2.23-1+2024a.dsc 7019faeb2f54520580941b0be92801e7 965468 perl optional libdatetime-timezone-perl_2.23.orig.tar.gz 33e8a6b0b0318118dc9e0681e74766a4 214036 perl optional libdatetime-timezone-perl_2.23-1+2024a.debian.tar.xz ae9ae3f6424d2316d49c082bb0789824 6011 perl optional libdatetime-timezone-perl_2.23-1+2024a_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmYf2gAACgkQnUbEiOQ2 gwIEMg//XAVmLPmFhzQf9dcuaIhTQiuR5iWK/55zKmueD3nPRYAzZoqtj2j7lEaj WAVsCaTwjy9r40bOFHyWPTbCvzZfL6F26H2TE42YfAiwpTaMxTdhQQ4B5mc7M3oG Au/C7HuJJY68JIY93ZMHhgAZ6+dnvDA7cCuE7KHiOI3Gy3jKTr0UZ1xArP/KFF97 LWrroTaZVxw0qOs8K+oAFwsKWcwWOfDwM0eCMnQ/9I1zJcXNuJApz+1Hh/S721Mx UL9fskOLrcXpIkjAzNLSlpI4oHCD6aOnp8EbeK4smiRD0tAlRTF+cTU2yP2JTled +RR0OkCeyMGp1+VXEZK9PzP36kpXEwRDEXekKsjrPX3MiqnZRCZfjrWrzUPPYvyU 4a4IaY4I1fULgl0oK9LRzbr8AjWN3KPfu9JouoFHkr5mKQ0Vml/oNXFIlZpG0779 +9gmwJ/JwqKMZrP/0W3Z2z8Q2wRjVsXgLJ3jNCWTQW8LzcQrfbMAhkrZyWnUMKux gQNt5wGk+tdi2sEHyJMnjSZE+AMMGQflg6pQev2b+yC9+rKz17eihtnn5JFW/PJ6 WvZMOYExOIq8z2iVETouncYCRD3g5X/l86Xp6y0mecV7tRKzE6LBWrWSX5gl8dTz brkPgk6LYBGL79ZvpxbBE7+qeprQpefMfHU9ybquqoeAnVAObH0= =WDmv -END PGP SIGNATURE- pgpAM4CUkR2Cf.pgp Description: PGP signature
Accepted xorg-server 2:1.20.4-1+deb10u14 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 15 Apr 2024 14:30:14 +0300 Source: xorg-server Architecture: source Version: 2:1.20.4-1+deb10u14 Distribution: buster-security Urgency: medium Maintainer: Debian X Strike Force Changed-By: Adrian Bunk Changes: xorg-server (2:1.20.4-1+deb10u14) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-31080: Heap buffer overread in ProcXIGetSelectedEvents() * CVE-2024-31081: Heap buffer overread in ProcXIPassiveGrabDevice() * CVE-2024-31083: Use-after-free in ProcRenderAddGlyphs() Checksums-Sha1: 4bf732494b697e293b78baae4efcc54ef58e9f32 4186 xorg-server_1.20.4-1+deb10u14.dsc 94dd9612c5e4233ed3cb23063ab10f43b4ae4bb2 8553791 xorg-server_1.20.4.orig.tar.gz 257a01543988f509f284e505fce02fcb49739dd8 177175 xorg-server_1.20.4-1+deb10u14.diff.gz Checksums-Sha256: be70dce223c531fa10cf39e3184a4ca5e12e0d891b9847824a1cb054e183b2bc 4186 xorg-server_1.20.4-1+deb10u14.dsc a6447de89eca3e22eeead682b325d902779569534ad83388c9e16611d72baaf3 8553791 xorg-server_1.20.4.orig.tar.gz 157485f84a4f06a33d85c106a0cbc4ffdea9299732ba86bafadc0b5009e4778b 177175 xorg-server_1.20.4-1+deb10u14.diff.gz Files: 0ffbecf3f1e5d94702180334859b2f3d 4186 x11 optional xorg-server_1.20.4-1+deb10u14.dsc 4151b46d6036f4997d27c2d2b7be38e7 8553791 x11 optional xorg-server_1.20.4.orig.tar.gz f4cbbb393224006320ebcecf52ace7cf 177175 x11 optional xorg-server_1.20.4-1+deb10u14.diff.gz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYdFoAACgkQiNJCh6LY mLE0hQ/+O7KfTC1Wrm/HyUUWm6SopE5SUic/wqNx6BGQW8ol9WxlrdNoPopMgj+6 1L5RIA9Bulz4u4VxJNCFvEKq7MnJWVvsSdTg7zEW/fQjq7f7H8E+9/EAyYVwhvNS J+BscCNtdL/tpn53XL2hjfUUc8Ufxnl/USMCRMIA9WLfHBfo8y9khUwLldp0rEdS muf6LayBHBsFmV9R1chgUdt5YIMbj+AZj5wMj5YMHuHcxjaCbTh5Shic5up9sUJD jTIO7eHBhFb0Cw/UmabGj5tXdEGNJebwCkqBlm2wr7SWtW1H/S/1pxzSYVhg5RLJ PFc9lmV4jDpdUAG7syZ2qnprMNMIYJMLeWTpJz2ZDeX0LOV2wJTMO5lpKBiK0wgG QRkhhyKiq0YJf0MP8aLwlljMIZX3Q/mQyoFy6XLdElj73B6rWmxPfGfP0PJ8MFiR LTmjL7xW7zF2SX55MdjWcIIdswxxV9KedRzXacR+znKSOsRN2yv8g45FI4uqXvUk nElalTj1KHMK4DpWyGEYlbzbOnxL2Gx60q/niUyUnLknVMxejNnVJju55i1Jtk9+ As5V87M2A3Rt1luVBKnAx67zAesx4oJytEutEIeew9Op9wzIFzIhUXW372EGr++7 Iz/RT+BRAbJ877TvGOwzDAF0xcew8dvY+hqoAd0o00aJYt84Gns= =TCmu -END PGP SIGNATURE- pgp8Xb6DFAtwZ.pgp Description: PGP signature
Accepted pillow 5.4.1-2+deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 10 Apr 2024 20:46:20 +0300 Source: pillow Architecture: source Version: 5.4.1-2+deb10u6 Distribution: buster-security Urgency: medium Maintainer: Matthias Klose Changed-By: Adrian Bunk Changes: pillow (5.4.1-2+deb10u6) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-28219: buffer overflow in _imagingcms.c Checksums-Sha1: 3b14c2b7388535cb2602566bd8091077e04f3fa5 2846 pillow_5.4.1-2+deb10u6.dsc 480e72c23fe96c4241f87ed64661b5ffa6157718 12248208 pillow_5.4.1.orig.tar.xz 8af5240d13ebd7c6f05c207ebbcd458aa2dfb852 24972 pillow_5.4.1-2+deb10u6.debian.tar.xz Checksums-Sha256: 2178ffbff32912ceee9c3641e99342659711a3ae7b8688c92fa482e4c1a29f14 2846 pillow_5.4.1-2+deb10u6.dsc db7f301e4bf1eade3321430014b71230492443015929a221163c6b52af68320d 12248208 pillow_5.4.1.orig.tar.xz 98e99481265c77f0f8a999d0a0c4e977f45ee127840dd25c7a3dc0001c05ab0b 24972 pillow_5.4.1-2+deb10u6.debian.tar.xz Files: 929b71c62d5015e88191e77d16aec1cc 2846 python optional pillow_5.4.1-2+deb10u6.dsc c05bfe9b46c70b5823d9e25fa796ff19 12248208 python optional pillow_5.4.1.orig.tar.xz 87844776bfe1cfb3742c2f3c3ddf3dfc 24972 python optional pillow_5.4.1-2+deb10u6.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYW14oACgkQiNJCh6LY mLHIeQ/7BHog0qrgvVmjT8m0zYMdJrIfEhi3l8SawA3jjkm+P43CeIuxu3Tgm2Pd MAbx09z11nYqFAFPI+lcSB5S3pLI0499rsyjT5oh4zuoDV2w4RJcDVEsxNy4mAa1 9bq8FzGqTZ4WoZf4OHgSvj0xSQgFI1Yde+/mvi2SfaTTyhJ+TcDGKfcG8MFME7JL jKZkWqOkMYAQJz09TAjBGLZz+OYMyeR2nQzgrsexXYRObnaNdWgfEPQPulwHPQTm B3zCzJ2FxjnL0MV4WRbNUHLbo8QQSQj5OTvrsKNXedjQGgwtOudZMWgm01MZec8W DqEs5yq7o6vsNklOG6P1n5/29kZDpFF8DPygoY37I5yLeri7AFD1fIdB8oPywGnb FIvgHmDHe/wXCxGB4Fgj4sTFuQu8GlCeohEum3EpWgALXtnVEdiI1PEQ/KcpSH0U 6Nq7r7kvVeV+DxRsVG4iJbOajjp8GZ0A5oQp/BHtzFO27SFYR2blsDaM0gxQGgEi LrJho6WtL6jctYebk4mfHpdFiiAxBl3hPFVvZ9+oQK94fWAaYolR9BpQMXT8llFD ye9n9VluGu2u9/PxKhksaA2TRHO+c6K5WQykQ1w517LpCCJbTPw5wDNRSBULHQ6p G1ZcvXyXXY4PVlSk7/MVlqDo7W8zqZ1vB71AZaBVjSIRxa1Q2uU= =+7kF -END PGP SIGNATURE- pgpLmB6Yvww46.pgp Description: PGP signature
Accepted gtkwave 3.3.98+really3.3.118-0+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Mar 2024 23:03:07 +0200 Source: gtkwave Architecture: source Version: 3.3.98+really3.3.118-0+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Electronics Team Changed-By: Adrian Bunk Closes: 1060407 Changes: gtkwave (3.3.98+really3.3.118-0+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS team. * New upstream release. - Fixes multiple vulnerabilities: CVE-2023-32650, CVE-2023-34087, CVE-2023-34436, CVE-2023-35004, CVE-2023-35057, CVE-2023-35128, CVE-2023-35702, CVE-2023-35703, CVE-2023-35704, CVE-2023-35955, CVE-2023-35956, CVE-2023-35957, CVE-2023-35958, CVE-2023-35959, CVE-2023-35960, CVE-2023-35961, CVE-2023-35962, CVE-2023-35963, CVE-2023-35964, CVE-2023-35969, CVE-2023-35970, CVE-2023-35989, CVE-2023-35992, CVE-2023-35994, CVE-2023-35995, CVE-2023-35996, CVE-2023-35997, CVE-2023-36746, CVE-2023-36747, CVE-2023-36861, CVE-2023-36864, CVE-2023-36915, CVE-2023-36916, CVE-2023-37282, CVE-2023-37416, CVE-2023-37417, CVE-2023-37418, CVE-2023-37419, CVE-2023-37420, CVE-2023-37442, CVE-2023-37443, CVE-2023-37444, CVE-2023-37445, CVE-2023-37446, CVE-2023-37447, CVE-2023-37573, CVE-2023-37574, CVE-2023-37575, CVE-2023-37576, CVE-2023-37577, CVE-2023-37578, CVE-2023-37921, CVE-2023-37922, CVE-2023-37923, CVE-2023-38583, CVE-2023-38618, CVE-2023-38619, CVE-2023-38620, CVE-2023-38621, CVE-2023-38622, CVE-2023-38623, CVE-2023-38648, CVE-2023-38649, CVE-2023-38650, CVE-2023-38651, CVE-2023-38652, CVE-2023-38653, CVE-2023-38657, CVE-2023-39234, CVE-2023-39235, CVE-2023-39270, CVE-2023-39271, CVE-2023-39272, CVE-2023-39273, CVE-2023-39274, CVE-2023-39275, CVE-2023-39316, CVE-2023-39317, CVE-2023-39413, CVE-2023-39414, CVE-2023-39443, CVE-2023-39444 (Closes: #1060407) * Readd ghwdump for buster. Checksums-Sha1: 330647b70c557c63f41c3ace356b9fa9c6f229b7 2197 gtkwave_3.3.98+really3.3.118-0+deb10u1.dsc 35da928d360225333c4d408565535c03aec11b95 3507767 gtkwave_3.3.98+really3.3.118.orig.tar.gz 28737406108caad85835843d85a7ab0838d7771c 19756 gtkwave_3.3.98+really3.3.118-0+deb10u1.debian.tar.xz Checksums-Sha256: c783876a44a633fb0e8a60a4096a2fcc1e5b2e5255e7b1a6e46eb9601f027062 2197 gtkwave_3.3.98+really3.3.118-0+deb10u1.dsc 416d037c1f5f6dfc8fe9d2da87b650d9ebb4e9a7e8714e558ab4ea818eebeaa0 3507767 gtkwave_3.3.98+really3.3.118.orig.tar.gz 2678abcb4a16a03c1a040e72160586d8114e9a3657a3697454cf25252788ae72 19756 gtkwave_3.3.98+really3.3.118-0+deb10u1.debian.tar.xz Files: 178675d681b801c6c9e9f166da483347 2197 electronics optional gtkwave_3.3.98+really3.3.118-0+deb10u1.dsc 8960ea5b268e14e1f662b03c3072afb6 3507767 electronics optional gtkwave_3.3.98+really3.3.118.orig.tar.gz b37ac1693d695564f6fabba238f075b6 19756 electronics optional gtkwave_3.3.98+really3.3.118-0+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIyBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYVi2QACgkQiNJCh6LY mLGypg/4v+HP6o+pRqlcemKVMDEOzhhIxRPcunb1wUdNBRm8tVfiNzqivT28qWQu 3Ji30E4D3D3XcUzejTY7c7kEPJuCkzecne4gZgA8n+QWvtx88EDFqgBj6vFNWCjZ VbyP9DXKRTeuVc5ISRNrYz6qJ2CaeJ/9B3uY2+yfLbCRvkuRJJxWKZNrM0EHV6Eo SpbybG1o8ro54jTkYDF4Qeva/odNDy9DKJOKqi91q8slCbykRmbnUx7uCtcP3nbY iAKTifxr8DpO1DCJolrPLltZFJzRcf+JuLvyUTUjeNAwqVNXtVZhJm6Hodn3Dsqh iVJCXT2P62lxRh3+jZZ8yj8Mvuc8mfBh/P86Tt7wSIhu+gbKqHoqEChIB80M5UBk TCVJUMTnV5NMXjmmZNfgh6Gjn6YtfbO2aR1n4Lo4U2pwPFyWNi6ViIfq5UsuvSGw ppRPjSdTFJYFIi0DnWrIP+Li4vZU/Tt3y4moIgnALwzKIA2b/hqabAKhKTXJ7ZyP N2wzt3vZZRZhBuibBfCC0PbUsTDSdk6eEla9wVHFWNKCtvpe1uB346ToUXMEaTv0 kF+SkJr8BEf6oo6StALIbTs9QIn0HDzsMhf8p2UYFUF5Z4qGwxj5LMdXFQCALq3u yQ+p/vY8CCUgztBLcaMsiLI0KspJKxaR4mnNztLVqk99Vn0NmA== =+Vdj -END PGP SIGNATURE- pgpo9xKGYqc4g.pgp Description: PGP signature
Accepted libcaca 0.99.beta19-2.1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 26 Mar 2024 19:03:02 +0100 Source: libcaca Architecture: source Version: 0.99.beta19-2.1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Sam Hocevar Changed-By: Thorsten Alteholz Changes: libcaca (0.99.beta19-2.1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2021-30498 + CVE-2021-30499 heap buffer overflow might lead to memory corruption Checksums-Sha1: d824e508cc1162f93c0bb99f2480fc1ef5bd8e76 2415 libcaca_0.99.beta19-2.1+deb10u1.dsc ed138f3717648692113145b99a80511178548010 1203495 libcaca_0.99.beta19.orig.tar.gz 687d76a20cc20f329cf6866f01365032b872bddf 13736 libcaca_0.99.beta19-2.1+deb10u1.debian.tar.xz 156cc0d48369213db41d9717233cc5abcab20616 13951 libcaca_0.99.beta19-2.1+deb10u1_amd64.buildinfo Checksums-Sha256: d2bc3f91faf86cad07ad64e8f28818031c6974da5a93fe0aae28ec9fdb24b8b0 2415 libcaca_0.99.beta19-2.1+deb10u1.dsc 128b467c4ed03264c187405172a4e83049342cc8cc2f655f53a2d0ee9d3772f4 1203495 libcaca_0.99.beta19.orig.tar.gz 2fe008a1eccafd48dbb4917b7d5e11b08561b900e4b0162ef4acf72e9a53a21a 13736 libcaca_0.99.beta19-2.1+deb10u1.debian.tar.xz d019bbb9ae2d96b9c455b7a8a2789c36404b2d22d217c47c7cf070d8ab3b2524 13951 libcaca_0.99.beta19-2.1+deb10u1_amd64.buildinfo Files: 196403bddf89a462cde4a900d96c500e 2415 libs optional libcaca_0.99.beta19-2.1+deb10u1.dsc a3d4441cdef488099f4a92f4c6c1da00 1203495 libs optional libcaca_0.99.beta19.orig.tar.gz 95181b406e1ad5aaf8d95887feedda3b 13736 libs optional libcaca_0.99.beta19-2.1+deb10u1.debian.tar.xz 0be3324197459e029d511f49bfd67ed2 13951 libs optional libcaca_0.99.beta19-2.1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmYSSXJfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRyFCD/wNpyozpuX1Rsqef4p/vDMoQ/DJ0kgs 9ftjChUr++NAmrxm3U9XS/JzysD4knO1ROGk17DEMJyVyLxAJf8r9awt+JIw/tTs UDVw8EEUWjogCzmlfDVQtqpdhzAD7OuqoZGv1/6Ybc4mzCAIuvdjrhXvOqZjf8Zl cjj77ZhwX0WNCayur7b/H+XQAsIgps9ypDGGQc0eiEnQr+bhJ1sCzkwHBPFRht1o lbiUL9XRlchcPOgqPmM7skiEYY9eIxNFY5HfNgcsyxzuc0VoMm/d9EyJu8HbZLGJ 1kxEJ/2wypmnEZa1pAODmLgLZ1JnsmgkogTR0RGXhOxixqy85mxwHFbriZte1FgJ uYiKQE9vFx6ivdRoe4hC6Z39Y8yhk4+MxpkHUjDEryYqhkhJEUt0w+wc7lRGj6wf n+7ZKjM2MpWHq1TijOyCHT29TljQX0Nd387a39eGRZY1QlyQ43Fp8PVaBfBrojWt UNyeXFCQhnEbSoyRtCbnGyEVSB4YnLPHO29wjt42Zcd+jK9sYDpjObVajZ0Nprri bOW68B268v3QYuan2uIKBAQKQZRoe/ZKRm+6Q6dwkZuSBu64g33S+wDAwq6Kx6Sw 2s7/l7yn1LRfxSlydUP0sW7AORL2881gqMsmCwKixJv9X9lXtfkrsL2SPApVgsP9 wRPJIGKC3F84Ig== =FR0q -END PGP SIGNATURE- pgpKJSG1WOT9n.pgp Description: PGP signature
Accepted util-linux 2.33.1-0.1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 07 Apr 2024 00:33:55 +0200 Source: util-linux Architecture: source Version: 2.33.1-0.1+deb10u1 Distribution: buster-security Urgency: high Maintainer: LaMont Jones Changed-By: Guilhem Moulin Closes: 826596 991619 1067849 Changes: util-linux (2.33.1-0.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2021-37600: Potential integer overflow in ipcutils.c. (Closes: #991619) * Fix CVE-2024-28085: Escape sequence injection in wall(1). (Closes: #1067849) * Prerequisite for the CVE-2024-28085 fix: Backport upstream changes to use fputs_careful() in order to handle UTF-8 characters. (Closes: #826596) * d/rules: Build with --disable-use-tty-group to avoid installing wall(1) setgid tty. Checksums-Sha1: 1ea17f1caf109d1cf1533132bf25280bb96a44e5 3995 util-linux_2.33.1-0.1+deb10u1.dsc f57232d9594d23e7c20b5728b24bf4e5d977accc 4650936 util-linux_2.33.1.orig.tar.xz 6b67806088771b8a5a7afe96bc903893293d9f82 87368 util-linux_2.33.1-0.1+deb10u1.debian.tar.xz df9b46e87434a28f0485d8507aa5c1c8e272bfc3 17216 util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo Checksums-Sha256: cb5ba81b8dfa3ddfe2995b640b2fbe6b35d9706b0185d8d03efe2e6238dcf361 3995 util-linux_2.33.1-0.1+deb10u1.dsc c14bd9f3b6e1792b90db87696e87ec643f9d63efa0a424f092a5a6b2f2dbef21 4650936 util-linux_2.33.1.orig.tar.xz a1f70741a39a31700a443f462a50c3a10b540256bdde1635e0afdb083507d0bf 87368 util-linux_2.33.1-0.1+deb10u1.debian.tar.xz 738d7b3b07894b8c4500bc61e2b9cee982debbdda6e9d3896e7a4db83a3f70af 17216 util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo Files: aa472fe037d9136de4b59110afb1a4d8 3995 base required util-linux_2.33.1-0.1+deb10u1.dsc 6fcfea2043b5ac188fd3eed56aeb5d90 4650936 base required util-linux_2.33.1.orig.tar.xz d796a74e57a26b03f1cda0cd71c718bf 87368 base required util-linux_2.33.1-0.1+deb10u1.debian.tar.xz 93e21c607cf5204e1947947105749ae1 17216 base required util-linux_2.33.1-0.1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYR2HQACgkQ05pJnDwh pVLQ0hAAtbb5nHQZq2mNDAkMSngBZ+lUiFjAbiFFKW8SzkJs1sGLtDBX3v6MyDh2 DhMndmWv4ZUKV4apOEVLqUDhyojmpyOXhCbRIDYHMgXIoy+NMyMciKKk450QP9je 6l64AJqdkJ3Lnw/Bc4dHhCBqnOvdN9fSVNYalI6f5bqiBYQ6eTYzsFJiAHEAEE3+ lheOPM+S1dLAUV6dqZxr5kA8RXvHTpKrvmNE4ATQ+E4hsbn2kLJf7DNi3WBrBCUH U7QgUCIULOkjQXP/+Y2xo4FCMloR8ZxvDSlNBKcDGnXhS/FqR1CJl2s1Sd+YbAWp tPnsusvfVI4LcOchbBZDmYHr5HOtrMgufQIWaVtfUGjEEwQpWNhnqCxfAkz8Z8Ri jDFCK4/VYV4FSKe7zORd3cljVMuWVEDpVQm1cH07zFiY+9uSFQP4THlU3MJ6rW2c +iQC7KJM1nTYDkJ27SSObxYXG4uRpHUz44lPSLS39e6K5k5ZwSXzSY+3R1zsPMtU JSmerwzEj5t/C47unM+aNl0nbSaZ/Hl6/YKmzqGOMF8TP4kvIyxjDkSHxb06pZ5o mDrTJtNRm8za985Agh5NUsmAhRH7dQ0STJtm7ZAABg3BxZRbFw3eBTmzH9GzKm+w hwhmW7ixjw7BBdbdYUAsdD4JbGy9QkcIGVQwg5EVGDFtrS4O8hA= =dV9N -END PGP SIGNATURE- pgpEtgvbhnaXs.pgp Description: PGP signature
Accepted jetty9 9.4.50-4+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 6 Apr 2024 22:13:03 CEST Source: jetty9 Architecture: source Version: 9.4.50-4+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Checksums-Sha1: 815243cdbe3fe92e8dd56a6d2765612e0c2175ce 2779 jetty9_9.4.50-4+deb10u2.dsc 2dae548a95f1ac4ede45e399e3dcb57f08f6c7b0 82572 jetty9_9.4.50-4+deb10u2.debian.tar.xz 37baa282c7566b756d639c1d4c20787c8f5211be 17855 jetty9_9.4.50-4+deb10u2_amd64.buildinfo Checksums-Sha256: a833b6a931138831be2f20029dff842320c133f84c864dfa4afa019daa87fab9 2779 jetty9_9.4.50-4+deb10u2.dsc ad246bd073a526f6a45e6e8f5a7851ffba08dbd8c4887db3a1850ee7423f4338 82572 jetty9_9.4.50-4+deb10u2.debian.tar.xz b9deba9fc797e66d8a8d1be7f872b61804be25b6e67e1691691a0caf8736fd9b 17855 jetty9_9.4.50-4+deb10u2_amd64.buildinfo Changes: jetty9 (9.4.50-4+deb10u2) buster-security; urgency=high . * Team upload. * Fix CVE-2024-22201: It was discovered that remote attackers may leave many HTTP/2 connections in ESTABLISHED state (not closed), TCP congested and idle. Eventually the server will stop accepting new connections from valid clients which can cause a denial of service. Files: fc2fac1c4055a6abb10ae70acd5e9579 2779 java optional jetty9_9.4.50-4+deb10u2.dsc 552a5ee435fb0e0b9135ac02d2f68c91 82572 java optional jetty9_9.4.50-4+deb10u2.debian.tar.xz cb685f8a295cad7a9871cac727cc59aa 17855 java optional jetty9_9.4.50-4+deb10u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYRrNhfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkPWMP/0YyA7ZKnlUAG9O4GCE9L7tak2Wwzp9E2h72 j8eSNbb/yZ0m0s/O/w5j3VSXoDcXNq0cQKOfpMdGlad17gSES1j2tR+6rphwFtyQ 3f27ujPT1158nP9O2hM1GN9A6GucbQYGyEQpFEP/oJsIwRpj3TGtBjDB/iLflRtT HfEhA6TFu6v5NoUrl+baQ4WDSrakxNpuWNhJc+iDjlpoWo6REChv7rL9mlS4FwJe EBKbO9exe4QanFfs0kRWx7XgZlnPnCEIY13RSFW6gw1z50utCpurkGIdA74DjPQB 2ZKafaE7O1EjVW6+sutHIXeanmdO71tR18sZQq5MSGUwC32YVzS1k1Xx4SL1Leac ukVATPcTvHPKq3Qtqa81UqIazwLG9EAJJ3eAv9Uj828nAnmEakne85cvYoPvyVwJ pWv8J/aGQzCUs9orPFQVhHNct9ehFuBnHvxQRq13Lhp0SzKTNrDPpnMNScA2Cx8H eYinRjAvYfBakv1Auqr2XueWZQSVwDE1nUNiZbUy6TE4KVbu/PigzsgTcAaTyEFd DyQTlxes0uZ0XgC/izrAi8By427UW38q8LIBUmbNru6ghG2eJRxHfGdo1gcoUoR2 Yur+2I1nLabpKzjRgY16hV1PzoGgtSv9Mojl3Ii9iYDqkeWK/ijg3c4qKpsqhtrL joKIiUto =iR7O -END PGP SIGNATURE- pgpqyhBJBRWz7.pgp Description: PGP signature
Accepted expat 2.2.6-2+deb10u7 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 06 Apr 2024 18:16:16 +0200 Source: expat Architecture: source Version: 2.2.6-2+deb10u7 Distribution: buster-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Tobias Frost Closes: 1063238 Changes: expat (2.2.6-2+deb10u7) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Fix test suite. * Backporting patch for CVE-2023-52425 - DoS (resource consumption) parsing really big tokens due to O(n²) complexity. Closes: #1063238) Checksums-Sha1: 9339e324dc600aa01630d878076c0986678f5dcc 1981 expat_2.2.6-2+deb10u7.dsc 99907f6d654007e3b26c221b7b1f696beb02c763 78596 expat_2.2.6-2+deb10u7.debian.tar.xz 5490885edce4d161b39a23b0485039ef268172ac 8508 expat_2.2.6-2+deb10u7_amd64.buildinfo Checksums-Sha256: d2544ddde86b80328d975ea7747f61670769e516c0ace034995a151ea3ad6659 1981 expat_2.2.6-2+deb10u7.dsc 92659584405905570ca3b5295e4a1106eff4eeae70795004276c801bbbed2490 78596 expat_2.2.6-2+deb10u7.debian.tar.xz 7f83e42774b51f5131a44b0d00d0d676cfd42ecfacc56630324d8afcfaef398f 8508 expat_2.2.6-2+deb10u7_amd64.buildinfo Files: b0ae8a37c637b9b49e02ec9de548fd45 1981 text optional expat_2.2.6-2+deb10u7.dsc 4a00d01efba2c6709d5f9b6104636e77 78596 text optional expat_2.2.6-2+deb10u7.debian.tar.xz 78b6796df025f4db76603ad8b03f9dd1 8508 text optional expat_2.2.6-2+deb10u7_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmYReHIACgkQkWT6HRe9 XTazig/+JSjFHjcPn56iM7RSo3xtJqcwVGCpCgMMA9AtCVpJ8OzZvkmfo8LbDuF6 MH3sTiTXivU8bV3n1jEn1mOYHRBCkSqgsW1HZY+kglMZ6GGPT8eMdfIXXAC6hYT7 zHfnmvjIWATy3HaUOYzcrW4JcUOIvYbSWXR4yxcvFQTDe8SxLF9ZFS6OZCuYxnO8 V/uL1oblM5p+MeIW/LZIrVrcFNsW+/j3fI9GZousdIt7ZLnj2BXhuOfsM+fr25dc lV6xsmLC9RpZHE0xK0shsc2Hqj+RRNXvGssZAwrU+nGb5cz6M6veOS38e63QCK6z 4812cmxTW9sCbUeoJDoUPL7tR97SPvT95M2lqZvM4UsO3F3jF2C99Byk/hj33HOp LAs3eCpEk4nt0SCMCpC4gUP8KZKnQd8jnOW177z303cDal7jnuxtwIbedac1uQmy j232VSf0Mi0+ZJeKG+VSllXR4zGqR5tNnewiWOq4I8TDlh4361x7StL+EEQpZvpp BgDiMFj0gjYfn7Nt/baE+nYwgYzlGFZNs3i0gAM5hHkGUK7FMlPRj1C0Pd+UzMZc y0Ccxp57VGdB/cJqKle+SI6GPh0oJsssO18iv5q6G+XSNossUrZdm3FTne2so8bW Dzz/ayKLtrQJjGW+g3ejeNBkK6AeLdQuQVNeyNDEc3EhhGWkbLM= =ghgr -END PGP SIGNATURE- pgpOpMAvfu_Gs.pgp Description: PGP signature
Accepted libgd2 2.2.5-5.2+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 28 Mar 2024 19:03:02 +0100 Source: libgd2 Architecture: source Version: 2.2.5-5.2+deb10u1 Distribution: buster-security Urgency: high Maintainer: GD Team Changed-By: Thorsten Alteholz Changes: libgd2 (2.2.5-5.2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2021-40812 fix for an out-of-bounds read due to lack of return value checks. * CVE-2021-38115 fix for remote attackers to cause a denial of service because of out-of-bounds read via a crafted TGA file * CVE-2018-14553 fix for a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence Checksums-Sha1: 4b0933155b11c7c031f9b18c029a55a1755272d8 2400 libgd2_2.2.5-5.2+deb10u1.dsc 281af8e7e9c798d368caf8758b983c4d8c24d9ec 3326856 libgd2_2.2.5.orig.tar.gz 969364ddba5f6dfce56f9332985e657665c94894 37380 libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 6bfcbd69413297f9791a4298d7124f9b831731b1 8542 libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo Checksums-Sha256: b32b49e7f53f48312d289ef5a509245590d744d8125a3be765494cf809950842 2400 libgd2_2.2.5-5.2+deb10u1.dsc 150e6952af874bbccb33cf0f87288b41a8fd54f0ce4cff914ef90a80ef9d0162 3326856 libgd2_2.2.5.orig.tar.gz d33f0b1ad7f40ff30f67e08e792be647b6d79e2942ad412d873ac7d9ab241b13 37380 libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 05f3f87fa57995912c53f7a8109f86780018de8dc0a370c42a98b89a33111387 8542 libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo Files: 5d250651b979523f7849e8d9a3eacb99 2400 graphics optional libgd2_2.2.5-5.2+deb10u1.dsc d851cf184ccb9272b728ccb938c25b25 3326856 graphics optional libgd2_2.2.5.orig.tar.gz 8d199b7cc455cb50bd321ddff6529776 37380 graphics optional libgd2_2.2.5-5.2+deb10u1.debian.tar.xz 8513249e44d087bdcfd219f2f129213d 8542 graphics optional libgd2_2.2.5-5.2+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmYRCapfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR69AD/9A+AQBfqB+b2GPI7zSLRD8YnNZalhn n2tf8DKlVxBdS+xU8vvSUh+LRLHlVoAi3JPtKsf+W2ZAaimscFKPzgL6jyyxLBOP D+3cRnxJmh5bjtzdewffEnHxMfrPsHM9WjCDfoYqH3cLXFMG0nxxglLpRFMBg7rS Mh7W2nrM9cH85WXuHSCUGy/jltfy4ZItJtJEXLno+x7OAPLfFKRzdczyPhGMVj3E AMq1IxrFWMPZBNQwN0l9lK9cgCb9+TEoJHxVKLvGkwNpjYkR7luaQ1YxGXpPFnZY 6u4CeF9BGHAMZqBssQaDGDycTTRqoTfUYI0zbep4gDWdLPZRWB+VW2QC87XpcbCx VrFddmB7twBr2SqXuHKltcb4RhSuYm0Pu4Sf/o/dJzsH/XH6G44CA0zWRvUUUjgM shBbSyJVunPdDmsomnjJV//DA+XcBUQ1at6O70PeSIIyu7ztWjx+3qL0ULfFUMkx mC2juKOjsvZVlEzmYNFD3rKY/DuhtXpCnVZLqfa2ci88/R2mFQsOJH3cQxMlfLTG Id4rxRgGfw+GQfFNOUVFvAk/hQT1HwxjlEsuOdYTcBC2Zrst8HOGBKD+pNDcSe8L 7hEIG8iV0QWzdy+hl+Aw2pIijeHMHPb7QGAQ469rlFjEJ8JXJkBP0pNtX6S0Q9rH 1l3g55aF86FIyw== =zK5x -END PGP SIGNATURE- pgphGqm_vLcBo.pgp Description: PGP signature
Accepted tomcat9 9.0.31-1~deb10u12 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 05 Apr 2024 12:14:58 +0200 Source: tomcat9 Architecture: source Version: 9.0.31-1~deb10u12 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers Changed-By: Markus Koschany Changes: tomcat9 (9.0.31-1~deb10u12) buster-security; urgency=high . * Team upload. * Fix CVE-2024-24549: Denial of Service due to improper input validation vulnerability for HTTP/2. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed. * Fix CVE-2024-23672: Denial of Service via incomplete cleanup vulnerability. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption. Checksums-Sha1: be088b1770323710a17b4741d61b9af7e29db968 2893 tomcat9_9.0.31-1~deb10u12.dsc cb917fdf199d30d55c37715b83f7ae9671fc3a26 69020 tomcat9_9.0.31-1~deb10u12.debian.tar.xz b50835975eab92523c368c5850773cc0ce3889e6 11843 tomcat9_9.0.31-1~deb10u12_source.buildinfo Checksums-Sha256: 3616241e5b1b87228721a2ba482c0b1dbe0cd0c2d6d3de8b94c2daac5afee582 2893 tomcat9_9.0.31-1~deb10u12.dsc 5a4951465b5c83b3a9130a51544192c88bffa3c4891241fa90bcbb657965b21c 69020 tomcat9_9.0.31-1~deb10u12.debian.tar.xz e4451a4f86a82fbf35ad314307f5740512ed3a8d986c5d86d69ce4f9f6de9773 11843 tomcat9_9.0.31-1~deb10u12_source.buildinfo Files: 0d46e26194ef507d46056dc5219267c2 2893 java optional tomcat9_9.0.31-1~deb10u12.dsc a45bb873efe0598811b3594f865cc5de 69020 java optional tomcat9_9.0.31-1~deb10u12.debian.tar.xz 6f69fbf93c4a61bd094ffef62e79b77f 11843 java optional tomcat9_9.0.31-1~deb10u12_source.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmYQfy9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkR0gQAJzdvbdUYm56xUFt6bu95kobxOZSSHywFQ22 FilsfFnCxddt2xLUj/D7V4B5fTAFyOQc0aG3os+Znlkx+5cG88wdJpGfqrCveIjJ 7PsZq+27fuz78lCkXGBXwgfdUGy9im2RMnNE2UTw8g8jN3jXZwfRA7QSPl/i3q0I TSMypykZOM/jNCCn7hfZzU0qhGheOKPUEu39MK7RRPAJMNJ4r26h4zeV4Mm62A3j b+eTQNRIa52HYAcNVKErKZmJ7o+QNWKESnCsvsPNg0fJqsqcFgavKwwU4qgu5IHK a/cZA3AcYetiTT3EwTS1fU2MQx5LxCs7qJx798m7xsftrKX+cZLBbNYJgWxKIERi y98q6nYk4JcyE1PN8urUmH860J7WFfd3+dcD1npiucoNy20du2WtwqFe2vg7zlWl a+UrEiXgS3FS4dVdnAS/vp7jkeBG+Nx/myvBwV2rNDowtOF6hTR2ZoQ7V6RYP2cV ZfnIx+apwdr+1imLCg2rdzQ2iiQ5wy0LOQ8CBrNX38TEr/NG76UfrHEOdmZaFb5X vTMdYMJjCpGW582Tc4zeBHu1o9YpRFCX0QnZiTw3qIw651WeeQ/BbIl6e88yYVg9 CFc/P/0eIJOxzjYTatEd9UWYrDEopHHll1NPeLyE9iaa88EhP4VxIIjHlFgODHtg Vco6aGkI =DdfP -END PGP SIGNATURE- pgpudN3vTBFM0.pgp Description: PGP signature
Accepted libvirt 5.0.0-4+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 31 Mar 2024 15:22:37 +0200 Source: libvirt Architecture: source Version: 5.0.0-4+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Libvirt Maintainers Changed-By: Guilhem Moulin Closes: 959447 971555 990709 991594 1002535 1009075 1066058 1067461 Changes: libvirt (5.0.0-4+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2020-10703: NULL pointer dereference in the libvirt API that is responsible for fetching a storage pool based on its target path. * Fix CVE-2020-12430: Memory leak in the virDomainListGetStats libvirt API that is responsible for retrieving domain statistics when managing QEMU guests. (Closes: #959447) * Fix CVE-2020-25637: Double free memory issue in the libvirt API that is responsible for requesting information about network interfaces of a running QEMU domain. (Closes: #971555) * Fix CVE-2021-3631: SELinux MCS may be accessed by another machine. (Closes: #990709) * Fix CVE-2021-3667: Improper locking in the virStoragePoolLookupByTargetPath API. (Closes: #991594) * Fix CVE-2021-3975: Use-after-free vulnerability. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. * Fix CVE-2021-4147: Deadlock and crash in libxl driver. (Closes: #1002535) * Fix CVE-2022-0897: Missing locking in nwfilterConnectNumOfNWFilters. (Closes: #1009075) * Fix CVE-2024-1441: Off-by-one error in the udevListInterfacesByStatus() function. (Closes: #1066058) * Fix CVE-2024-2494: Missing check for negative array lengths in RPC server de-serialization routines. (Closes: #1067461) * Fix CVE-2024-2496: NULL pointer dereference in the udevConnectListAllInterfaces() function. Checksums-Sha1: bd12a4c27c25325e8ea8fb03dd561aadbe8bd548 4385 libvirt_5.0.0-4+deb10u2.dsc 2daa9f44c8631d11d798b1e2ee6df726df449173 14832576 libvirt_5.0.0.orig.tar.xz 23f41e4e71c45c3b3cd176fe4e4ad99193c82e8d 94788 libvirt_5.0.0-4+deb10u2.debian.tar.xz cef859f8e1f20c8907fcee7cf256bb1391521b1c 21226 libvirt_5.0.0-4+deb10u2_amd64.buildinfo Checksums-Sha256: 1c378c2fdef3d71d5261b4fb2254cdec7da2229f3ae25423e543bc47bf91b113 4385 libvirt_5.0.0-4+deb10u2.dsc afa81dbbc90b5209575930a820a222ff371e5ece5c1d8ec8f46b53c52b73b2e7 14832576 libvirt_5.0.0.orig.tar.xz 8ccfe07c1f3a65b06e625558e947a5e45179dcd0240b26283345a859c66b531a 94788 libvirt_5.0.0-4+deb10u2.debian.tar.xz d7a9ab71a213579481de4ccc88d0e900b4479d7a8b8bfa4f13d4bda300d081b8 21226 libvirt_5.0.0-4+deb10u2_amd64.buildinfo Files: b18a82419536fb92039eafab19eb2c7d 4385 libs optional libvirt_5.0.0-4+deb10u2.dsc b67b226b8f22fbe86991daec5d71ef82 14832576 libs optional libvirt_5.0.0.orig.tar.xz d1d8d43dc22e22d06fb68ff77c18d4a6 94788 libs optional libvirt_5.0.0-4+deb10u2.debian.tar.xz 95e3bfdb0ae2809598ff6d28fedd592a 21226 libs optional libvirt_5.0.0-4+deb10u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYKAN0ACgkQ05pJnDwh pVJDYRAAji4Ed9ewrKRUWkKwKR0riQiQvJtdvrhME3j1P8VeVVsyk8UtZK/2o7Ed cvQMOOas3qujK1ksDH5sHfL2w2T8FjzZg2HZzCfXtLCV59Alne8sSLkIMDuPcJFD EVqId8lSCoIq9a8iQZAiJj1vil2g2n6NL+XPi3v2wUwVrMb+Cwm2EvP5E4JpaXXv Hg54Ze1GnDr8r/aXGphuS+MEE9CEfvGQ1aJgrWazy/IO0lVBtz89QrGJnKZkr3fV h4uonBOPv16IBTZt7pdVlvC2J4bBORuI99HNIoOFwmTxFTkyG+vyS7pCOE1+uwek 0NrZzvAfhaF9TtCvDukRLfJsIlGwsNULsrTil2vXUF/S1mgvy3BomKQex945hgpw Yn4UEih2QaFj3YpNeOruUFXYuat8FRYOdOtHcT2oFff+aBTKm8EgHVjv93R2O3sz vc1hiL3Yrmqv+/QOoglirfCraYmTl+S9H+Sh9UQIq56Ut0BE2eg83e6U1s2JlCI1 7yUUFnw3fh7xULe2wqY2rzJ//ynvS8IyhJ92keTbmUWZu0+AOsBinov22CRIxjfE 8gnPzYXbMkJjFgkF8CHOTRdpSfxAry+e7u7hVvgicbWwFtMOpczQIdbqAg9oH7fO FV88xqJV+X+iLluKQkDe+jI8SVgt9bugDPPf6Ey0nCdd9feYLkA= =kEPR -END PGP SIGNATURE- pgpCv12r6ifP2.pgp Description: PGP signature
Accepted composer 1.8.4-1+deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 04 Mar 2024 17:48:29 + Source: composer Architecture: source Version: 1.8.4-1+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers Changed-By: Bastien Roucariès Changes: composer (1.8.4-1+deb10u3) buster-security; urgency=high . * Non-maintainer upload. * Add Test suite from upstream * Force system dependencies loading * Fix CVE-2023-43655: . Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini Checksums-Sha1: 97280f22af00097343c851c42d92965367cb9a52 2356 composer_1.8.4-1+deb10u3.dsc 64c9bd0068668de48bc25b67e620c657e25bfa70 425448 composer_1.8.4-1+deb10u3.debian.tar.xz cf2a23b4da7cbbcef19716a862c2740312f0aaa8 9611 composer_1.8.4-1+deb10u3_amd64.buildinfo Checksums-Sha256: f90f1993e390cc31bfef036088952c06f1e16dc34e3cce7a52502325f5f76b30 2356 composer_1.8.4-1+deb10u3.dsc 9f3fe62907d2ca006fac6d05983b27efa35d6f05f690787cb3e17bec5b867cec 425448 composer_1.8.4-1+deb10u3.debian.tar.xz c9e0896689a7ed27284d48554434b2151bd077874e5d2209ac8f4760ab008e1b 9611 composer_1.8.4-1+deb10u3_amd64.buildinfo Files: 2c74b4c9e24600494c9909a4b4639d57 2356 php optional composer_1.8.4-1+deb10u3.dsc d40213042e5dcee9c415f5474f8f75e8 425448 php optional composer_1.8.4-1+deb10u3.debian.tar.xz 36b5f90d90ac75df00b1de0b65bd433b 9611 php optional composer_1.8.4-1+deb10u3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYDQOsRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+VrxAAqvFnNFPJ+gALEJSaIUuwFa4YfiX8AgDi JcTqO3Cg84ZzxY0eD5sy9ITsuPVhgFSVSilfVmSU7E7M7qWGwCAsjfgQBqQS/Sxj MY2Zzj/jd5QTbDq4VKpEl2CZ77+F0089bkU5KixSXJiHIJgGmQsv0tyiQXga4+IT f7V6KZM3O5nxOzHhCrKQwUcHdkx60X/0dY1hTlZWM0i9bmKBDaD0FUYuJo109sx9 B8nqRBof3CkIaUnzDonH0I253/57eLvewNK3hUjIJ1S1xewE7BE4Kfwv/ZIUjyGI YYA1BId6qTnYYOjc3kGH4z5j+EQ5X/mV6dbFnniV2XPPi1d6TVJ++73eBoZhfsHN dGXPI3k+p4B0WF3Keaz+3PlkHqgvIICOMyjy1kHpk/3gHh6sBqAqQQt0N8fNiLEq W5TcQoA+v+UxAt/vrIZtb42QCjlHg2m9peKqbsvz9we8JzfnKr1ssPHYDQdTZWuA UBj+UpDewFT3sq048sac2Tc9BkM06Eg9SI6VWaSIzkHLSAznixJTtYx7ZuKFDPIE iM2MaINXMYxreqU/i4JyN16idYkjzbJfQpPjnxyq9PuvtSMztMNRm6errk1AZB4b XfiUd+wEBhOi05v/HYg0lGONzFNzrB2Exe7nlEfB22SKwXHZAlgg/n78QN9BxhxV zqY4Xl29rOU= =41sW -END PGP SIGNATURE- pgpS5E6sl5EGs.pgp Description: PGP signature
Accepted nodejs 10.24.0~dfsg-1~deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 26 Mar 2024 00:54:55 +0100 Source: nodejs Architecture: source Version: 10.24.0~dfsg-1~deb10u4 Distribution: buster-security Urgency: high Maintainer: Debian Javascript Maintainers Changed-By: Guilhem Moulin Closes: 1039990 1064055 Changes: nodejs (10.24.0~dfsg-1~deb10u4) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * d/p/CVE-2022-32212.patch: Also backport upstream commit a1121b456c (unit tests). * Fix DNS unit tests which caused FTFBS in some build environments. * CVE-2023-30590: Documentation change for generateKeys() API function to align on the actual behavior, that is, only generate a private key if none has been set yet. (Closes: #1039990) * CVE-2023-46809: Marvin Attack vulnerability in the privateDecrypt() API of the crypto library. This is a timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding. The fix disables RSA_PKCS1_PADDING and includes a security revert flag that can be used to restore support (and the vulnerability). (Closes: #1064055) * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding. Checksums-Sha1: f2fc475f0cf38a55da02ed23d7fdfe93528a95ac 3032 nodejs_10.24.0~dfsg-1~deb10u4.dsc 6054b2a9a0c7e9138a7b618a86c9df26ae10f3ad 122320 nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz 93feb72cfa7cf6f551a91e16cbae31c0bad12053 9440 nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo Checksums-Sha256: c512c0fd4bc8a6499dbb00c2bfec9796fa5ac92af0a7cc0fcd9278bdb104cf26 3032 nodejs_10.24.0~dfsg-1~deb10u4.dsc ca564889e120d1444c16f4564f9aa1a67e5c70b40acb50ded1fc7893b20af3b2 122320 nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz 66142ff41588657d5ef5cd8f1cb94a980d3d6adbc11b198be1e6b7337381b09e 9440 nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo Files: 41c0e89abe1ac0a90c266bf0b754280f 3032 javascript optional nodejs_10.24.0~dfsg-1~deb10u4.dsc b04aedc934ac139e86f205ab22b0374a 122320 javascript optional nodejs_10.24.0~dfsg-1~deb10u4.debian.tar.xz 1d3c52ef39c06b6fc2fa1ed0e0d7fe4f 9440 javascript optional nodejs_10.24.0~dfsg-1~deb10u4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmYCJMwACgkQ05pJnDwh pVLg3A//fHszGll+8guJCsX/MDi5a+8c8HjYa92BoLgZv0K8uSefxae1zVcorhf2 c4B7ryGpC+NNsXJXDIslN1zeCxf67A7Mm62M3ZDSMAev2YHWibkzBSeRlGqE2Q/O tKl94DSCU9ZTlkQy6rzIefWXRf1vn+McKazibCA5mUmVKNhWDW2LFRJpDRumCZiV MoqiOuSLtwZCVI8yTcAsaRZj5wUVB8szDfx1Zn/ZIFbLIbwnX7S+RtUY7Y0Wpw7S DVwTPV0CT1uZb7GSo739I3sQrPcBGXl9FuQdtByKuop5xWpOwqnnPJ2TkUj3gdDz 4YQTI/z7BXV1iJvaphkA5pRjVRrTIn9u3ZdDUWsQax+udfBenekKFppThlKdibdL usDLlynkOHrqGJ5LxemPJnV/Pdqw1iFuWIUBOKwCWJNHukK7jQCXhbG36e6E7SQs 70s4ndWBkxwBDbTqeHl/4l8rNcuO6z6GhUCbH5oN8jNJaGAAA06WsQGh4jieMkic 15y6DrW0j6xP6siGSwzQrX1QwS/U80cOmCce3sLEQG4qKWGqV1SKRo+QOwJxOF9c ggcqt6oE0Rk4L/a7rfOWMVc/Tfm/INRZJ8EefZ0/25bsZLEHJSjjjyFBdLelGXQh 1Y4JKXuVwE9jwU3WdrRFWVo9xBda6EU4uPQnUrKVP4Ic97Uc72c= =goQJ -END PGP SIGNATURE- pgpRo9xJjzQdn.pgp Description: PGP signature
Accepted firefox-esr 115.9.1esr-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 24 Mar 2024 12:21:35 +0100 Source: firefox-esr Architecture: source Version: 115.9.1esr-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Emilio Pozuelo Monfort Changes: firefox-esr (115.9.1esr-1~deb10u1) buster-security; urgency=medium . * Backport to buster. Checksums-Sha1: 6e5dbf1bdabff154fe14d268d2d0a37797c650d7 47169 firefox-esr_115.9.1esr-1~deb10u1.dsc ea39095f58724c2c66e14a992a4e367b210729f6 183859 firefox-esr_115.9.1esr.orig-l10n-ach.tar.bz2 955ae0dbb1c80dbeaa4a31347c88a2f6ec76 122878 firefox-esr_115.9.1esr.orig-l10n-af.tar.bz2 83cfbc167a85a21569fb646eba3c7d401da2b01e 221134 firefox-esr_115.9.1esr.orig-l10n-an.tar.bz2 17fb77d6272cbc1e9f4dc5a4188eac4167f0edb1 251014 firefox-esr_115.9.1esr.orig-l10n-ar.tar.bz2 1baef1443d8dcccd1177a6dfe884a830d4ea11d6 185485 firefox-esr_115.9.1esr.orig-l10n-ast.tar.bz2 bd519ef82ac8654e15391d98299a7cd7d7558815 195387 firefox-esr_115.9.1esr.orig-l10n-az.tar.bz2 0cd84157686f86353b41192e7adf4cd81dadde4a 325843 firefox-esr_115.9.1esr.orig-l10n-be.tar.bz2 47ea97dafed9664f9ebf5176ef9ee19892dcb999 1487170 firefox-esr_115.9.1esr.orig-l10n-bg.tar.bz2 42ee7f77948c20a5571abf0242df937b4a11796f 233372 firefox-esr_115.9.1esr.orig-l10n-bn.tar.bz2 1d70755f8ca7a8792784733cb3a5ed2f19520dbb 1669563 firefox-esr_115.9.1esr.orig-l10n-br.tar.bz2 7ca91662b78e892303b952fe3175ec0371b0de26 191375 firefox-esr_115.9.1esr.orig-l10n-bs.tar.bz2 da2c51d7e4605c2201b336e4871782af43490a2a 241396 firefox-esr_115.9.1esr.orig-l10n-ca-valencia.tar.bz2 466442c774d34ba89682d6efccd1ddd391176587 713391 firefox-esr_115.9.1esr.orig-l10n-ca.tar.bz2 af79d54c9f282221b4eaf8fe50032455d16ce577 286038 firefox-esr_115.9.1esr.orig-l10n-cak.tar.bz2 3a2444ee0a685458a4431cd10620067b587039ae 332464 firefox-esr_115.9.1esr.orig-l10n-cs.tar.bz2 69259a37064af0d238d8ca12c2b155f27cb99f11 321977 firefox-esr_115.9.1esr.orig-l10n-cy.tar.bz2 f05bfe1bf9be8b62091689a8e8bfeeffb384d01b 1088333 firefox-esr_115.9.1esr.orig-l10n-da.tar.bz2 b0d2b8d509f32dfece7565f36be97e5a6c318bf6 322496 firefox-esr_115.9.1esr.orig-l10n-de.tar.bz2 4422c227896ddeeed85eef131ba6e5f4627994bc 324812 firefox-esr_115.9.1esr.orig-l10n-dsb.tar.bz2 74664174cef18370bbe4ddc938961b874e8d1f4a 2134233 firefox-esr_115.9.1esr.orig-l10n-el.tar.bz2 4d6726d409dbd6e43629064549b73d367cfd2e9f 511051 firefox-esr_115.9.1esr.orig-l10n-en-CA.tar.bz2 41831465cd0ef74db751eef2867e9df3a01da594 298713 firefox-esr_115.9.1esr.orig-l10n-en-GB.tar.bz2 a9288225b72445c076be79c9e5e929737dbf8454 306853 firefox-esr_115.9.1esr.orig-l10n-eo.tar.bz2 931d2f3e816dd470101c28dea4e7eec76ad46355 585383 firefox-esr_115.9.1esr.orig-l10n-es-AR.tar.bz2 3901d1e1e5a3358a83972b367738e43711948c36 582136 firefox-esr_115.9.1esr.orig-l10n-es-CL.tar.bz2 7cde7b2c698925cfce3fe396cc08cc47af480b8a 579827 firefox-esr_115.9.1esr.orig-l10n-es-ES.tar.bz2 60043169bff93afec64be891f44d43150ab107d4 568982 firefox-esr_115.9.1esr.orig-l10n-es-MX.tar.bz2 64ce7514b86a753d2ffb51dcb4d8d960cf64db2f 1137767 firefox-esr_115.9.1esr.orig-l10n-et.tar.bz2 2517d444558d0d9177b73eeabc83b853aa5df9f9 303384 firefox-esr_115.9.1esr.orig-l10n-eu.tar.bz2 438f7f226779f93fc7016ecb80b387191bec4fa9 238577 firefox-esr_115.9.1esr.orig-l10n-fa.tar.bz2 3f35c8520eba3b237f85c4c5b5988d7adaab9d95 201291 firefox-esr_115.9.1esr.orig-l10n-ff.tar.bz2 be53bc4d3f0961c1f066bd6031998103ef3a5dc4 312385 firefox-esr_115.9.1esr.orig-l10n-fi.tar.bz2 b30660dfbfc832b7bdcd5ee7865398fdfc39cc08 723158 firefox-esr_115.9.1esr.orig-l10n-fr.tar.bz2 abeb9a141716c1a7e19408371915f0dcbe164a7c 322383 firefox-esr_115.9.1esr.orig-l10n-fur.tar.bz2 391ca570d735abe9078826a9967730f67e9c72d0 2380463 firefox-esr_115.9.1esr.orig-l10n-fy-NL.tar.bz2 8748f68928e852caa7de7dd31c3bac937547061c 183136 firefox-esr_115.9.1esr.orig-l10n-ga-IE.tar.bz2 69160277670809a5982c44fde8ee8b17c1b48f6d 302200 firefox-esr_115.9.1esr.orig-l10n-gd.tar.bz2 96ae52f76af63e02f49a58c0ee2334524f537c4a 309985 firefox-esr_115.9.1esr.orig-l10n-gl.tar.bz2 20a02c0297b16dde1a71bcbf43274d7eed8492e6 312631 firefox-esr_115.9.1esr.orig-l10n-gn.tar.bz2 abed6babb06bb9f5e064260aa12e9aaebbc0f063 196384 firefox-esr_115.9.1esr.orig-l10n-gu-IN.tar.bz2 93893b9c04db500ffe174d51036d11694a6a4834 281882 firefox-esr_115.9.1esr.orig-l10n-he.tar.bz2 5953f2eba0858c5715b51067b30469851abbe5c2 222138 firefox-esr_115.9.1esr.orig-l10n-hi-IN.tar.bz2 d52a97ab376f841d110f29717b7a3f07c241d453 265738 firefox-esr_115.9.1esr.orig-l10n-hr.tar.bz2 44ba3b6ac2ea605d8b50b96cf613ee49c7b3167a 324565 firefox-esr_115.9.1esr.orig-l10n-hsb.tar.bz2 84ad2a3ee19be6d72f12c33606393a43cae5d8d3 1043704 firefox-esr_115.9.1esr.orig-l10n-hu.tar.bz2 75c5283c459f292846e1c1c275c3a85655940c35 260317 firefox-esr_115.9.1esr.orig-l10n-hy-AM.tar.bz2 1d7edd3f921cd71d37ad5117eccebcf0ec45217c 314574 firefox-esr_115.9.1esr.orig-l10n-ia.tar.bz2
Accepted gross 1.0.2-4.1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 25 Mar 2024 13:49:43 +0200 Source: gross Architecture: source Version: 1.0.2-4.1~deb10u1 Distribution: buster-security Urgency: high Maintainer: Antonio Radici Changed-By: Adrian Bunk Closes: 1067115 Changes: gross (1.0.2-4.1~deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Rebuild for buster-security. . gross (1.0.2-4.1) unstable; urgency=high . * Non-maintainer upload. * CVE-2023-52159: Stack-based buffer overflow (Closes: #1067115) Checksums-Sha1: bad8444f996072112962a5486ec2059da5921db3 1869 gross_1.0.2-4.1~deb10u1.dsc 00961feb7b9c8330bb6db2a33b8d5c378c1eaee2 317461 gross_1.0.2.orig.tar.gz 6396a71c85ee2a33732c1a227f7bc644bc4a4edb 7044 gross_1.0.2-4.1~deb10u1.debian.tar.xz Checksums-Sha256: 7dc4ea5f30630f74814a8c65c24cf3aee1140ed831606d41b65d9acc99fab2c2 1869 gross_1.0.2-4.1~deb10u1.dsc 8443b9ba46537ed6470bda60109df68d40d3dd11b9f5a07c9180cb01af7147f9 317461 gross_1.0.2.orig.tar.gz 014bbb4a9a8456dae31c19e25619a5d16ff35bcb1a7164551c2558699171e18e 7044 gross_1.0.2-4.1~deb10u1.debian.tar.xz Files: 50d358b2e0f736ab33a91cdaac7482c7 1869 mail extra gross_1.0.2-4.1~deb10u1.dsc cb88d88553161c01e9bed7a74c3e9263 317461 mail extra gross_1.0.2.orig.tar.gz 498debea1b739736a2018abe8cc6c72d 7044 mail extra gross_1.0.2-4.1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYBZYwACgkQiNJCh6LY mLHemxAAwvPED5TJzKEuzBvnEjSip0UQCLuYfE880Dt5RAr8cmhh+7nz0KKBU6H9 xbLU8iFjDNv/8JHN83vmHUBPtU/cpRbXKbqQmbfMHNio0PkAG4bm+3PsgJttVSN5 OVbOcq8jZSChMI4yUXcOECuF8pnRijkJ8qcJh0/z1VXKdC2LasuSe8fguYciWR8W wcW2oTQ1cqjuuZRwjiL0e0Om7zSu2iLtlMqusBuJZee+WEwUB+MEBM3bQCI54+DC XbAGe1Infe76R6RqJk/3JyePTceiouYro6K2sSaBf6yNr7z6unm631fwcgegkIww sgt2M8mMZyXqMtkH9yU1Iv5xQgMruXHMtTTBKhpt9S8HeaJ1kyAlp+L55XuPgFYV Ky9e7UEfxE4EhlPPDjphSLcZS9cvgCcQwQxrc1lFja54oj0SIKmq8rEOI0fDFH6W KznQtjhE87maG8DiQNSm7EacVczpelqnuc72hVazRZGx7UCFmQg1afN5SUwX31/b uU097P76L9MLdSMWLUUqhED3tmsPTvXoX5KwuJaG2plFUPqHIMabA5uaNkFRJlew 2JQffn4shy0oTRa5ricvDcC2Ug2nLN/qsfnSVCGK/mYmbFmucPFXbHGf3YFnTmhN RkqPzc47Lw+cpj6L1ji+zczqeT/NCHfzeCS7AphvDicTIUpAlWI= =CNg3 -END PGP SIGNATURE- pgpYa46PlTmvq.pgp Description: PGP signature
Accepted freeipa 4.7.2-3+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 25 Mar 2024 10:57:53 + Source: freeipa Architecture: source Version: 4.7.2-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian FreeIPA Team Changed-By: Chris Lamb Closes: 1065106 Changes: freeipa (4.7.2-3+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2024-1481: Fix an command-line injection issue whereby a specially crafted HTTP request could have lead to a Denial of Service (DoS) attack ad/or data exposure. (Closes: #1065106) * Add a debian/.gitlab-ci.yml, but allow piuparts and blhc failures. Checksums-Sha1: 6efc1b8a362e480fe1a7e061e53c05ff32177f78 2928 freeipa_4.7.2-3+deb10u1.dsc 3808187bffb3f655f1c076edd5e0b1fd8534424d 11965409 freeipa_4.7.2.orig.tar.gz 0fff8470cb0ec79ec45c3ec89505c52c19a56657 284348 freeipa_4.7.2-3+deb10u1.debian.tar.xz 3172b1bb9eadbfa6204cd82d8851e023a022ce3a 13962 freeipa_4.7.2-3+deb10u1_amd64.buildinfo Checksums-Sha256: f97711027d9872b5030d19c7d5b6ad6b345eedcdd70ec4fc9e293337e3d9fc18 2928 freeipa_4.7.2-3+deb10u1.dsc a88826abf1e583efabc6478ef87ba47eff5c9dabf49532d945c922288ef14fdf 11965409 freeipa_4.7.2.orig.tar.gz e3966ec2dddad95713421ee1a6f8feb1c3cafeeb3a0f8affa8fae37498e18a62 284348 freeipa_4.7.2-3+deb10u1.debian.tar.xz 33405094e2230118dbd840adec5af142c1bd606ab4205b8e477dc962d4cf070e 13962 freeipa_4.7.2-3+deb10u1_amd64.buildinfo Files: 9eb9574e5434bcca9ef722c5826feb8c 2928 net optional freeipa_4.7.2-3+deb10u1.dsc dddf80fd3de85fa537f058a797b97d70 11965409 net optional freeipa_4.7.2.orig.tar.gz 409ecea12e2311b7486996cde2223979 284348 net optional freeipa_4.7.2-3+deb10u1.debian.tar.xz d0f6996b838bf66a9460458fad0343c8 13962 net optional freeipa_4.7.2-3+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmYBXm0ACgkQHpU+J9Qx HliTpg/7BXyzytR45J1Sr05u//PiwSnQfxq0gDykgq0hDUXOfGiop9zzUZA/JgGh kYfZpCpe+SRircNYla2ecDw8FOQ5GnOdrd/Ew7sN5tYt6N1UffyRrvhFJXxZDYNE ZQQP46zF4513yt0oNoOFl2GKMWb1GbWyCF1qJkX8nNvZg6AwgupxV26/ZXKwd70g 4ywfli9+r3clLTUG90xbuYYGJI7OApUOMVC/z6nYXGrkZAIumHKJiudz6cgraLw9 03wsfd+NY9SIbJwxS8hkRmus80PwuImeYX4wyNwqj8cDmUPmMy7r/66bb/+Pthnn Yvp+xCyW+3z0m9ta+RfZzGj0cpwoWjQS6MIrhN4C1ACpPfKA1BzZAxZEwHOz42o3 p2xzDo3uAr47sv5cSr7taQeO1EsnFYPhZpjnBSjsXIxH3VxkDolDvMuxFUqUqQhJ FG6zR0mZCVMVwFLZ/ffL1q2otW8JMcRfb0b0+eJYK1fbsac6GBLhdVD78I16fqCV MsnqqFtdiVI23KRVkP65ZwKN9xLxzy9o0QNWKUroJk6D3Qt2uALeHzVx3Ky7PpKO KT3YCWkyTp62MB4ONdDfe2QRTBXk4wOqGBm2mZyGnXHS0axZ9PDYkKc87S/c1d4I 0r750AI9ox3OoUNC9ihoqJAs/VsZx/7AwvJeOQ8MZeXtU70MWBw= =yEUd -END PGP SIGNATURE- pgpRPvwxUL7fW.pgp Description: PGP signature
Accepted python2.7 2.7.16-2+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2024 20:55:36 +0200 Source: python2.7 Architecture: source Version: 2.7.16-2+deb10u4 Distribution: buster-security Urgency: medium Maintainer: Matthias Klose Changed-By: Adrian Bunk Changes: python2.7 (2.7.16-2+deb10u4) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-0450: quoted-overlap zipbomb DoS Checksums-Sha1: 38e4e430171e2378c94266c416682879cd954c25 3362 python2.7_2.7.16-2+deb10u4.dsc e824c633a59fa2ca1dc2123de855007e64f9de98 17431748 python2.7_2.7.16.orig.tar.gz 7c628e8d9852ebb221d182507f955488c080d80e 331877 python2.7_2.7.16-2+deb10u4.diff.gz Checksums-Sha256: 2368bdba0dd8c10066ebb5eb092a6191d381dc3ce1c65ee811b0aca7c928a9e0 3362 python2.7_2.7.16-2+deb10u4.dsc 01da813a3600876f03f46db11cc5c408175e99f03af2ba942ef324389a83bad5 17431748 python2.7_2.7.16.orig.tar.gz 9cb6366a7a6959e449f68876c1c9f7db7e70df380e59a79901cbb57ed5eda18e 331877 python2.7_2.7.16-2+deb10u4.diff.gz Files: ba43c3cfc8692ccbbf1a1bbcd3a37d67 3362 python optional python2.7_2.7.16-2+deb10u4.dsc f1a2ace631068444831d01485466ece0 17431748 python optional python2.7_2.7.16.orig.tar.gz 9592a0343250a549323a6c1fe236176c 331877 python optional python2.7_2.7.16-2+deb10u4.diff.gz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmYAXI0ACgkQiNJCh6LY mLGPpw//WNTQvz6IPDo9FHwCy6hhy3ppDOVf2zUZ1s5CFjE4IWHQMDWrEHWjjRBo FAx9kXfKRi3S7eW23Jc0YKTBfrDaPWHsdh0/KJ5ykc8N291NccSbCLvxH8JXd0PD Yn7CPp+lFR778bup5x4oqp3nGoCYA2tNjPevBjDFAO87pPoUYnycskSrHFSrF1U4 +EZBA2rId7UxP3EJTQvC0/i55wQNeU7tgrQ+Aotbd6EHKBHSFOiCc3EeJW/ovLLV yQ2MIT4QT+vL2LbhzAV8qahD9rZyFjThMkDgTYzd/RLEWUN7XIETtSX6FrM0+Wdv nppNGy7NxXcnAx/S2WIPZDCpFjcdQcQNQHiP+gTHh7e6Dl6tysQugSzpx1F5lzDR AZdIuCPmzgXhEqUf46z6/VJzO/zwnjKPBJCXegSQ6KJtlKK+UgI8z/bjbX07fl9f IBWdXRYCMuMkZsiZnn0HJM9xdskCC+BXid573+u6jtJtW0wJH7tW2+PCnwk2Nxkj uQdC+z715B7vlnYIbb/RW+7VDJzv/2tBbUkVYAs6fBwW68S9j+5VT1HcIUJCAv+W 7nEjaMU6pxCAGttpTQDdckqnCG+gT85Bn2bFxizJ8RThadh1BFjAI6seE/xU6GW0 GP9RvlVZMZfcqTAytxmvP7fM39INlhDuOS0nSv9L49hj2x1sskc= =eRY7 -END PGP SIGNATURE- pgpcst9_kDlcp.pgp Description: PGP signature
Accepted python3.7 3.7.3-2+deb10u7 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2024 18:12:05 +0200 Source: python3.7 Architecture: source Version: 3.7.3-2+deb10u7 Distribution: buster-security Urgency: medium Maintainer: Matthias Klose Changed-By: Adrian Bunk Changes: python3.7 (3.7.3-2+deb10u7) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-6597: tempfile.TemporaryDirectory failure to remove dir * CVE-2024-0450: quoted-overlap zipbomb DoS Checksums-Sha1: b252d6cd779e8e659214992cdcecdd6b9c81d104 3404 python3.7_3.7.3-2+deb10u7.dsc e3584650a06ae2765da0678176deae9d133f1b3d 17108364 python3.7_3.7.3.orig.tar.xz d3a4d93d007d909d44ced9faae5247c82cc63870 253612 python3.7_3.7.3-2+deb10u7.debian.tar.xz Checksums-Sha256: 587d3af05bda31fcec4aca7157b73168f28ac5552d87eff0d2579b928ffddce3 3404 python3.7_3.7.3-2+deb10u7.dsc da60b54064d4cfcd9c26576f6df2690e62085123826cff2e667e72a91952d318 17108364 python3.7_3.7.3.orig.tar.xz b01fd29bf12e7e51f0210bce89fc99345e8887e1ba35318dfa0be1f07a29d0ab 253612 python3.7_3.7.3-2+deb10u7.debian.tar.xz Files: e7600e5820ec412e937c9079d14970d1 3404 python optional python3.7_3.7.3-2+deb10u7.dsc 93df27aec0cd18d6d42173e601ffbbfd 17108364 python optional python3.7_3.7.3.orig.tar.xz d6e4f913f1eea1777d40941e351f601d 253612 python optional python3.7_3.7.3-2+deb10u7.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX/RrAACgkQiNJCh6LY mLE6XA//Z/iFlBbiT+WNPA8DmblBhJEMCj6YUhfy4YOtcUy8k8mzDHC8x1c8msH2 YIEZZJjzxHwmCWlo9SxSVTs7VRjHvcGFYUHjdOfZcl68FObJUE55yfl0qHg1MpR4 KOCwvG/mxb9ZdK9TmQ2UJ8K6hxGPqvAd8Mh8IsUtPceslm6pKCpDxDeTS+XLWIzg UkvZ8Nxe9O0QaTnuLuUZzPmREAWRwsTk5nYCNqs5o4KpiglVemrv1mzvPhE0pLRF 5idDaDj/kziUNcPklvoYAgZq3EJZ0uVMCNyZEi0V+wQubUIfFevVPSJzqrNRv4z6 yEXxS8gphnegkhgLLbGWU5dFgBm4T6iACrUkh+GoJhcmLlZETi5lzVFgKAIMyEfW HG5c12RPvmDPWccWNZ4iDTYa3iZQCP7b6SGRTtFXILnrj7RPwcyJTFasQRU12Zet l7l4U4r28Qc6bF8Q2ow+72AB1mH+5bp1S3m7FzV0DYElNzZIeaYIdBT4E63OnXiB gj710tdGhDyOmwInuTKoXyAMqBadDRWscviT/li29yv4nsTCVnMG4/aM/ZQPaKyR nvWPLIEgECIScvMSKy3olm+I1MKWYh3w+lpjSG3SB2p0e1kOSI+fdZPhPRZrtD8m 17aXNBnKX3k3yLDNI4MFOxWSw61F6VekdhbkjluXAz1yosX3gU8= =bRIs -END PGP SIGNATURE- pgphvwdwxo7hb.pgp Description: PGP signature
Accepted libnet-cidr-lite-perl 0.21-2+debu10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 23 Mar 2024 12:03:02 +0100 Source: libnet-cidr-lite-perl Architecture: source Version: 0.21-2+debu10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Perl Group Changed-By: Thorsten Alteholz Changes: libnet-cidr-lite-perl (0.21-2+debu10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2021-47154 don't allow bypass of access control that is based on IP addresses Checksums-Sha1: 44ab6cb536378413accc77216c832d4bbb436488 2395 libnet-cidr-lite-perl_0.21-2+debu10u1.dsc 6d8e98d81bf9728d81598898f11fa0559fa2bd71 9931 libnet-cidr-lite-perl_0.21.orig.tar.gz eed4013b57f6e173945905facc55c936d455ff78 3704 libnet-cidr-lite-perl_0.21-2+debu10u1.debian.tar.xz 629fc72b277d39e6d8e6ee24bf310bb9b64e69bd 5982 libnet-cidr-lite-perl_0.21-2+debu10u1_amd64.buildinfo Checksums-Sha256: ab593b732761ed9973c6478ed5f148c60fbaea9766b9d8aa3213369a9c582c1c 2395 libnet-cidr-lite-perl_0.21-2+debu10u1.dsc cfa125e8a2aef9259bc3a44e07cbdfb7894b64d22e7c0cee92aee2f5c7915093 9931 libnet-cidr-lite-perl_0.21.orig.tar.gz 1287224290e8f2a94d2a3b9b2b36de23576fb9cfed4bbd2a31625b00c02dcca7 3704 libnet-cidr-lite-perl_0.21-2+debu10u1.debian.tar.xz b1c12d6de8916df60d37ae2c8a0412c790ced07888b5485361831b78ec0502f8 5982 libnet-cidr-lite-perl_0.21-2+debu10u1_amd64.buildinfo Files: 4b0f6019f254d508a306adf00351c208 2395 perl optional libnet-cidr-lite-perl_0.21-2+debu10u1.dsc 12280b3754886b876918f03f53aee4f5 9931 perl optional libnet-cidr-lite-perl_0.21.orig.tar.gz 98d95f64b1eaf157ee047901f5772651 3704 perl optional libnet-cidr-lite-perl_0.21-2+debu10u1.debian.tar.xz 4fd782e84ac6ba821087b56ee3434dec 5982 perl optional libnet-cidr-lite-perl_0.21-2+debu10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmX+zFBfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR0A2D/4pvAt4zymADlNSEZNV0PXwkmDEdEHx YA+25Z/l66G9yu3revq8sWVhfmxJO69DwMfrcRrV0nC+ZiFsmcLAH9HpH5kUq9TW 323MqhoqmDwDjdzM6jaWrVR0hstplYRZWwNWIzLi71K6myfVNxvoI+Eel14XPzBU nTmA7llso5w7aHt4o1MdMCOunXbUHYJ2onCY4sUqQm6sCMafWcHL/U3i6kimoIF8 Alk+aKEs2KAqU/xNCiqP6YaPf6xeq3YBS1U81Y5gjCpBYgqArLw8EBsGCIK228pF kSpPtASmUQ2aq6E6p5Gf+nRRCaUorAFlWlKwa4YLBNtHWe8w4wPKN1G2Ai2++lQh s4o8kS0hz1Lo6wJ11fDC/DYQECZ1sqOv2K5PpPYIXP6PgT7ok3G2EBl8w8sQH/qN TfsGdcaw7zRT/6rsjsU3glZNYCcOYVfGZSlr46VT4Izrl/kM8yF0bObTtg67h1gX nIBnpJV7+lzVlXqgYPy3GTbYRk3wlHorTPg6nbcKopOS83qmaPxMY66tNKZy6pr0 jd4NHd9T1sHqvZ04QfAgnJ2ItSssEtkwupWi2Fjr15BXXH7P0M5OBu467OIYRe6i vfHSeMJha6ZRwpoTLMnyVu+Ahu/8yDkv7JnsLpLV8iDABpzgZulJelv62qM87IVI nEEy6GDj3qt7Gg== =rqds -END PGP SIGNATURE- pgpjA2YBCpTP0.pgp Description: PGP signature
Accepted pillow 5.4.1-2+deb10u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 21 Mar 2024 12:20:25 +0800 Source: pillow Architecture: source Version: 5.4.1-2+deb10u5 Distribution: buster-security Urgency: high Maintainer: Matthias Klose Changed-By: Sean Whitton Changes: pillow (5.4.1-2+deb10u5) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Backport follow-up fix for CVE-2022-22817, upstream commit c930be075. * Mark d/rules with .NOTPARALLEL for an implicit -j1. * Backport upstream fix for CVE-2021-23437. * Backport upstream fix for CVE-2023-44271. Checksums-Sha1: c48ef695c8590d4b7cc20e6a29a3f42e9f60e97a 2883 pillow_5.4.1-2+deb10u5.dsc d2fcfc134378a108965faaebb49a2cd67eb67964 24460 pillow_5.4.1-2+deb10u5.debian.tar.xz 990dafce6df1683652e5ad452a5645f69209e23c 8884 pillow_5.4.1-2+deb10u5_source.buildinfo Checksums-Sha256: b7f935a3c2608d9b945b14dae6f70900dff87dcca388599580043c7c62507e10 2883 pillow_5.4.1-2+deb10u5.dsc 76bb4e2ee611b3fa1f94d90f854ad1469c0d7799982cb1d14478107a9b4673bc 24460 pillow_5.4.1-2+deb10u5.debian.tar.xz a2268fb1c25a2a68c6279e599a579160374e9fb7c4652fec75c13c84d59a2a19 8884 pillow_5.4.1-2+deb10u5_source.buildinfo Files: 5cea63c8fcbf81e01acd716ea226b570 2883 python optional pillow_5.4.1-2+deb10u5.dsc 51cf99ada7a6665afa35a99b8f896906 24460 python optional pillow_5.4.1-2+deb10u5.debian.tar.xz 114c46b34c6f97402844cfbd6ce1c140 8884 python optional pillow_5.4.1-2+deb10u5_source.buildinfo -BEGIN PGP SIGNATURE- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmX9NMEZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQOX6EACQngjzsZlILraek9X00xn5 NergvCxzZBxtAeFsJY7ulH+IaeDyNkgyVHAaVtSfgzVKr+acpPdHwh3UhvgH+wZq Cfbl03Fax1wtMS2V2K928EMhjLo7yTEGeuIzfoxrxne6M+xj37EaMknPDCpwLqFt droYt44/puyTU5KEOPJuoSNWN0l16Zg+sHl0f4CrG+jeKVH9+D2t+OcbQXRqX7RD sHadYr11wp6juZqZOkvAztyHe5pqEjyT3h6PFLJfAS5NCQDBnoWJT409YyqvXSvv 8ShuvqNBtn+RnwZ3lVsigNsg9fCfMKQ/JRWhQqO5J5G0Ra2/35TUBzJoWPpvhb2y OQkDEVrNIytZvWKLx1aT78nVzpdO7naScZRV+j2Ldo2jldtBNeCqm9d6z6AtbsvM +jW9MHIXY+Ay2aaxl9tV6AUab2pKZD26bvhUKAmtUWzeEv/Pm5/V/9afRdyVEXw1 6hqADJ7AWJriGyxGv2TQfQc3pfklD+9fosPGlqKTPVLvmwir5Vpoxrg7KPTQsEY2 qc2nB6I3Q71PhBWTqtl2kVgClQGy62qmSeJ0joDv9FEb9ECGtjzXz5K5du6ouC6i ZowKlP2RuwFZ7hXbaC65LwjdGUCVfXIXinf1dZ7gMy/TRGne5upw7DJwpSLEjKxw yzA/OwhM4fb4T6xvXtbRug== =h1/D -END PGP SIGNATURE- pgpN4JClbpU2i.pgp Description: PGP signature
Accepted thunderbird 1:115.9.0-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 21 Mar 2024 16:34:56 +0100 Source: thunderbird Architecture: source Version: 1:115.9.0-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Carsten Schoenert Changed-By: Carsten Schoenert Changes: thunderbird (1:115.9.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security Checksums-Sha1: 1b3fc92db42eeac76b2fb6cd277417c59498996a 8391 thunderbird_115.9.0-1~deb10u1.dsc 1d1afebc3e648fca7510814e60dec31134a2054f 549460 thunderbird_115.9.0-1~deb10u1.debian.tar.xz Checksums-Sha256: 8277aff0a7fa1029158cda962da04a762d05eca1293d39e1feb1b25ddb641680 8391 thunderbird_115.9.0-1~deb10u1.dsc bcbaaa1c99b1af555f115d28d995b5babdafd7afe5db01856f71310add74969d 549460 thunderbird_115.9.0-1~deb10u1.debian.tar.xz Files: 99adb91937516d489dddf88a87f821fd 8391 mail optional thunderbird_115.9.0-1~deb10u1.dsc 7d5d937ae194502e23c5eda9c5193d38 549460 mail optional thunderbird_115.9.0-1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmX8h58ACgkQgwFgFCUd HbA69w/+M/qO+wreJ3ArecAdK51z0Pco2N9tr61+Pun5eFuvujO43KL0Q5+Fkbjf zOnaSWVX3KMPPr+SlKqnPe3ChKhsoeIxcvqhOIFvk/bcuPuby+cHiKSih3Nb1AG+ Pvnr/33vUkY3Xt8WZPNfVdmHeZxvEy2uKp8FJPqgw/u5Ur6HqJGn0iLMrynNUvNW mCaiICOkBSydzuAorQN0kkQVKrzco/6b65M+93IcKhX3AZw/O1ZamM9k6pEPfwGF Ndaa9+d4+IXLjmLke/KhC42i0dGrFwL21XkLUqsJ2RGyXojgC8WuRdz41xJ4Ahpd geAmgcXfpV4vjGL/MMqulR9k0oZdnvR95FtF5DHtRd2QMa5urWYXMKvKND8NDaeC dvwTuL037qR4wBLRPEH58hNNBhOkv7bAJ+gSEawb6FEttWBjcRxFGXs68OonNch7 wmkCDEibD/LwASK6ZCMBvdgPHMN4lZG7C+nU6o9Qa1EpS9IKSnKEYz408uJWurIB X0y0Bg3r2C4F24rftnPnspHm4jvra6d0ow2v7SQJPuYxQPEjjRQuzwtvKdeoBU9r kldddMn4C7+R/z4OAu8VAn+xdTCu+VLVI9y7OznQFjpUcFv0oUF87+/BYmtHaTRQ HKr/I9JlmBNm+vaGL3GeG/qaxr6mu7MtcVvnkvDMxrrYZZSpzY8= =z9J2 -END PGP SIGNATURE- pgpXuCU7ReMBf.pgp Description: PGP signature
Accepted imagemagick 8:6.9.10.23+dfsg-2.1+deb10u7 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 17 Mar 2024 15:34:05 + Source: imagemagick Architecture: source Version: 8:6.9.10.23+dfsg-2.1+deb10u7 Distribution: buster-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Changes: imagemagick (8:6.9.10.23+dfsg-2.1+deb10u7) buster-security; urgency=medium . * Fix CVE-2022-48541: A memory leak allows remote attackers to perform a denial of service via the "identify -help" command. Checksums-Sha1: d46802b712cf36009139a990fe8e0c6718a8e579 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u7.dsc 3f9a2a33bfef8572408f8a2a252ab401613ee17d 267020 imagemagick_6.9.10.23+dfsg-2.1+deb10u7.debian.tar.xz 9b6f2253886c258a83d9e546edc4393bc78e57cf 31699 imagemagick_6.9.10.23+dfsg-2.1+deb10u7_amd64.buildinfo Checksums-Sha256: 47484df76dc887fa59823061d63a69564e654940013f4940159549d67a01ff6b 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u7.dsc 249b3fb7f114074af2126215f9ae3cb4d02fbc7dfa54240d7b2249cfd40d624a 267020 imagemagick_6.9.10.23+dfsg-2.1+deb10u7.debian.tar.xz d6db9d2e718f28ca5be18d523b113c658cfd2867f5c0c8cc71b0b73379e3062e 31699 imagemagick_6.9.10.23+dfsg-2.1+deb10u7_amd64.buildinfo Files: debac897a7854aca82d73629285d468e 5239 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u7.dsc 15681594fff6de13c7e807f8bc1ba21a 267020 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u7.debian.tar.xz 3631b4714b19ff3b5ad63bb73320579d 31699 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u7_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmX6FPwRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF/ZLhAAmZlvTkhASpjubiSmii7DefS9IqtkbPGA fpisFLHrFaEKXT/uBZL1UTy5lQbcPiRa4lZXytW2lj6j/Zvd97NqtIVI6fA9xIpl qHzG1KJ6lql0lJsXnRzA1l2nx02Oocd8PqI+TiwMobwP56ElJsTH3nzW8rSJheCa czfUjjSlVOPuDuS4Yb/WeL2hjfBisl/Q7WKqKWeIF3rUFub/s8ccz6QNS0tnXOGk pplau1SZBrTZMztiLYffIKVr2M69/FjDKDj1rjuAlEGYVQ/Hm8JO3WY/GTtu6HwM qlCj0m7UjKM0ApA1OmuxEeO7rEu3iH88XDWN1eGMSxDnO2Sr/amjaA6tgyYbi09z hzo8auJq6SC5WuO5JoPfvFP16UvYsYOYuUqRXNqEuASdSDaOoeKeKt3qMDy62QZm nvqiNT1zNeZj13S5bpOvCXcaaZK7zrEi2BtRbj7BwrqSayjuhDGH5XfhPr5VM88a 5wFVR6jzURzaikseMMPoLZKLpz7jTnUcWEuAdXSKZzHqw1O6vZxX4wWsbqIFwcnT p0SfRFoMJ8USimyWS0c/tADaL45vXm2GbLSNws6UlbzWt/wIJ73RoaOMrA2rmjsJ kKFNVINqdROlea5cFaYWeWrFDuQ5011TcEp4YiboE+ksrDYakcdy34a9fpPpPMif LLQQ9V3lChE= =gdeH -END PGP SIGNATURE- pgphJUm0vdaqk.pgp Description: PGP signature
Accepted zfs-linux 0.7.12-2+deb10u3 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 18 Mar 2024 03:45:43 +0530 Source: zfs-linux Binary: libnvpair1linux libuutil1linux libzfs2linux libzfslinux-dev libzpool2linux zfs-dbg zfs-dkms zfs-dracut zfs-initramfs zfs-test zfs-zed zfsutils-linux Architecture: source amd64 all Version: 0.7.12-2+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian ZFS on Linux maintainers Changed-By: Utkarsh Gupta Description: libnvpair1linux - Solaris name-value library for Linux libuutil1linux - Solaris userland utility library for Linux libzfs2linux - OpenZFS filesystem library for Linux libzfslinux-dev - OpenZFS filesystem development files for Linux libzpool2linux - OpenZFS pool library for Linux zfs-dbg- Debugging symbols for OpenZFS userland libraries and tools zfs-dkms - OpenZFS filesystem kernel modules for Linux zfs-dracut - OpenZFS root filesystem capabilities for Linux - dracut zfs-initramfs - OpenZFS root filesystem capabilities for Linux - initramfs zfs-test - OpenZFS test infrastructure an support scripts zfs-zed- OpenZFS Event Daemon zfsutils-linux - command-line tools to manage OpenZFS filesystems Closes: 1056752 1059322 Changes: zfs-linux (0.7.12-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * silent failure when parsing IPv6 restrictions - debian/patches/CVE-2013-20001.patch: pass through ipv6 addresses in bracket notation in lib/libshare/os/linux/nfs.c, man/man8/zfs.8, tests/runfiles/linux.run, tests/zfs-tests/tests/functional/cli_root/zfs_share/Makefile.am, tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_007_neg.ksh, tests/zfs-tests/tests/functional/cli_root/zfs_share/zfs_share_013_pos.ksh. - Fixes: CVE-2013-20001. Closes: #1059322. * backport of "dnode_is_dirty: check dnode and its data for dirtiness" by robn. (Fixes: CVE-2023-49298) (Closes: #1056752) Checksums-Sha1: 3b4a43f5f70ffe9683e367cf7f9b7ea9c23cfb04 3089 zfs-linux_0.7.12-2+deb10u3.dsc ac7b0856501adb6135f1acca71e23e48aeb9adcc 6565017 zfs-linux_0.7.12.orig.tar.gz 8d48eb16bee95d58375d308d08a5c808ec1cac62 54736 zfs-linux_0.7.12-2+deb10u3.debian.tar.xz 429aecb56cc4886154163ecd1347746db79c0786 47668 libnvpair1linux_0.7.12-2+deb10u3_amd64.deb 9e9b815b8f34caa6f5eb488fc0941e146e319a94 50424 libuutil1linux_0.7.12-2+deb10u3_amd64.deb d368a8d6112e74a05314ee43a443f7ed3d9fd154 140708 libzfs2linux_0.7.12-2+deb10u3_amd64.deb 677c69ff193c6245d465fa51a88f7a5d3d00f629 1034760 libzfslinux-dev_0.7.12-2+deb10u3_amd64.deb c77160d2e963c0e9dfd653455eb19e4aef11 571348 libzpool2linux_0.7.12-2+deb10u3_amd64.deb fce043ab32cd6a5f43480d4ee2e00d0a1c5d3b26 4358104 zfs-dbg_0.7.12-2+deb10u3_amd64.deb 30b832cce5ea7d406f2104f367e51e0ad3194289 1399876 zfs-dkms_0.7.12-2+deb10u3_all.deb 7313d9124b31c44dccdaa2750acc18813a8df438 23300 zfs-dracut_0.7.12-2+deb10u3_all.deb 53839a1186de55cfdfd4a05896bd3a9b6b1a2fb1 27452 zfs-initramfs_0.7.12-2+deb10u3_all.deb 13c9a3ff78a4a934cf99babe594056f5d67c52b9 9807 zfs-linux_0.7.12-2+deb10u3_amd64.buildinfo e836871a94ff4a48a5dfab6f9914f520d116ba84 2547684 zfs-test_0.7.12-2+deb10u3_amd64.deb b3bbcc2fe7749980d39916d02a3dd3de66e71459 64672 zfs-zed_0.7.12-2+deb10u3_amd64.deb 59c477229ffe65ba54c759ac01ed7ff0fcc37a23 292368 zfsutils-linux_0.7.12-2+deb10u3_amd64.deb Checksums-Sha256: e2e32059a2b5d6b9ca1b2292a542dd1089d8db5dbc3b3a8d6053602ad8eda612 3089 zfs-linux_0.7.12-2+deb10u3.dsc 720e3b221c1ba5d4c18c990e48b86a2eb613575a0c3cc84c0aa784b17b7c2848 6565017 zfs-linux_0.7.12.orig.tar.gz 30658a439cd65553349833fde1163432e2441a5b3f3e2aa65b061e46ceb37766 54736 zfs-linux_0.7.12-2+deb10u3.debian.tar.xz d0c9f61e45f35b21f4c534375e0197a2b660e1690dded818b7d07676034997a8 47668 libnvpair1linux_0.7.12-2+deb10u3_amd64.deb 2ecb1c3a740e069bf9304386ca11ae78d901b68acccdfd403bcebfdec2aa4f02 50424 libuutil1linux_0.7.12-2+deb10u3_amd64.deb fcb45078cc5669d52fcfdfaed6d9c1695400a23fc0709a7bed8147d677221ead 140708 libzfs2linux_0.7.12-2+deb10u3_amd64.deb 4703efc7581b470927cee20682bfb6f1bed41ced9036be42653fb9e2147386ad 1034760 libzfslinux-dev_0.7.12-2+deb10u3_amd64.deb 9646e1f89971ef6ca5ec4b8680188812c633130cd347095ecaa86159139a3e77 571348 libzpool2linux_0.7.12-2+deb10u3_amd64.deb 880ec6de7f49ebec4ff67d509a5b12bbe82284abbc95249fd836f031a99a117d 4358104 zfs-dbg_0.7.12-2+deb10u3_amd64.deb e6208094c3ae77bf2b000cdad1aedaf37de172ef388dc3e7d455ac477926472c 1399876 zfs-dkms_0.7.12-2+deb10u3_all.deb c5611fde4cbadb874f0b32cdf1321f7a16b88ebf119f1905d3dfa0fb71c57618 23300 zfs-dracut_0.7.12-2+deb10u3_all.deb de0a2a7dafe39ef246bdefe649f8cfdc3efd4b789c4140b20cca567c9a18dfaf 27452 zfs-initramfs_0.7.12-2+deb10u3_all.deb 6e6958a6483793446545ebbe7eb1c6ec2602b122c89a4a2303f512d0f29c7702 9807 zfs-linux_0.7.12-2+deb10u3_amd64.buildinfo 0cc1fd526a1091d66586075b3e4a247b5aa39bc74698268e562a1b0388148bd2 2547684 zfs-test_0.7.12-2+deb10u3_amd64.deb
Accepted cacti 1.2.2+ds1-2+deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 10:18:20 +0100 Source: cacti Architecture: source Version: 1.2.2+ds1-2+deb10u6 Distribution: buster-security Urgency: high Maintainer: Cacti Maintainer Changed-By: Sylvain Beucler Closes: 1059254 Changes: cacti (1.2.2+ds1-2+deb10u6) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2023-39357: When the column type is numeric, the sql_save function directly utilizes user input. Many files and functions calling the sql_save function do not perform prior validation of user input, leading to the existence of multiple SQL injection vulnerabilities in Cacti. This allows authenticated users to exploit these SQL injection vulnerabilities to perform privilege escalation and remote code execution. * CVE-2023-39360: Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data. The vulnerability is found in `graphs_new.php`. Several validations are performed, but the `returnto` parameter is directly passed to `form_save_button`. In order to bypass this validation, returnto must contain `host.php`. * CVE-2023-39361: SQL injection discovered in graph_view.php. Since guest users can access graph_view.php without authentication by default, if guest users are being utilized in an enabled state, there could be the potential for significant damage. Attackers may exploit this vulnerability, and there may be povssibilities for actions such as the usurpation of administrative privileges or remote code execution. * CVE-2023-39362: An authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. * CVE-2023-39364: Users with console access can be redirected to an arbitrary website after a change password performed via a specifically crafted URL. The `auth_changepassword.php` file accepts `ref` as a URL parameter and reflects it in the form used to perform the change password. It's value is used to perform a redirect via `header` PHP function. A user can be tricked in performing the change password operation, e.g., via a phishing message, and then interacting with the malicious website where the redirection has been performed, e.g., downloading malwares, providing credentials, etc. * CVE-2023-39365: Issues with Cacti Regular Expression validation combined with the external links feature can lead to limited SQL Injections and subsequent data leakage. * CVE-2023-39513: Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. The script under `host.php` is used to monitor and manage hosts in the _cacti_ app, hence displays useful information such as data queries and verbose logs. * CVE-2023-39515: Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_debug.php` displays data source related debugging information such as _data source paths, polling settings, meta-data on the data source_. * CVE-2023-39516: Stored Cross-Site-Scripting (XSS) Vulnerability which allows an authenticated user to poison data stored in the _cacti_'s database. These data will be viewed by administrative _cacti_ accounts and execute JavaScript code in the victim's browser at view-time. The script under `data_sources.php` displays the data source management information (e.g. data source path, polling configuration etc.) for different data visualizations of the _cacti_ app. * CVE-2023-49084: While using the detected SQL Injection and insufficient processing of the include file path, it is possible to execute arbitrary code on the server. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `link.php`. (Closes: #1059254) * CVE-2023-49085: It is possible to execute arbitrary SQL code through the `pollers.php` script. An authorized user may be able to execute arbitrary SQL code. The vulnerable component is the `pollers.php`. * CVE-2023-49086: Bypassing an earlier fix (CVE-2023-39360) that leads to a DOM XSS attack. Exploitation of the vulnerability is possible for an authorized user. The vulnerable component is the `graphs_new.php`. (Closes: #1059254) *
Accepted postgresql-11 11.22-0+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 18 Mar 2024 14:39:21 +0200 Source: postgresql-11 Architecture: source Version: 11.22-0+deb10u2 Distribution: buster-security Urgency: medium Maintainer: Debian PostgreSQL Maintainers Changed-By: Adrian Bunk Changes: postgresql-11 (11.22-0+deb10u2) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-0985: REFRESH MATERIALIZED VIEW CONCURRENTLY privilege escalation Checksums-Sha1: c070b9134a8cd022be5bc108308084fff81ebcb7 3745 postgresql-11_11.22-0+deb10u2.dsc 7dde93beb9d4663f2a062cf4eb1b05f452e00528 20482994 postgresql-11_11.22.orig.tar.bz2 409e8edf9eb54308d5a46a9fc1acaaf277ea456f 31264 postgresql-11_11.22-0+deb10u2.debian.tar.xz Checksums-Sha256: 69cdceb7d5dff9b822b5c84c08454e93b1528c5086c250eaa6a5c28a6e34cee5 3745 postgresql-11_11.22-0+deb10u2.dsc 2cb7c97d7a0d7278851bbc9c61f467b69c094c72b81740b751108e7892ebe1f0 20482994 postgresql-11_11.22.orig.tar.bz2 addff5d61239c7f376b0378cc5ba99d164f5e08c30a71958bcab9711f6f804e5 31264 postgresql-11_11.22-0+deb10u2.debian.tar.xz Files: 93003c7fe92fe42fe4ac06b11c5db172 3745 database optional postgresql-11_11.22-0+deb10u2.dsc 6e7d050f23e35ec20d76297a6d4ce30d 20482994 database optional postgresql-11_11.22.orig.tar.bz2 55e2fb4afaedc8bc86c419774ddd4d94 31264 database optional postgresql-11_11.22-0+deb10u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX4Q+oACgkQiNJCh6LY mLHHYxAAyuktg767+iwQghS7dkjmSRkgnHa9psU+hMc1rdWW04QSnMLG5rceg0uo UkegLnO99QX9hO02YKHhC1JoATk/yRSIulspxFE5Vv7Pcj9tBnio7H+fnSnejJG4 vJyxtuGkA119CB56JxEPNucvwYdNReZHAlqlFa8BnccvvEs5Cry+jwU6qhYR1rL1 C9qBWLOpUMBl+2xUWp0j4Oh5IiIfe3Yx8xTXH7+YFZD2LAnElPg/vipl9CvEPo13 pfHAxfHzl973pCtYHT3i6PAYMnbAPcNNgNDTlcrmXDKdf6uqs7/iKB0qde9mu0P6 WAQ8KDvX9i+Uvxh7Wzojc1ioxl9zP8s9SClWANoaKAh86MJ4yUuSa1PFtLc438Z2 mAUgRQXiZuLQPA6XJLZ21wbGW/O/dHbHid0+xaVrc+/AUVxasM6dzYEG4rvfGob2 P/eQ5uFHwjceE1KhxWIYnUTpXDFMBx8jY9/5lKDfjsr6o9yhy0c3DDubapQpUkpQ KfpfQpxtmfANQ1YmsqF05v9DzKJBpbLWoyzOUgrpS61KT9I+m4KS44gtcSVccUok JYNHU0VC1oeqDumMXi7Yd0QSIPrDk7IkJki07RYD6IWq39tZqjV6RQcq81Rurn7x XdfbsvN8r2o77mZd/6kcqqDoEC8yKJSVuYpzAG7B/AuTSYYh7iE= =Kzny -END PGP SIGNATURE- pgp7ZzIzxvE14.pgp Description: PGP signature
Accepted curl 7.64.0-4+deb10u9 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 28 Jan 2024 21:15:21 + Source: curl Architecture: source Version: 7.64.0-4+deb10u9 Distribution: buster-security Urgency: medium Maintainer: Alessandro Ghedini Changed-By: Bastien Roucariès Changes: curl (7.64.0-4+deb10u9) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-27534: A path traversal vulnerability existed. SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user. Checksums-Sha1: 8e53de70724514047ea998bec09101d2aab8ff38 2719 curl_7.64.0-4+deb10u9.dsc eb536d14661eb4d8e23f866e97f901d9f8feda13 72416 curl_7.64.0-4+deb10u9.debian.tar.xz 53144bba08895f6ae59c924349c484c10f08526e 11907 curl_7.64.0-4+deb10u9_amd64.buildinfo Checksums-Sha256: 4aa1619bb94edf34dc8c66fce4665089a9d2daa78ddaf0af7c9d63180b5bd306 2719 curl_7.64.0-4+deb10u9.dsc ca0718f3388879cc2c7b6db8d5d784c88ac599721812888c45d84b63c454ef58 72416 curl_7.64.0-4+deb10u9.debian.tar.xz cd3962af92e091a5a0ed3e060c9d5cb47c41608d06d857fe9b77ef1ecc4e17d4 11907 curl_7.64.0-4+deb10u9_amd64.buildinfo Files: cf55c9f3a6de5818ff9615d66de703c0 2719 web optional curl_7.64.0-4+deb10u9.dsc 4cbf807feb576058d9f97c770fbb1883 72416 web optional curl_7.64.0-4+deb10u9.debian.tar.xz 3135e1334b8b96fa5ed9c89794b7beb0 11907 web optional curl_7.64.0-4+deb10u9_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmX2F3MRHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF8zpQ//SPJkue0+/4hSUMnsEcCBTQ3THSMyzook 6wqA66Pphjeyy37TRvZfV6Xcvpx/yfRcJ2hh0xpiz9eOF5CR6xbwXvvfpgxuroZd Z12XxfjHFLTA5Go8zvm/zf3wuqkjvNBv5OMOHhojJ2K7Z45oba2ZdoOncyjm0dua bxzmbQ3i5n9I5tgIftoysX3TfSvAVTwAzlo8z8XnPgRBsuIm2ODVXWLyi37EPQ5A W7cHDiQ9aplSotT2C3MRglAo1IhKqkMAc01vKN9wKwEuvPHOLUy62If2yuo9VmGx FY5oDUXa+Cz6rGi0tZ2XLKqLN+gEqitJP00IWf4kwLH03ZLMQUVh3XvVr44E8Qhe mSEYl4rZBFn2rDt5Qdjys9UmA8K6olqvfaXk2y1I+zQpEokOqKLVyB1sOf1LPRtl IUFMTwCIJHuT4BhMd9+kDQPwmXEB0TeteCWjNfoKgsz8k68YcNxROFdMsmq4ljAH vn5FIPuwgOIAawVPf/ulq6n6aYOBZBArJyKQ5MHkiwNLC6MnMs6bP/IUmKNuHvz0 yckzJxp82SE/nedx4K0pu3HjbePosDp68WvUPb9mJ5L05uc16eTLyH2WzRotNspz 1lxikYwHJhBfwsrrKsoQVt5biqwFX3osbOTGy1rJpC4QyT9yfvmJXItpb02B8Ez5 chPSkTcKa40= =wIDA -END PGP SIGNATURE- pgptlf1z0elgB.pgp Description: PGP signature
Accepted unadf 0.7.11a-4+deb11u1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 17:09:40 +0200 Source: unadf Architecture: source Version: 0.7.11a-4+deb11u1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian QA Group Changed-By: Adrian Bunk Closes: 838248 Changes: unadf (0.7.11a-4+deb11u1~deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Rebuild for buster-security. . unadf (0.7.11a-4+deb11u1) bullseye; urgency=medium . * CVE-2016-1243 / CVE-2016-1244 (Closes: #838248) Checksums-Sha1: 9ba06c70d7512e628172258ffca5f4f6181e4491 1773 unadf_0.7.11a-4+deb11u1~deb10u1.dsc 63c05f97302ff67f5d7ff2d9e33f9a66196f9578 209458 unadf_0.7.11a.orig.tar.gz acf1ceb7cc6739cb677d24a60c8bece88a32fd5b 19512 unadf_0.7.11a-4+deb11u1~deb10u1.debian.tar.xz Checksums-Sha256: 30825d9562278e42ea7c56ca485a069577ed1c9b75d169c0ccc5db6f2f8bf64c 1773 unadf_0.7.11a-4+deb11u1~deb10u1.dsc fa9e0e34b1b0f4f4287905a3d485e3bba498451af98d6c12be87ab3a2b436471 209458 unadf_0.7.11a.orig.tar.gz a752213031c3cd886a4d71a9014688827fdc11d6a15d5eac77ce8ccba86b60b9 19512 unadf_0.7.11a-4+deb11u1~deb10u1.debian.tar.xz Files: de53f580e6df1e1ee9665899012a 1773 utils optional unadf_0.7.11a-4+deb11u1~deb10u1.dsc 63c21eeb61e1473d8dd214e0b39cb819 209458 utils optional unadf_0.7.11a.orig.tar.gz 00e10ad9294f250ba7bb54dfa710bda5 19512 utils optional unadf_0.7.11a-4+deb11u1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmX0bBUACgkQiNJCh6LY mLGSYQ/8ClNBPKfhWH6O67ngxR0tWOCrH3UUdTRZ992282OX2an8J3pQzZbsbtif 75zgO8z0O1PTkR7KrZKCvxv/wyZmGBT2bivCHrOWYXLEcup81E5QhE8K17XxV4KW Vgss5A+WWEDFQIFsDdBasxGyYkKX00e9IIjFB5VfoqRVuuuUZxBbFQRwBQYS9Wcd jMnF06diyIxzqU8ofpD8uMlGAynXWmH+YccJ6ZHW+l64l6AVlFhPy+YmWQUvEDtc X5IvPIXN0Gi6py6OotBzs++F7OV9+Ud70Tf8wS17bZ1u+0UzKm49apj+qTr93bqB /g5CSRNbSXqsbd3Djsiy7u151cNjNHkO+9gbULQukD02EMZBEgnptEg+OTnsekt3 2wp2G8XxFdBgPX0VxpU/gv56crp8b2asnfyGKnyAu/Gk6iDxbTyUALNpnKsTGSrG BsNUD1M96MmiS08Gn6CclusQ0rmf6EkzoETbrJAenFIIw/CmlChgR1Od05FFhFNP hg9MMHKuTr0O73ZcPQRMZMBqAV9B77C2wBr2305h2IijBm/mXIVYDz07IJej0UDD UZmW53kRiBmym+qCbpod5ERx1RrlHSq3WhsbNhoQk4bBkrVnQpGVDEq8hKmiPFfn p0sRwsGPwlJR7ti02HspXUulOjMyMIyTmNFB6JIJKVTadoG4Sxo= =MOTz -END PGP SIGNATURE- pgpqDTOQxKJl4.pgp Description: PGP signature
Accepted spip 3.2.4-1+deb10u13 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 15 Mar 2024 13:02:54 +0100 Source: spip Architecture: source Version: 3.2.4-1+deb10u13 Distribution: buster-security Urgency: high Maintainer: David Prévot Changed-By: Guilhem Moulin Closes: 1059331 Changes: spip (3.2.4-1+deb10u13) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-52322: XSS vulnerability because input from _request() is not sanitized. (Closes: #1059331) Checksums-Sha1: ab1f908001a54dc33f8e3500f36a60a880449565 1841 spip_3.2.4-1+deb10u13.dsc e4782f426cc4efddfe3c02973d98b8c3414374f8 115392 spip_3.2.4-1+deb10u13.debian.tar.xz 6b384f6a7f2305646befae3f2bc4a88a9c872701 8374 spip_3.2.4-1+deb10u13_amd64.buildinfo Checksums-Sha256: c105aec2c626205327c4fbbdbdc7b73f7dbbe49d71cb0f6332fccafde8d9fd32 1841 spip_3.2.4-1+deb10u13.dsc a442e278604c315afb5faa3b7fc6382591b8ce135024dc44be882f51eac9514d 115392 spip_3.2.4-1+deb10u13.debian.tar.xz d3a03fdaf21f5a3ac82e39ead8da09d9e0bcb56ce67dceef133b628f7da2f096 8374 spip_3.2.4-1+deb10u13_amd64.buildinfo Files: 98a320ef8b17b50e8fa1e71655b281c8 1841 web optional spip_3.2.4-1+deb10u13.dsc c183479466def73fe27401fca05d7598 115392 web optional spip_3.2.4-1+deb10u13.debian.tar.xz 78999210fe783d8aa0ed669a71844e1e 8374 web optional spip_3.2.4-1+deb10u13_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmX0OrIACgkQ05pJnDwh pVLzKw//d73y5Zxh0f4+/B1jj0RMpx1QigZWESMJDqwpNTRo/91XPqijIl287P44 e9TIrpykgv2vdo+JGv+M1Bj8v8SIt44FDWk1F1rv3/3Ii68JD8LSQKkR0CIyNO27 ra0DjujGlmEg6s0ickuRxxtM4vDPTvYOx29g1ImlElizaBrc4pNBVepcyb1e+ln2 u1nhB0i2dktHlZyKlamXaNQ4yIszwkpKwH3fgKd7Wm09OpZ7CPPJt6MYew97XoUO bi/2rp+Dc3MdgXKT9qXcqjI0/jCG/r0NQsE6Akc/HU/TLwwpi7KHCZEIQi51f3fh CZSmL55RgRBQrhuSnt6VIIKgZveVum/xpuUCkL+7kqeEjnXCUAukSZtduXSAmQaT 2Bwl5RuZoBxWuZ1uDZrDWa4ONkIkiy2qZuvkSuBjPddnXbMTfbI4rdODXXhKAvml 57EXdLjmt1TysK3mJV757wTQwxZOxRbFtnO/Y0t+B5M41QzKbZAIfV09bcQ0gAvJ EiSR0ulBgprGH+Besy+NG1FpY1FMSVBq+wsKWpVjtG5vYLlHZO4yQiz/c8TppFQE Xd/gJXaNeW3unb0tL0f5lCpxFOlS4TrSMF7R7OkEKGWwlfIRZCaI33Sc7l80YJ7j kxogYzca5cp4AHrrVVFS4U5fNcdDSZMMIhSTKuGYMmrXYG5MrsU= =AaAb -END PGP SIGNATURE- pgp3fsaPp1oHb.pgp Description: PGP signature
Accepted node-xml2js 0.2.8-1.1+deb11u1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 14 Mar 2024 20:48:47 +0200 Source: node-xml2js Architecture: source Version: 0.2.8-1.1+deb11u1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Javascript Maintainers Changed-By: Adrian Bunk Closes: 1034148 Changes: node-xml2js (0.2.8-1.1+deb11u1~deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * Rebuild for buster-security. . node-xml2js (0.2.8-1.1+deb11u1) bullseye; urgency=medium . * Team upload * Add patch to prevent prototype pollution (Closes: #1034148, CVE-2023-0842) Checksums-Sha1: 2731bbe28462f4781f19f75a132c6b80312c8166 2103 node-xml2js_0.2.8-1.1+deb11u1~deb10u1.dsc 65182e243c4b8acfd751f123591d9dbe818debb5 12847 node-xml2js_0.2.8.orig.tar.gz 95dc534505dc7ef99519ced2e62d2d4effd84190 3044 node-xml2js_0.2.8-1.1+deb11u1~deb10u1.debian.tar.xz Checksums-Sha256: 7b1bbec572a2f8707890fb19f81ad2de71b0a7aecbc41ca84df7f7abcde0a34b 2103 node-xml2js_0.2.8-1.1+deb11u1~deb10u1.dsc c64e4df652d7e29bd8a7dc81eaae44ee359cc82f2f1329ce7c2ed3db10f5 12847 node-xml2js_0.2.8.orig.tar.gz 63774a3644c91e72f3373a6073308bee9410f8b7af09b69f4a093033df60c53a 3044 node-xml2js_0.2.8-1.1+deb11u1~deb10u1.debian.tar.xz Files: abf5583aa2ac565ddee3984175ea8fcb 2103 web extra node-xml2js_0.2.8-1.1+deb11u1~deb10u1.dsc 42a30c204ec7db559cd0e6813061a0f4 12847 web extra node-xml2js_0.2.8.orig.tar.gz 5e0d01cfe52ceaf9f23dd2642d6f9251 3044 web extra node-xml2js_0.2.8-1.1+deb11u1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXzS1YACgkQiNJCh6LY mLGJ+BAAmg3ZJLBMHXH0P87f9rguCu+xu8g/fK5S65k1JR3QZHrxjpS591ORF/l0 3FwEM9gUrPOj/+cG8pzNABOvknXkbzZ8Phh3ZhL5nVvjS80S0WJvJBzBgFqCcsu5 q7QxZjbhNqEUMVNYt6dfZ/cgn5UL386VJrc7Ah9gOMokHCdVQNAlgfzbfgwNqbcr 1uzSupHBsrv/plfhbM7xJa09T+6Yx4tsEP9/nhw+S3zgW5evQnuhTd51ZoeWwvYz kVc9O2uLwQeKcGoTXh/KJNKC7oiq13tAd/J/MGc67C8Sj8ZEVVX5JwvLLueidzLq UWHBncEz+sDApph03nx+P57VaUKPZxXfejdH5QWIYDxF4I4W+uzSGzuufin9BR5P as8kMSOHuX1IyEFvQqgvKUZelhDIBxv1HVRZK8EbfSYyLLyqfwf0QRWvRsOW8LbK 5hVTh8lnEVWW1FHMqspayc6HzbwroArzwhIGzLkzuL7Sp1f7pnCzxycLFKU1CzIW tihg10F+hDVD2+1hrnYkD4xI2XVqpFakKEvmplPV/KFcaLSA8rbBGjzoJdxF0zBi jv+eL/hBg9QZBRtu3FDxFw2upPn70IYb6ijxjfm0zZzmTTvH7+X2opamu2l75Y5r Ecwtq8zi913gF4CuohP0WSQgxH8pN17JZNcnM6FOTWFuvSIWHF8= =SObi -END PGP SIGNATURE- pgpVBKu5pryqO.pgp Description: PGP signature
Accepted qemu 1:3.1+dfsg-8+deb10u12 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 11 Mar 2024 16:57:08 +0200 Source: qemu Architecture: source Version: 1:3.1+dfsg-8+deb10u12 Distribution: buster-security Urgency: medium Maintainer: Debian QEMU Team Changed-By: Adrian Bunk Changes: qemu (1:3.1+dfsg-8+deb10u12) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-2861: 9pfs did not prohibit opening special files on the host side * CVE-2023-3354: remote unauthenticated clients could cause denial of service in VNC server * CVE-2023-5088: IDE guest I/O operation addressed to an arbitrary disk offset might get targeted to offset 0 instead Checksums-Sha1: 56eade879d15e7505ae5a888b2a67f5d66400830 6484 qemu_3.1+dfsg-8+deb10u12.dsc b6a6c31d146b13e14af253d6dc25f16ccad7d060 8705368 qemu_3.1+dfsg.orig.tar.xz 5032dc464e34e2cd3690b87f08348a91761a4619 148856 qemu_3.1+dfsg-8+deb10u12.debian.tar.xz Checksums-Sha256: 3c096d29c7d745d2d6e97ea64b9961296f557ebb261749928ad60ba79f5fcc24 6484 qemu_3.1+dfsg-8+deb10u12.dsc 2f277942759dd3eed21f7e00edfeab52b4f58d6f2f22d4f7e1a8aa4dc54c80d7 8705368 qemu_3.1+dfsg.orig.tar.xz 243f4a148b88d830b03a4207c0860d39798e80ec39fe0a5bbbdb515a6218a276 148856 qemu_3.1+dfsg-8+deb10u12.debian.tar.xz Files: a354d1687f0679c9bd1fabd3ac128442 6484 otherosfs optional qemu_3.1+dfsg-8+deb10u12.dsc b17f33786c89d547150490811a40f0b2 8705368 otherosfs optional qemu_3.1+dfsg.orig.tar.xz 8239022f426c10cdbca190d703a0e7b3 148856 otherosfs optional qemu_3.1+dfsg-8+deb10u12.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXvJZoACgkQiNJCh6LY mLGzMg//SKJDJvvhwbi1MGTLIWbB+d1eeB3dCCo+tDNUm32ShFQH7aVUtCs0SFq3 QW39E+WnY20rEFFhTSzAvOYqKKxOC6gGCS0/qpHHK4cepYsi8qG0BlG0e9lnoC2O ua3ZV3zw61GPYOR+UkBfM50ov1xAu0wT6qS0mfbyzdEBXao51wNaW6XPtOMwlSqb SYihqabJ+bOPydkWg0CMjAPUKkkzUZmO2SPxwKwCNoWJ7y8D873lBhDmcJv1m9Wu tJoMlA4436yU3obCw0JHh78Ne9qFj5AL6u7kgK4TCIWrcETf8YcOr5ZOALoMgubU DNqfWpR8TnZaBHnM+lDd0N7s4f9bv+gYglpBNWmlkyKq0CLfzPYl8H5vXnGDdhsP Bj1JCF9mrA+uIluLjJupSXxuRnVyfYOUVAbZwZOXSLK5UzaNugixNXxMTOudX3YC hVEwnWi2ssDDz630N1NPqiDtf7en2PwGoxmTMEd9/WEPp8KVhBd9XnhqLf//g3+d sj/sD4RCtSiwOngcLzmUvM/ikpivPOBvURsTT4mj4b66zl+lLmV1M0h812PkExTF oBgJmBVmPMDON8WsWkZsp4zqpn8vcLa7rl3/vQF1X0hlO/o4h7m6bF4saXZdgOjX bvIXBfgC5oPpv5AFKIFCPNgpPPgCJVDBcOJrWkZt08W5swBVF+k= =f7+E -END PGP SIGNATURE- pgpgcjuWibycf.pgp Description: PGP signature
Accepted tiff 4.1.0+git191117-2~deb10u9 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 01 Mar 2024 13:47:02 +0530 Source: tiff Architecture: source Version: 4.1.0+git191117-2~deb10u9 Distribution: buster-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Abhijith PA Changes: tiff (4.1.0+git191117-2~deb10u9) buster-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2023-3576, CVE-2023-52356 Checksums-Sha1: bd4a08144b4bb4ca389f5615b16cc4ed5269cc6a 2303 tiff_4.1.0+git191117-2~deb10u9.dsc 59dc5e9fb25b55a62e6d4c2d74d42e68abeb120a 46040 tiff_4.1.0+git191117-2~deb10u9.debian.tar.xz 8b2a9141bede1a0888e9163c58ff17ecc6bdca1d 12074 tiff_4.1.0+git191117-2~deb10u9_amd64.buildinfo Checksums-Sha256: b06ed60ad26cdafecac3a52eb201165cfe017890f21fe192358be22f409157b5 2303 tiff_4.1.0+git191117-2~deb10u9.dsc dc9c3c9cd0a883670dc99f920f396ead717159240474ba7631ec9f7057e77133 46040 tiff_4.1.0+git191117-2~deb10u9.debian.tar.xz a95d60b78a058e8353ff34a3a0ae111e76b093dd729799c34758f76e2d0b8c35 12074 tiff_4.1.0+git191117-2~deb10u9_amd64.buildinfo Files: bd7975b724617f8fceaeb521782f8da1 2303 libs optional tiff_4.1.0+git191117-2~deb10u9.dsc f11f8fa22889d701e30447c4ee0ed0c1 46040 libs optional tiff_4.1.0+git191117-2~deb10u9.debian.tar.xz 0c9c642a1999c3df6d28c5f835f93d29 12074 libs optional tiff_4.1.0+git191117-2~deb10u9_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJIBAEBCgAyFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAmXukjMUHGFiaGlqaXRo QGRlYmlhbi5vcmcACgkQhj1N8u2cKO/Lzw//Zgr3Lj+DYi4IB3Aia0yiMz6DnTFZ l0HUD6Stzm7stfzWcE1SatIXFpCTDPECZyb6y2fH0431N+HGwlML/WaRk9RqXRww g5gFs4TpGFuCtMMQfnYWsQ6/Tm9+EQB7OHdrzwEKvisTCncOX2xVwTV9GXk3DjX/ Pk50ySSExyCm1SghtQsPZ1QcPE1UNxJByE/DwXBJ2iW4FkyyVEWlNI4JtRSzF9nS M2OXy/iGFXIEE3XVSAPzT9QJfC6tYgd6JO0uV6x+nGTNZ/Kp37zy8DhzLn14BVqN HfcqjOUedAI+gXLqP77KJ3qNh1CFpXCZ3RccUFVDzK6Bo8JXaDDanuW/Ojr2dASA Iuj/9mXu5lY/MOEJn4fxKbfaURPjR6JTDLYWwd1FWWkzrd+oms2K11j7FtgmdATG B5p6YfNuZIOCNgO6cytwr7L8NTIncr3wbhcp7XjiaXTmdt8KpGM6RfQYu/WudMnB V2vO9248XOfs3IIfbJSPF7/PmvS4ENxuMPxQUKPv3gjyxB3iIdp94FoRngN7PPLn 3/c+5HlZaPPWkLbIRtRtWDCGS41B5j2XtoymKnBXwBzQ5pgqdhR+bvaHv/lGJkA/ BhBlQWehuXkf9hxVlB3wA0RlHe/Bmn6UnCfZ6+YMPD4y0qHuwoJ+bNw7tRhD48w5 0BqIePIsDheFJJ0= =czJ/ -END PGP SIGNATURE- pgpD3Hby3HsmM.pgp Description: PGP signature
Accepted wordpress 5.0.21+dfsg1-0+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 10 Mar 2024 18:33:59 CET Source: wordpress Architecture: source Version: 5.0.21+dfsg1-0+deb10u1 Distribution: buster-security Urgency: high Maintainer: Craig Small Changed-By: Markus Koschany Checksums-Sha1: 2f98e978597a37776cf2e76bcc5accc6ebb8e435 2635 wordpress_5.0.21+dfsg1-0+deb10u1.dsc 4536ea1e85a4909c0089c611e7316882686354df 10577849 wordpress_5.0.21+dfsg1.orig.tar.gz 700943fea12b4323f1c6d9b5212a75ff08c2a7ba 6820864 wordpress_5.0.21+dfsg1-0+deb10u1.debian.tar.xz 50e5475fd4825a3136218d687b245eee9cf719d0 7719 wordpress_5.0.21+dfsg1-0+deb10u1_amd64.buildinfo Checksums-Sha256: b28af27186223a1ea22cfa93728bdd927627d6955cab74e5eaf7c4ed655b761f 2635 wordpress_5.0.21+dfsg1-0+deb10u1.dsc f0456559d1ae0a55f1c5ad52471d5b491d155086db1cb15ddb3891e444e44cc3 10577849 wordpress_5.0.21+dfsg1.orig.tar.gz 3709d9d5934a1b7dcaed327a6af86c320e2dd17da39e1a39b49f64845e820395 6820864 wordpress_5.0.21+dfsg1-0+deb10u1.debian.tar.xz 24aadc87412aa373bcd1829fe0e5b114a08d54a16cb4f7a49e7aa22c98572707 7719 wordpress_5.0.21+dfsg1-0+deb10u1_amd64.buildinfo Changes: wordpress (5.0.21+dfsg1-0+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * New upstream version 5.0.21+dfsg1. * Address security vulnerabilities fixed in Wordpress 6.4.3. No CVE have been assigned yet. - PHP File Upload bypass via Plugin Installer - RCE POP Chains vulnerability Files: b1313ea55f2446db84735830c5512917 2635 web optional wordpress_5.0.21+dfsg1-0+deb10u1.dsc 8b18a6e1a46d1557dfbbe6685842fe53 10577849 web optional wordpress_5.0.21+dfsg1.orig.tar.gz 0434ff89d8728dc46b796cba30fa2948 6820864 web optional wordpress_5.0.21+dfsg1-0+deb10u1.debian.tar.xz f345ef67a6f5d600894de6aee90dc6c7 7719 web optional wordpress_5.0.21+dfsg1-0+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmXt725fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkvzAP/2F8KQgl8csvAiNoBh6lfyEh4DTYXedtP4yD jV35s6AsqF6dYAfMdWwwmSHCaCG9P/pQgQm3NaMfadPbKj5n6CnnqdpabRBvjOyk thM/ExGNJDHD1klRgEFo18wfLl90yMdt4YrjR3RChFpDWIF3nlm4cOqwY+rvNr6D EPJ2n2fNONVV5fOVxCf+VizUstnSllRWHDi/AoNNRImb53SsjssuSwshVuDa+zTz 18sRr+PV7IbBm2SX6GitmNP73FiCwAald+m1Zy0FKpZfQ8ZuunBNXvyV3o6t/Sh4 +lUhIWG3cbXTLEwx/kjAOdKsw3CkzZmkLpXi0H8b1+FMUJOhgrx1tFt4uL0MOksh 4rpWDHUvLAlNTDdQecfxbS7jihtEsrPHlO533wtqIfUdCHC8fDzhczGpf3hx6jmd cTTZvzOpWGULRlaM+poZfH9o6mq5sGfrleCQ6DHW6Kt71CHPmQljni2shqIH1sk8 68fZCaPV3oocmPQVWdE+yZJN3uKeJNCNQOMFehlt1wI+hruXkjw2TWawIFlS3Kyq jlWe3/UWqTE+7RHW++GJWQ88GOYUwvs5AV/mydMy0V4xZcZuweF+xan1Ad8mEP3J 07QSIzk6+iH2YhvI7r8dyGVdWXzt/BC3RIUZSctKHacIY+IHi9n+6Y0m75GQUy1t Mnufv3MF =1kVf -END PGP SIGNATURE- pgpyPl17Pg5q6.pgp Description: PGP signature
Accepted nss 2:3.42.1-1+deb10u8 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 10 Mar 2024 15:45:51 +0100 Source: nss Architecture: source Version: 2:3.42.1-1+deb10u8 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Tobias Frost Closes: 1056284 Changes: nss (2:3.42.1-1+deb10u8) buster-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Add upstream patch for CVE-2024-0743, integer underflow can lead to potentially exploitable crash. * Add upstream patch for CVE-2023-5388, timing attack against RSA decryption in TLS. (Closes: #1056284) Checksums-Sha1: 9f7940e8c5d90986a93c58cf21c6becd17db260c 2198 nss_3.42.1-1+deb10u8.dsc b8a0d5ec55a17899eb240e033701bb112c3a577c 1115524 nss_3.42.1-1+deb10u8.debian.tar.xz 33dbd679bc37b4d82971028098de2d0292675846 6899 nss_3.42.1-1+deb10u8_amd64.buildinfo Checksums-Sha256: 551ab49564503b47fac8fc00e3160ba439301e7c010be12ebad174f38ef44ddd 2198 nss_3.42.1-1+deb10u8.dsc cf3233938eb4c886a21cef588098faa665d8e914481e8b70597cbe0502b58033 1115524 nss_3.42.1-1+deb10u8.debian.tar.xz 393d1a75f7631e89a77720639bc24d9f5ee8d054a1689a0bb373d07298c03faf 6899 nss_3.42.1-1+deb10u8_amd64.buildinfo Files: 3c039f493295c8a48b65e92306927008 2198 libs optional nss_3.42.1-1+deb10u8.dsc 52fd1f0c00f227f60996abeaa874de3f 1115524 libs optional nss_3.42.1-1+deb10u8.debian.tar.xz 82f6d29abc8a841870cc4cb99a5ae591 6899 libs optional nss_3.42.1-1+deb10u8_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmXt4vkACgkQkWT6HRe9 XTahbBAAtMpovQEJdjdNzt7oJ1MSFgryOe/CP4+TX+eyApe2GvEmbsGEryOCfgwV msnS4SVKHHaUGPDrA+PAWOceU25ZgaWIk/oWXNU7FxVCq9H0OSufP8NxpflmNl/3 D+MFfKlqjabA7Tsl6IlemvQQ4sgbhZMDi/k9oCh/X7YtX9A1a/63n9jMGKFtyLG8 nIUc9Krkzt86gjxQaotnJu+oEiS8vVvD0pmm8YeYA651P1U48QKLoFGT+NhnvJKZ 9EwpGqklcXYvAIOGJiUe0EhHgzYPseVbOiWV15/XL3tFj2VRYJVtulb5/SqZxhpT NZjjJoPTv6bHr+pIjz+/QAZYShZAikfrtsh4KOrUYh/bRu9/bzzildZ+BSKihvDq MlV5cN9Li/1bDEov624um00pDfDrtxxmxbFPid92/SjFTK4od7QfJ6ZEBOM4YMMQ YO66iw4+mlNOPZI8wYssnY8XQ5YU9plggOsEMsw/9dk2bITItSvqWr2WPXu+8btX VHoVDwafDEL+eD80AwiDFQnMos6YS8fZDqXa3FccmYXQqodSQlaxIAvBWe8G2xhN 3F2znDE89L4EwOJC0vlHf2EGMxQ525eKYt3Lq9VuDoctNZJPhU8fQ1z+u5/nnyAF SOin1FNqu/RXECN9oe11U9w0cuMg5Ru6VJ8O53lVD5BDODD0gSc= =1geG -END PGP SIGNATURE- pgpY_tW_a5a1D.pgp Description: PGP signature
Accepted tar 1.30+dfsg-6+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 09 Mar 2024 20:25:46 +0200 Source: tar Architecture: source Version: 1.30+dfsg-6+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Bdale Garbee Changed-By: Adrian Bunk Changes: tar (1.30+dfsg-6+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-39804: Incorrectly handling of extension attributes in PAX archives Checksums-Sha1: a0444b74da367c177d2a46f1d23445ae40c8b63a 2027 tar_1.30+dfsg-6+deb10u1.dsc 158e3f52799147ef1938846379a581f0bd812a2a 1883220 tar_1.30+dfsg.orig.tar.xz 42f4671f8eafc0e8f8bd9dddf69081607cc373f5 22864 tar_1.30+dfsg-6+deb10u1.debian.tar.xz Checksums-Sha256: e113c87abc8a1e252b4b7e5cfe9e5d9c3621eeb9acd950f02cf8ed6fe5a3f2f3 2027 tar_1.30+dfsg-6+deb10u1.dsc c02f3747ffe02017878303dde8b78e79cd220364c5e8048cf92320232e38912d 1883220 tar_1.30+dfsg.orig.tar.xz ac217f71b5f978a57a2bdc10b8da236f22931c6941a73b060f7c4ba9f7c5277b 22864 tar_1.30+dfsg-6+deb10u1.debian.tar.xz Files: 91766fcd5396a957f9cc76e2177010bf 2027 utils required tar_1.30+dfsg-6+deb10u1.dsc 2e4a182a1d5974a264011983305abe09 1883220 utils required tar_1.30+dfsg.orig.tar.xz 9a513ce4cacbe5938d3b54451e04da93 22864 utils required tar_1.30+dfsg-6+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXsrU8ACgkQiNJCh6LY mLEr0Q//RUT+t7Csfo2N/iJnkY2wTDngdMrCEck+3NPkvQsaE2k34hOJIOb8v9Eo zvl7XkBi78Dodc6ZKIW2cpwwCM21vCIbPHAkLq7iCtpgregvVykoTvstddCBVuuG 0o/VYH4NMpESJ9ndktMrjci7hf3/iNlAOOm+t0+CegHlw2Jjg6MutbOPmqDKwxGu XZjDv1Q5Aj2UfS6hTgbbXl7vb3TPY66N+WHDE1mQ0+prngflqtlF7/+ah0XeYOj5 7Wg86stt3BRaOTIZnI1w6ge9MOHT7cxyfExGLMqLNamgjWKvDKcKdFF0FVe5QLNH sKihv/ePSLRPg4IWjtdgBApl9v1FNEszgxDxF6B9gTtZ43WwUJIi8KPMfINSB0qH FweME1W6S18IC7aLVOjTlZ9ip1pnEUknKWvTLqD6rVrLWFWIq4pryrrgnyFztklU l9XD3j35Bd/oNUWiqpbIZ1yR/MD8ZsBOdReyLYbriIFQN7cVEesqHPtKipvc7V7C 5TdDJ/ries9BjcV7JSPuuSWvmwOQP5xqxgt9YdAR1eRIF2nHpvxdoE2etvYhMACu T1/jj2P7gcmmBXdvpwURDvQ17qm7QWbd6I5DS3VJ08nxb2+jmIGgfgi0q9+oGL04 vPdOgQeHJkh2HfjohnzCPRjjXZ3i3kO+C9KZqiy/ykf895emeRk= =kHn3 -END PGP SIGNATURE- pgp28xsYvPs_l.pgp Description: PGP signature
Accepted fontforge 1:20170731~dfsg-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 07 Mar 2024 22:13:52 +0200 Source: fontforge Architecture: source Version: 1:20170731~dfsg-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Fonts Task Force Changed-By: Adrian Bunk Changes: fontforge (1:20170731~dfsg-1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-5395: Use-after-free in SFD_GetFontMetaData() * CVE-2020-5496: Buffer overflow in Type2NotDefSplines() * CVE-2024-25081: Spline Font command injection via crafted filenames * CVE-2024-25082: Spline Font command injection via crafted archives or compressed files Checksums-Sha1: a90d87d6c1eccd4e6b4ca40ad4250fd07ce51dc3 3154 fontforge_20170731~dfsg-1+deb10u1.dsc 2062bafa78013d87509cebffc8b412b4a6786f72 17896802 fontforge_20170731~dfsg.orig.tar.gz db12021d2c5915c1dcd4b6fb9b06f9dfb7923a7a 57524 fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz Checksums-Sha256: affb09704c222997fcbe43781788b1b50eea3318b68abaa98c08d3cfe608440a 3154 fontforge_20170731~dfsg-1+deb10u1.dsc 642dd957a7e36d68e37c8be9f849a2b2ec2f9e831103d1458660a165fe3e4ae7 17896802 fontforge_20170731~dfsg.orig.tar.gz 4268a047eaa63e163a540c4189fd3102d55d0831158d2beefed990fd63eb1ca8 57524 fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz Files: 809618e46cebfd68001eca80f966f592 3154 fonts optional fontforge_20170731~dfsg-1+deb10u1.dsc 127bbd78bb24624b8d4d2965ef4ad3cf 17896802 fonts optional fontforge_20170731~dfsg.orig.tar.gz ba8c879f831ef2090eb07410b2a4 57524 fonts optional fontforge_20170731~dfsg-1+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXqKrUACgkQiNJCh6LY mLGNaRAArUBfCjyOQV+K25fXQcCCz26SPktCD72snyU+Xdshx8rcBgq2h42GWnSv 4Mlx2kwYxD0SOEHIMTjy31NrNFMLhWToGEGQOAc7O3FEx31scJnMDdhIawx14jhC W22e+tmBA3iEK/KVLdbbQsGs8iTW/TgHPcjyT1Jkh7U3NCQliLFLsZfoM4iNzT+t RFReweREPDIHM/4H0jk8D2//6/t5slNIw/pIDi+CvHfgcGJDhLj+TqN16AIkl1Jh EVk5/QtGeEOpKFSB/N3Kr9Q0CUDpiUtOcj86bCJQRUydQYeHJxWrzTfrUZDapZus n2XQCoiGte6ouB2w2chXZ48eFp/9ZpgIkZ58oJKw0DoUXGUbOOXPbHW8mSXcF+pB YpvHD9nIUUm0uQdMrbEj4RL90NxOB4rIRk2Yz7UBgdPLPVfiVR13Kl9Ihx8r4dPu HfC8zHpGeuimXvT4D/2Im8qFoRVOelrwsKbF0fe1g8AyLOy/T++yqez9uUiFTDmp QBN3kAmUqYVIBsQn54C47N4y5C2U54VSQb2eaganMJ6fAavVAmcVt+GoXqMF01io 29KWMPxDWYu6XWoa8WsNFnUbkShVCoYBJk0YS7M6K/Q/O9Nzq3Nu6iwCma8x+Z6B tEFta+jKHYswSHixqKMdnCnPvCgvD0UA/P+mBBV4CmDM9dU0kxM= =C2vZ -END PGP SIGNATURE- pgpjTr3m5L7SR.pgp Description: PGP signature
Accepted yard 0.9.16-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 06 Mar 2024 17:08:41 +0200 Source: yard Architecture: source Version: 0.9.16-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian Ruby Extras Maintainers Changed-By: Adrian Bunk Changes: yard (0.9.16-1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-1020001: Arbitrary path traversal and file access in yard server * CVE-2024-27285: Cross-Site Scripting in generated frames.html Checksums-Sha1: cdab40905f5570b1eca8be3092742f4a89976e0a 2192 yard_0.9.16-1+deb10u1.dsc e218b2f322d70dc618364fc682fefc4b983f2088 642089 yard_0.9.16.orig.tar.gz 0ddbe965f93b8b1492daf9ae1cbfc4594c3b1a47 80576 yard_0.9.16-1+deb10u1.debian.tar.xz Checksums-Sha256: a0c88ebaf40680c6d65c2b79b04a6a75201439c4ff21356c0ca83822e49ddab2 2192 yard_0.9.16-1+deb10u1.dsc b30486df55460bd06e7c15e0798813aa6c113701874b875d11fc64c673d90768 642089 yard_0.9.16.orig.tar.gz d590f8c297345bb19b581f213badef0c197542e1d060f0238094f1976b5dd5ab 80576 yard_0.9.16-1+deb10u1.debian.tar.xz Files: 33bf8fb4225f8027f1b70fdad217570c 2192 ruby optional yard_0.9.16-1+deb10u1.dsc e81af9528231d072cc2b5506d0a56bff 642089 ruby optional yard_0.9.16.orig.tar.gz a917860c26841cc9cc222ef9fdd76fe7 80576 ruby optional yard_0.9.16-1+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXoj8kACgkQiNJCh6LY mLHLkQ//czZm+WOR9VqTDZkLph6UREx4UFJIMf5cM9xHqLixkIuuUfi7qIKotY48 5MwOt0ja0hIgKUY4VnnIwtpkgsJQ8pH1y4cK3fCyeqJwtVQ4f8YpthaeCC59xFgg +1cNg0TeyDkI0vOIVqe5Ag9Lf0WMcai41EOgZ/WSKVX5jSrk8hNmdUlQoMR+Og5x LVLxvOco6SKGqe1REw+DhONKJC9pE6BlnzoLrPMpuD9MXpCrL+vU7BukOvH9jD59 KoaZPY9RgKxWWIjZcElUrHRIhFW4uUurDAFgVTV8LT4QydTaMQFPKxTQ43uMeF/3 W86p10EfWue307DoOVTD5gnu1+wtP7q7BTubVui7HcejM21oAdMlyADqONz1wsC4 nyHIVzR54Jsz84oWbehhnAY+lxIcpv6ZHQf9Ce2xjCiQHqCdmxfPI9fks2l6Dv/Q 88GlNgOleeMVt15CzsTNeAJ0xq0qWyPpdtTX2+VZX32Z4pnewqqOYfA95oa7njLA 0FC27++tiI0D944fpcr0PhA4pmR8ryHCENo1mXcRRKyT1wTDYvLsPw7RqHNKuL6f HJj0ihkL/EtxIknk0f+MPAuIl7biqtTIJUTyS45ZHPpWq/kZv1MFcB1+xYfZC5Qb PcuOz+GSAV8VlKCOML8DMzNmp5fCjFuz7Dv8SAaeREyPH1bOzxo= =K6QS -END PGP SIGNATURE- pgpMg3pNZun1i.pgp Description: PGP signature
Accepted libuv1 1.24.1-1+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 05 Mar 2024 22:30:19 +0200 Source: libuv1 Architecture: source Version: 1.24.1-1+deb10u2 Distribution: buster-security Urgency: medium Maintainer: Dominique Dumont Changed-By: Adrian Bunk Changes: libuv1 (1.24.1-1+deb10u2) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-24806: Improper Domain Look in uv_getaddrinfo() Checksums-Sha1: ae80a0a9f623a2d5ecc1c58db74fc964c5fd09d6 2084 libuv1_1.24.1-1+deb10u2.dsc 83ec703ec3a3a4b62c73f6930ca60ceccf41b64b 1204188 libuv1_1.24.1.orig.tar.gz b385a95b07fbf37f06df1f3acaab75a47491ce60 18232 libuv1_1.24.1-1+deb10u2.debian.tar.xz Checksums-Sha256: a66f79913f0f28f35eb342d02b9b96e14461d27076f95b1056e8fb958348963e 2084 libuv1_1.24.1-1+deb10u2.dsc 55f4d03e5d600d8a753e8f300f4ce5a9a39d7f8386855627fcc952bd561f4b4e 1204188 libuv1_1.24.1.orig.tar.gz b17e1b436292049ca7a5237bcd064b0bc69cad50b3ce72ce1a64a53b2a9579b4 18232 libuv1_1.24.1-1+deb10u2.debian.tar.xz Files: cf3cff625509a3bebe0dcf43eecf937e 2084 libs optional libuv1_1.24.1-1+deb10u2.dsc 31f92d18edb56afa7a3828a827cbe2a0 1204188 libs optional libuv1_1.24.1.orig.tar.gz 74eb46cd6958aece6b7312c524975dbd 18232 libs optional libuv1_1.24.1-1+deb10u2.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXnhXkACgkQiNJCh6LY mLGS3Q/9Ej3NWJe65AS9QycS040p23MTv7GMoOSDHE8cVhLOwYY3j9v8HLcFmKg9 nEcs7z7eB6mPRPYMxVyhblmfO78IzGSnE08/xrhJD/xRiWX5K20M6GgS69MQPfd6 pefkkmeDJZGHqf01XaUXCOmQ94nc7/o3Ki2Fl0E+X6mqzV6WrNUppWxOGSul/2VE 5DKXm9+1VyF2lDG4qQu6fek5IlKcaMjIxosSH+h7uX/0891IFoUes+KOLVxdgC8S mnHNHAETfhchCrs0U5BEzL9l+FqFRg/y89RDPL/WaOFJWWzVI0PAiadng7z7KKI1 s4tz3d+Qf5MxLo6JjgUSHaedhWC3ytafQmro/UEYBR2q3O7MVAngAI3Ly4c3hf1c dGQOIR0btWoyjWqO/Yj7b2nbT0t8KUrqsBdI7pZ3gQQPfXXB7JRzr34wF5CMD2DI e1E24wDnJyNHNUVDPSHwd8+nLqtGj2uiTOp2Jlh1pnbN2hagS7ywCByFu8quUMTu doNmYxKNfAPDbz510B2to1nMy1W9YeDqz/S4UffHz7kCqprwh4c99aeygWqDojBA f16tDcB4Ae80XQyg3/Ofv/NC4whFzeQQavK0I5ODee+LK6qW0FeaxMBm4F8jMarj j2FTHuEcpn6p0AWiEyL5UnxqQ4xzMJz0GYa5t3RpCblO/DZeHpM= =XSHO -END PGP SIGNATURE- pgpEj1abi9k3m.pgp Description: PGP signature
Accepted libapache2-mod-auth-openidc 2.3.10.2-1+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 05 Mar 2024 17:43:32 + Source: libapache2-mod-auth-openidc Architecture: source Version: 2.3.10.2-1+deb10u4 Distribution: buster-security Urgency: high Maintainer: Moritz Schlarb Changed-By: Chris Lamb Closes: 1064183 Changes: libapache2-mod-auth-openidc (2.3.10.2-1+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2024-24814: Missing input validation on mod_auth_openidc_session_chunks cookie value made the server vulnerable to a Denial of Service (DoS) attack. If an attacker manipulated the value of the OpenIDC cookie to a very large integer like , the server struggled with the request for a long time and finally returned a 500 error. Making a few requests of this kind caused servers to become unresponsive, and so attackers could thereby craft requests that would make the server work very hard and/or crash with minimal effort. (Closes: #1064183) Checksums-Sha1: b8e9a96d1bc7ac090549d1a46003a64b39effca1 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc bede99318fd540076dc2e2f2f80714ae1736b0bb 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz e33d9e9aa68bfc4a6b9a9aff7a7dfb63bb09551f 18780 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz 139bc5c550b22d2f0dfead7c56d449aba16224b1 7634 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo Checksums-Sha256: ee11805597937d5e8c8a5673b9bc2a96beac086a3a5e6e0ba2a345c2a3f15f96 2534 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc d72fd1131554225b9256a5d5f5e93ecce298ac8946c2511973ab07436902c641 263825 libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz 9a90a160d04bcf4e283ec3154ec9886cc984d2a5c1c97219ea78e492ffc57a0c 18780 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz 470738e6bade0c95933bb5070fcd2ed6d1be27978c56c936610a6f99d27f14f4 7634 libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo Files: fffa9a02b74acd0852a021bfc7860b2b 2534 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.dsc 6b81eb34bfc2baecd44bb3a775d27a1d 263825 httpd optional libapache2-mod-auth-openidc_2.3.10.2.orig.tar.gz c27b32f63c3975d12057bf2fd1196461 18780 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4.debian.tar.xz 585564795b0768a920c1251ce3ca21d9 7634 httpd optional libapache2-mod-auth-openidc_2.3.10.2-1+deb10u4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXnW9gACgkQHpU+J9Qx HljhzhAArLLvql8ggdvKUvrHFYOBk6rAxjJt+IepsbBkGxcSnuNQY6C9AiQESSol 1WynrDHrlQg55UrC2SZfpBwhcgp7J608zAhVyB+RakNGNs2AZ68/ehUCkDijJ1cL HI/tBRrZShRziXJKebD6NT1nX3srgTplhDCn2OivFTTXpN0ea57xoyRaHpAc1OJ5 NvAcmICOpcxQIA7iQOWLmlXEQe7oGTlcgRWElOyWWxWV75BoLzBsEGhroXUT2f5H xWXUtZdTev5lHtiB9B+acsJagKwiPgdt4CmYQsblwcIIjbvXmM/hduY5qCUcC3h6 q3z8Pca7uWGk9OQKjb2Y5HvXTJy6QU8p4Inx2dR1/LhpzDebULucnRopVdtfB0e6 kSr4PD3kchFEqVTKusGnkzGB712ZIipBEGW/SdxUabBwkUJEjuhnJHG463O589cY 4SOc8wsaEIQwKJTLdWF+DJbtiG5d+CAW2RGLLiYLBQPWboKMC66caTeRkOEG9SFr qPUBMX5SlkQ9OXAhltKur1Lbqwt/Acd7b4pT3nIVQpnjVklVe4BOnZRJVqFBIBdj YWRfru5cpgnQEU0Tfwae92o7sR06TVFtHHR+3SxNa99zzacq2zEqi3o4Mj3dFgCR rr546CNJ/kI0eb231YkKQMRxIMpcI8rXa801XGnFNAlwm6x5i30= =46hg -END PGP SIGNATURE- pgpdk5FOp9YZX.pgp Description: PGP signature
Accepted php-phpseclib 2.0.30-2~deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 05 Mar 2024 13:30:10 +0100 Source: php-phpseclib Architecture: source Version: 2.0.30-2~deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers Changed-By: Guilhem Moulin Changes: php-phpseclib (2.0.30-2~deb10u3) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-27354: An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service. * Fix CVE-2024-27355: When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service. Checksums-Sha1: 37c98a8911f0e91a486152d48f1527391bae423a 2173 php-phpseclib_2.0.30-2~deb10u3.dsc ac43e7cf9a66414781a0d58937abb098c576d20a 169624 php-phpseclib_2.0.30-2~deb10u3.debian.tar.xz 54908115eea76e493be7516bd668f7cb2d0e3c41 7665 php-phpseclib_2.0.30-2~deb10u3_amd64.buildinfo Checksums-Sha256: 4c175869c83585de2a2bcc3097658a8e9daa64980319c6240341b695257e8a9f 2173 php-phpseclib_2.0.30-2~deb10u3.dsc 59080097ace85b6e9fe88681caf4b2184cc733bb093e38e06b33e794f908b555 169624 php-phpseclib_2.0.30-2~deb10u3.debian.tar.xz c79113ce7a3639d1f90c1ae5b1f1c5224e0b0fedda30f2435632dd5fb8456c46 7665 php-phpseclib_2.0.30-2~deb10u3_amd64.buildinfo Files: 8fd73c05cd85f764d383f8f106423b2e 2173 php optional php-phpseclib_2.0.30-2~deb10u3.dsc 0dce4210cd16375d94101741b52b5614 169624 php optional php-phpseclib_2.0.30-2~deb10u3.debian.tar.xz 14a3cdf196e0a634374f003352b7e4b7 7665 php optional php-phpseclib_2.0.30-2~deb10u3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmXnE7oACgkQ05pJnDwh pVLsEg/+O9EwRY8hPrSsL9PXgl1ufXGk0kapUyLqVBs0gPom48SMrBG6/O8Xloww pxoHxyfDxHpl0ToriAlf6J51cfVTfloGEbSYN1qj+SXvndXivq2Bqjqv6Th/W8Em YOVg2fq5fIep0ltTkXyk2DwoKMO4ilZ82loQVGwm4jWy+S4bth3EmP4GasUHbUV6 cLiyB/KVaTpW8sQ0GMhTPXEsw2Nj0/TNgmKgCnmOtC2bZNVXkOAwKd1rY1aOL5gJ 03fKfL7rOztb7zSmBahPHCAAMtpoQOckn+0aLSt1ElMBWU7uGcLmZjzCGSWFWVRi gwfumzP7XfwX7J2pgUIhynBXfTxELMifHezqiLiC8AVoHEtIIT+znRxAzI+1+whL CeTqEUhS8UtH1VDUwCp/NK3GBf90BKHhN2Y8esWO6hLy3ZrRXZ32LFfvp2q4mBQF gtDuo/39b4TA9okIkqBm74D+RqrvAIFXlmJiNwinJCktvh4QwADwxMv4K3RagAnM I9B7AUQQfdwILbhc+d5/SP1q/fNVTN4e0niX2cuqW2Po5G77o/05rqdVl+HHPuQ4 r5PDy5B7yV+rMQ778WWJYmeJwuVM8kKUDUODsn7UoDb1NhbZSBbnJgmqswc2BUFJ teQJPswJx4mu4jHnnzIygSQPMnP+AMWhm4iqBrwtInZbUM3+d4k= =TYcT -END PGP SIGNATURE- pgpvErwzBAItS.pgp Description: PGP signature
Accepted phpseclib 1.0.19-3~deb10u3 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 05 Mar 2024 12:14:11 +0100 Source: phpseclib Architecture: source Version: 1.0.19-3~deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers Changed-By: Guilhem Moulin Changes: phpseclib (1.0.19-3~deb10u3) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-27354: An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service. * Fix CVE-2024-27355: When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service. * d/autoload.php.tpl: Adjust dependency loading for consistency with 1.0.19-3+deb11u2. Checksums-Sha1: 82acbad8dc41dc2d84fd94c056b6a22a77db376b 2126 phpseclib_1.0.19-3~deb10u3.dsc c95eb9496508d6cadb38af2ada5f221f161754c3 170036 phpseclib_1.0.19-3~deb10u3.debian.tar.xz 05dc4deef75285baf7db01cc7f6b1e1e583d50cb 7629 phpseclib_1.0.19-3~deb10u3_amd64.buildinfo Checksums-Sha256: b62394ae7666a272b0e66f1b4af40f9540f41661a76eecaf8239e8f0430caa15 2126 phpseclib_1.0.19-3~deb10u3.dsc e8a0f466d1bdcbb8088d9f66239240622443a3682af3d53da3472a3b4aa288a7 170036 phpseclib_1.0.19-3~deb10u3.debian.tar.xz e51e1f66194ee38f6e5fb1d09977e2c1b734b290eff102dca4c035a8ebb8b1f9 7629 phpseclib_1.0.19-3~deb10u3_amd64.buildinfo Files: a072088afd62d64fd8e351c1746270cd 2126 php optional phpseclib_1.0.19-3~deb10u3.dsc 4bc76eae669c7737f186e9aca566ceb3 170036 php optional phpseclib_1.0.19-3~deb10u3.debian.tar.xz 12288970d639e2a22b11c00eae0b8e5e 7629 php optional phpseclib_1.0.19-3~deb10u3_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmXnDJ8ACgkQ05pJnDwh pVJ6SRAAqY17kSDPARw3K/w05uXxnVnqgYk1FfR0Lr7g+uCuvulG1iSmXboLvDrC 6eLSLbzK5HPEd/tujT4fBtpnlKgAoC6g2jDL1MHrzketkmWO4HYE1kVRwV8Ylt3U 4DbRRIdCycNqE/8nSbY2BFi1rz1j5VmlFqEJd3lj4Q/i+PKfoQ4OT/5Ay7BAeEpP 1pF2AjIYMRj6W2ceNC/cH/CSUmZDI146eDD2s2oRHBMoUz47XSBxC1r9qRX3CevE jv7dEvdGry8zglIjl9Vk99DCKPN+FKdXJrjsxiQuoSqTtIMNJ3b12nJgXa2+H5NG SzR8WJepCiesIv8LGLNhjg+n8TvT3Su9oRen6NYfnmc2fOUlzYaxVMSRkoadX+lU XiTOI81//bbr4it1Q4NX8x0sQ4tbNuatPkxAWexnuRRbNBLnMEQzl74ykCfSXdF5 /q1qz/4V6PpkC3qJ6IgYL4ohcqLthLIv8J5dzZz6b36zsZTwaVXZJvHAxtyM89eq y/M7YO9UdDjMpFVcOkMF7gC1na4r+d8fVbqWCQF7WN8/T028HzHLi5lbk/Ia4Ly6 ybEst/aqUz93eqsKFmAfXAmh3qY0I8ES3HwCb7hPyvpH36A89dkdFey0VspfWLPu Syg8UR0StMQQpMfhtx4xyWla+v1HqBEZpyUOGZ/Ij4r8+vpC9VM= =3Vuo -END PGP SIGNATURE- pgp6aqTfTmbNf.pgp Description: PGP signature
Accepted linux-signed-5.10-amd64 5.10.209+2~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Feb 2024 22:21:34 + Source: linux-signed-5.10-amd64 Architecture: source Version: 5.10.209+2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-amd64 (5.10.209+2~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.209-2~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.28 Checksums-Sha1: 3265e037bb58bce1ca9a84f5ec50b69e2075a69b 3000 linux-signed-5.10-amd64_5.10.209+2~deb10u1.dsc 32a29a4bbd6d67da1b2b2dc5720b7b16837f40c8 2901612 linux-signed-5.10-amd64_5.10.209+2~deb10u1.tar.xz Checksums-Sha256: 162618c3ca17a365a0398b84cc2e9a5dc517485ae55c13c1ae3ed83207866c6b 3000 linux-signed-5.10-amd64_5.10.209+2~deb10u1.dsc fd9af83fe8f28927b509082d2215c0f088dce15553670ed4a1c4789240176a8f 2901612 linux-signed-5.10-amd64_5.10.209+2~deb10u1.tar.xz Files: fed003f075ceadcd4834f3d3db17e75f 3000 kernel optional linux-signed-5.10-amd64_5.10.209+2~deb10u1.dsc c51a030e664ed87758de49d368e771fd 2901612 kernel optional linux-signed-5.10-amd64_5.10.209+2~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmXkUsgACgkQi0FRiLdO NzZ5AhAAghReSwRbgPjujpE3heoxzO8A8KxkucsUdc96Za+dyI8jf83zpkKZrV6G XncJr77WT+Zoyy6uH9zfAN2EMxtdGYWABzab/etFVlSKIW3zEVsVCrfOER/KD82+ o78kQuoJwwGV8SbNKC9z5mE8MldDH0aMJYnRU+f5MgEFqDrzwia63u/Ivx+szomI 9/3qaUQ7+bFeqh7ybmDozHcbg/rNrnJmTQYT0emvXEy7N5c3DpgfFVFg1GXUJ6dv VDF5J3n6mqs0bIxY2C+ifWbaRxbiLkNher4d8jN3giaqmIRx97PUp78cN0VgcnMX WtM+VjGuASrXYPJ571Oy6mTIgiw4H2jf/GJEKERS0CFzwNYYmfuetDORGjvUALVW lsj3BNc/JtsPzlG3rpAA41x2+AaP2Skb9OmlYqhEXfZjEADqfU+Coi2P8g0GhEjx lRx50UEsDMQwRCz6op1y2YLwSDk2NtdJAxH1/SKjasZx5n5hX1MOPH99a82dRbjl eHkghW9eVvWTgfBQl5F+aNYd3S5FAl2Pa215Ag6NulnvojlYxurbLOxFMwjeICkD 7A2MDDPL+BIgJYuz4BiAA0Ng+6i9PY/cp4x5xClVVuZlrFKNAGv7IiDHVLQRewQ0 HpvlZJ4Uplx6yF6j/1R/X0IZGDEeyTwU4mG9wkcm+4Shp/6WKwE= =Fs9D -END PGP SIGNATURE- pgpvhA2U8HAzQ.pgp Description: PGP signature
Accepted linux-signed-5.10-arm64 5.10.209+2~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Feb 2024 22:21:34 + Source: linux-signed-5.10-arm64 Architecture: source Version: 5.10.209+2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-arm64 (5.10.209+2~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.209-2~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.28 Checksums-Sha1: feb4d99f20c67820e55a09d4d275371ea567adee 3000 linux-signed-5.10-arm64_5.10.209+2~deb10u1.dsc 7d8ddcddece8afd8aed12c76352b109fb18b0de5 2646744 linux-signed-5.10-arm64_5.10.209+2~deb10u1.tar.xz Checksums-Sha256: 7af8af6b52e0d970981a109005500df3cdd2b3165a3b70df1d253d8643726d0a 3000 linux-signed-5.10-arm64_5.10.209+2~deb10u1.dsc cac8bc1da66927ce4a63e549ab10987518c5b183a075582bad0a99f8d9f0b73a 2646744 linux-signed-5.10-arm64_5.10.209+2~deb10u1.tar.xz Files: 0d7653575812174db2d236406c0a1276 3000 kernel optional linux-signed-5.10-arm64_5.10.209+2~deb10u1.dsc e665418fd2e0261b871d6eb22af6e9b5 2646744 kernel optional linux-signed-5.10-arm64_5.10.209+2~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmXkcsUACgkQi0FRiLdO NzZLEBAAqfeGracblclTsk1+ZgHurrOGCeJLw7eJBqebmirSfigU2AK09XfWEPsi miAmEk2EAozPbbawZJ763Yt4B7Oh1MyM8KKyO4kDOI+eYyJqYp/mn3idaQaLSM+Z yFIj9tXyUTbXXpqL1l+ZiRO7z0QY0eVJvnLE1RtgiJl35frLfT2zOW2gFyEyhWju 4mNo7NvpW4t5qTdL82dZehjgMPM57HGta+Ocor7/BhmarZyZ+qx3L3HX8xlJPTus 1q3GWpKpa7pdEyf6lz2ula6p/HI5bazc2cf9p2QHsN5Wxl3SaPV5vE3SKMObIbvV 9qJ3/mcEXg8LjXgsMewC0JYG6Ew1XdUW23Eb0TrmO79tynWM+6lQhGgvFPA266wh fHBEBTeHDlwDIPw0IA9ZR3TMdcaoHpkcX3qmvqEYnHsi73hF0koHWBw6a2j41ShW hOBtL3eY6ti1J7niOPMBG3ZpfALvKh2itDAz58dFzu9DaQB2St3fm6DhR7g87Ax+ CLk33R9XFwSLBGIJD1UyCXFDDAwxtvakP6LiBRSqozYXaDetwRkRovVAO6GHJ845 baNs2eHqF04X0X73735oIz0GIklZhiINd9n0aMbGdWQpctPcioQGOiMIT7r9OdvY 4yoJz7AyYaStxttcwQpM/ZwTg4EBB0ySMvyrA+2EP1x8ONf7gvo= =9rzj -END PGP SIGNATURE- pgpI1LEfENVol.pgp Description: PGP signature
Accepted linux-signed-5.10-i386 5.10.209+2~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 15 Feb 2024 22:21:34 + Source: linux-signed-5.10-i386 Architecture: source Version: 5.10.209+2~deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Changes: linux-signed-5.10-i386 (5.10.209+2~deb10u1) buster-security; urgency=high . * Sign kernel from linux-5.10 5.10.209-2~deb10u1 . * Rebuild for buster: - Change ABI number to 0.deb10.28 Checksums-Sha1: ccef37ec706a4241d86f33803178809c5f9be9e2 2955 linux-signed-5.10-i386_5.10.209+2~deb10u1.dsc 480eca5fb2a5d9ffd7188569097b95512569bf81 3844288 linux-signed-5.10-i386_5.10.209+2~deb10u1.tar.xz Checksums-Sha256: e93de5202378acdfdbb4338be21c9d8b49b8ecdb12669132cd96d1a42465c637 2955 linux-signed-5.10-i386_5.10.209+2~deb10u1.dsc 1fd4af7149087457a2c99d853c795f4fa433db91181eb51b07daef915449f0b4 3844288 linux-signed-5.10-i386_5.10.209+2~deb10u1.tar.xz Files: fd4bffa0ebfe4f807b5c09f76c3fc6f1 2955 kernel optional linux-signed-5.10-i386_5.10.209+2~deb10u1.dsc 7a11a579e9bb932d1ce940bf1d524331 3844288 kernel optional linux-signed-5.10-i386_5.10.209+2~deb10u1.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEfKFfvHEI+gkU+E+di0FRiLdONzYFAmXkpHMACgkQi0FRiLdO NzbZ2A/+O42cyppeCpPxCFfBO9MYRevkXvbhmaotJ11v6WmlH0T3sfC7PTYq7JA+ IvTgLL7iEvWxLlN661qZyImc1YZIklpA+K1DCNwg60DpycZ0HAHEOp3kn4KJMEao cw0xW9JAhiccS6oc7Ey5jm0NDPPppwmozjQ2FHZSsG15xN70UrV9ADSPNNuJLpC3 1xpVzWJlHwxcNPkuNTaEL+RhZst0tRrn82rP8rBdeEGOQz9rr5g++ckM8Sk2SlOs ON5pWCKLNY4ZrQgiaRqXzF03bbLuGuCkC6LGHVnIJY02Nvhd0C4YKrF+mscrj7l5 tuTpYvzC6RcE4uvcINE7Q1re5CtUR/WVkYNVqXqWvLuEYYVyiHm6n97v/ClidP++ Z8aHBVlJTZB1zQ7YkgQmXjkc0unCtOZu873oIokbMdUrN1242ZjdZVUdZZwowxjp eeadyGHqYtcqOtHXAgq4/lPl6RQ4TCSehnb22iHBosg0ZhA9uhm/gEb/rtE6Bj5F GbdQoiynP7/kyc47qFYV98cWPPj1YGxBm5qPbPsg3BRxGiVsvZ7ScXTl4DVKK441 bsLsyv0caYW2x/rfZTzOEbSlRWIizWhfw5v91v7rDXBI4U93NkjrEzANnL2M3rMY bt8yUpqFsKYF2DTc9F6NmkaqxnOTRb6Nxs7trBBF4SB2FDqy1JI= =TArr -END PGP SIGNATURE- pgpMFTlZQ49b1.pgp Description: PGP signature
Accepted wireshark 2.6.20-0+deb10u8 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 22:49:52 +0200 Source: wireshark Architecture: source Version: 2.6.20-0+deb10u8 Distribution: buster-security Urgency: medium Maintainer: Balint Reczey Changed-By: Adrian Bunk Changes: wireshark (2.6.20-0+deb10u8) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2023-4511: BT SDP dissector infinite loop * CVE-2023-4513: BT SDP dissector memory leak * CVE-2023-6175: NetScreen file parser crash * CVE-2024-0208: GVCP dissector crash Checksums-Sha1: ac3e7c987b17f90f5b8a6959cf5f9ad2b9929937 3565 wireshark_2.6.20-0+deb10u8.dsc 2e4295eeba3f54134c1f37a6e931e0f4a67c0487 28805496 wireshark_2.6.20.orig.tar.xz 41d4402af7817804177de021c69a39f3b0b0537f 107852 wireshark_2.6.20-0+deb10u8.debian.tar.xz Checksums-Sha256: a3a9842ff069abd291de367036ada6d91dbffab05ed5d490e1c550807ea18261 3565 wireshark_2.6.20-0+deb10u8.dsc a97a5f3934ef09b93236f7dbc97a162c0348667cbc9dd68291473b8f7b276c60 28805496 wireshark_2.6.20.orig.tar.xz 3d4370096aa0f84a9b98fee9c9167d928f3fc72a53248237b434ce8169f67680 107852 wireshark_2.6.20-0+deb10u8.debian.tar.xz Files: bcf6660b6b9ef2beeb395e6b22ed08fb 3565 net optional wireshark_2.6.20-0+deb10u8.dsc ac4f79c6878703634797e041fd136a98 28805496 net optional wireshark_2.6.20.orig.tar.xz 2ed4ee2a0504a0b62b4036f366bd7801 107852 net optional wireshark_2.6.20-0+deb10u8.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXg9NEACgkQiNJCh6LY mLEq9RAAwcOdhek5/oaVhsFZ+DTC25i5VViOS4j3ntpJMUMf1UFb/D9P0PGVjMme q5HydCf9ofQvDDA7FLGptEVdjyj5/wW+JEm43QSkQg84fZ1ne/v7p22uMUhpH74k 9yEb02V7uOXTthgHNWMi5FNWoXCtwigJjPjUYJdHlLNmm+0Yx0VkgXJh4h5nWL6a QGftTgXL++kNiMc8IntQnBdxxgKoq15JeVun6HTsEnHfQfhcRUkl6GU9Hf3Azj3u jZoEvcxbCyYDtxGc1cO2UydTZvWedTeMlveNtqyfvTS7jhmDCIt5oDw7okDdw8DU QGWINQIXGn0WkAY87n/t+45Tht0psU0dih8czFcylQNeY2JrV+Q3C2En1iDgfNHD Htccx9P7ZgzV5K7ZNT7n06NyI2pkvR7Cc1pmVvVb7nGvBuwttqp6sMztXU+ivG2B 1h/sCvuWrI5UGxUc2zUxtHDuJ3+kxM8W4zUMbV2sNfO/H/BjuR1rNY0mUs34Hu+W DYoeuxLl3unWDZdQNTTL6y1xZtH1e+G/qiOLoYULPEcS6Vt7VnyoDdl3//OG/bdH LFzxU0KoR7tmvuVUvkXktvohhxxbm8aYXno73TPpNgbi0JN1ZK2Pm6OLpiwMEeO1 LJXXZJXYyoch4OWXI87Ur0iefem+OA5rAS5Yujh/0VYSJYG9EyA= =ms96 -END PGP SIGNATURE- pgppywI0UVRc4.pgp Description: PGP signature
Accepted gsoap 2.8.75-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 29 Feb 2024 20:27:18 +0200 Source: gsoap Architecture: source Version: 2.8.75-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Mattias Ellert Changed-By: Adrian Bunk Changes: gsoap (2.8.75-1+deb10u1) buster-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-13574: WS-Security plugin denial-of-service * CVE-2020-13575: WS-Addressing plugin denial-of-service * CVE-2020-13576: WS-Addressing plugin code execution * CVE-2020-13577: WS-Security plugin denial-of-service * CVE-2020-13578: WS-Security plugin denial-of-service Checksums-Sha1: 5885f466a7e616f890639f1626c483255607368d 2116 gsoap_2.8.75-1+deb10u1.dsc 97cd30f577dc69d4c8579660a6c38ab737ef0b72 5469630 gsoap_2.8.75.orig.tar.gz 7ec33af2c2e9764175aae98a4213f8f0386fbe40 14572 gsoap_2.8.75-1+deb10u1.debian.tar.xz Checksums-Sha256: 80ffb5941a4fd305cb4f5f0c80178681e85660f430b0e07edc43532a63bedfca 2116 gsoap_2.8.75-1+deb10u1.dsc 5ce266aeca3b7c3e34b515ccb234c3fbe4cd4b9fb234d9c71358854522ef8d1c 5469630 gsoap_2.8.75.orig.tar.gz 9f925cda5f992c395972a1528bccc8db327c2e033a9f330b43a61f417246bd9a 14572 gsoap_2.8.75-1+deb10u1.debian.tar.xz Files: 17f30d927b65486833216b506e6330ed 2116 devel optional gsoap_2.8.75-1+deb10u1.dsc a70dcc12dd074f700f8e8f4bdf7c987b 5469630 devel optional gsoap_2.8.75.orig.tar.gz 7fbf1bba6cf090a7f0dff7e95ead7059 14572 devel optional gsoap_2.8.75-1+deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmXg0/8ACgkQiNJCh6LY mLEsDQ/+Pqii6cooqvRAcG3xHbotOelijnSTqpQKYFfcDDq+2SWOkLF3JSQ0FPqq UwYKmQsPKrTi1mTFoC6505oGIng2FAhDeWQ9b/0lEFamZkkkuXmxClPFoe6cOs2g 0gp3Ie2/NzOKvMxTnTkQrnbSqKJkX96DWT6tdBT6zymR1uAtfKXYl5Q6mUtf0+i7 Y8aoI4j2sLCz2PDhKSMuhAooDD4LgdUNEjETUlXIrYY4A303SNxcdbOk1myMHBwb a5hOAQx8d7RU4yrONKHgdOMmSwjH6DTuchXQYfb/QyIDKz5yBRVAWclM6/4EV2jK bNO5lCOJ8o0QL16/SkB0375NY0C10gTbatN4rAugAIIsOWCXk81E2ja9AXhwAhi4 gW0tajwQfML1BkW8FoMfl3kBfdNOYELDqEn+s+AHkuSEG9yV0LjJb+PEIc0cxdJ+ A2kIuKM+aF9kn8h/c962oelwqq1i8OsCaRqpd4DqP/ZaWcOeZMQ29dosyzzW6ykM H89T0BeSCUEH1g4twz2/b+1uKFRDTkEu2Yd0h4XsjqGOeXG+EioXmMmQKGOw+gTb GHfd1d/Le0JtzkHSDqoPE2gn52CjiILVTB1JUPzm3uLJa9ZKXrqxdIBhpE2J8dPR 114zwKyKK0sUDCuFyFi6xEw+T4Ugb1L5YeBqT8K2U6aF/hWlLbU= =uX0S -END PGP SIGNATURE- pgpUPjZ8XzCrX.pgp Description: PGP signature
Accepted python-django 1:1.11.29-1+deb10u11 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 29 Feb 2024 15:09:29 + Source: python-django Architecture: source Version: 1:1.11.29-1+deb10u11 Distribution: buster-security Urgency: high Maintainer: Debian Python Modules Team Changed-By: Chris Lamb Closes: 986447 988053 989394 Changes: python-django (1:1.11.29-1+deb10u11) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team: . - CVE-2021-28658: Prevent a directory traversal issue which could have been exploited by maliciously crafted filenames. However, the built-in upload handlers were not affected by this vulnerability. (Closes: #986447) . - CVE-2021-31542: Fix a potential directory-traversal vulnerability that could have been exploited by uploaded files. The MultiPartParser, UploadedFile and FieldFile classes allowed directory-traversal via uploaded files with suitably crafted file names. In order to mitigate this risk, stricter basename and path sanitation is now applied. Specifically, empty file names and paths with dot segments are rejected. (Closes: #988053) . - CVE-2021-33203: Prevent a potential directory traversal via admindocs. Staff members could use the admindocs TemplateDetailView view to check the existence of arbitrary files. Additionally, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed. As a mitigation, path sanitation is now applied and only files within the template root directories can be loaded. (Closes: #989394) . - CVE-2021-33571: Prevent possible SSRF, RFI (Remote File Inclusion) and LFI (Local File Inclusion) attacks, since validators accepted leading zeros in IPv4 addresses URLValidator, validate_ipv4_address() and validate_ipv46_address() did not prohibit leading zeros in octal literals. (Closes: #989394) . * Ensure we test for trailing whitespace in URLs under Python 2 (only). Checksums-Sha1: b75bac2ef39f6cebd0ffaad921211a7791818c26 3298 python-django_1.11.29-1+deb10u11.dsc e71620c18c985d8f5381bd87c02dbd23f1f48dd0 7977916 python-django_1.11.29.orig.tar.gz a8772c0541988000f7a8010dbd3bb1a3d88e0d53 59876 python-django_1.11.29-1+deb10u11.debian.tar.xz 90031b275d183e8a32276625b02e104385faac19 15045 python-django_1.11.29-1+deb10u11_amd64.buildinfo Checksums-Sha256: 56a193f7931ab7ea95f07361518ad7c93f5f1527d134447a81ed051310bc7096 3298 python-django_1.11.29-1+deb10u11.dsc 4200aefb6678019a0acf0005cd14cfce3a5e6b9b90d06145fcdd2e474ad4329c 7977916 python-django_1.11.29.orig.tar.gz 0d0e153199dba084f715b17c54b71632227864160bea981383ae97c8c2527cf3 59876 python-django_1.11.29-1+deb10u11.debian.tar.xz 96e1be559bfbff4e5e82387726575ec2d0ebc72ff4885a86db99c721f2ea9117 15045 python-django_1.11.29-1+deb10u11_amd64.buildinfo Files: 737ef04282d7bb0117374cee2efc658b 3298 python optional python-django_1.11.29-1+deb10u11.dsc e725953dfc63ea9e3b5b0898a8027bd7 7977916 python optional python-django_1.11.29.orig.tar.gz 23f360254fa7be2dec2aee0de2d4975c 59876 python optional python-django_1.11.29-1+deb10u11.debian.tar.xz a9e7d39885e5bc73ce018b1d7c4cec34 15045 python optional python-django_1.11.29-1+deb10u11_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXgyygACgkQHpU+J9Qx Hlg0YQ//YfjYNIM3tFgNwrTTiihT9DohSLP5Ngq3UlPKhj8g5e9pvnfZkybR1k11 arbhqcxZaXfI0SHAO7FCeU9sInbtFvMlgABhSnZzL92Eo8rw6KZhJIn8t1Xlovbh 0CJ6T9Hom9BqvtjmjA4oRO63AHbL7yzRJtlqW0nukSCrAOpLOySbm5VUC17bScaK czPNNKNx9JRzzTt+5jACLk+pcv+AvLCmNv4KDQqRZEkSjdAZb9bwhrkCki91yL1j ztvVo759jtBcUe+gMazf7glzMjZiWi0mGYrLguBOacSgChqv0kC6Ag3eM6KA2KG+ BGNSG0xrJI4uQCv2xuRtxYnpq+dD9VFtGU8JIyWggFXlihhMw6fpV6aL+PU2LHG9 j5LX0naBddMfp14Ko3PCRj63tgTze/2HsxoszhyvzrjcySl/2NpjDeVCegGZXYw4 wa1yepA6bfQ77NbYmPURDWfJmvvsyd1G8pXJyHhhpI+9IHKS4e9dIFhy4OVdXcH5 eypz/VHjCOYC1WTGMvbUk99PGpqgSOLg9YLhG4r+MXrs/aW37bswfQ+R4fi9y37A Ferr5vREixPjzpx9bdAmC6iTKowinXkMNniOHIPjJkVnD9JN/cdH2rVpxNjVQTsz 2Ep2t/8Z8WlbNGFms61HfYf6IJP5eA4QLBs9HdVuSROCCwsQlYE= =1M+x -END PGP SIGNATURE- pgpsab6FJGqvZ.pgp Description: PGP signature
Accepted wpa 2:2.7+git20190128+0c1e29f-6+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 27 Feb 2024 13:44:35 + Source: wpa Architecture: source Version: 2:2.7+git20190128+0c1e29f-6+deb10u4 Distribution: buster-security Urgency: high Maintainer: Debian wpasupplicant Maintainers Changed-By: Chris Lamb Closes: 1064061 Changes: wpa (2:2.7+git20190128+0c1e29f-6+deb10u4) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2023-52160: Prevent a potential authentication bypass vulnerability in the PEAP protocol implementation. For an attack to have been successful, wpa_supplicant must have been configured to not verify the network's TLS certificate during Phase 1 of the authentication cycle; a eap_peap_decrypt vulnerability could have been used to skip Phase 2 authentication by sending an EAP-TLV Success packet instead of starting Phase 2. (Closes: #1064061) Checksums-Sha1: 6c12f476a069141ddc75ab889c2678c5c2f7885e 2561 wpa_2.7+git20190128+0c1e29f-6+deb10u4.dsc 63799ab5b3cbd53a690bab9f9ddda4d8ab059c83 2286436 wpa_2.7+git20190128+0c1e29f.orig.tar.xz 020241810ddbc37180ddcbec0c691ae4bc0d9e89 113852 wpa_2.7+git20190128+0c1e29f-6+deb10u4.debian.tar.xz 8e22f61310e4d57ed029d6850c3d73d2eaa5296e 15658 wpa_2.7+git20190128+0c1e29f-6+deb10u4_amd64.buildinfo Checksums-Sha256: 4f24d8123c7dba512caa5f3e4c11c64f200eadac6922efcdfd3d51f71b0d43e3 2561 wpa_2.7+git20190128+0c1e29f-6+deb10u4.dsc 4732f6dc4f2402347a37adea7f127ffce88ae3b27afc816b67f5b51199bd139e 2286436 wpa_2.7+git20190128+0c1e29f.orig.tar.xz 4fbd4e7c12cf589c672b67be32518092d6c0d84d3130b26e26495ef541bd0ee1 113852 wpa_2.7+git20190128+0c1e29f-6+deb10u4.debian.tar.xz bd9f02f724ce8de904a64535f8cb190e18d51ae2f188c3d6f081b424e1a6feb7 15658 wpa_2.7+git20190128+0c1e29f-6+deb10u4_amd64.buildinfo Files: 08ecb9dfe2c8b69aa350b80f187767e1 2561 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u4.dsc 64f7dd7528079b006de5a5883ae05abd 2286436 net optional wpa_2.7+git20190128+0c1e29f.orig.tar.xz f97083aa77ba32747f921ee3944eb0d4 113852 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u4.debian.tar.xz 6aa13fa87a44608feef384715017a4d8 15658 net optional wpa_2.7+git20190128+0c1e29f-6+deb10u4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXd7E8ACgkQHpU+J9Qx Hli5ChAAuuSWxP/NDHT7+DlDAyeDXoZVDmEd8CYioAbZ7hzjTxrfP+mvpHNLP2Pa ofhFmuvDJT/sL6fh3nlZubBDbJDhfDZXYzlzICE2NLQ11wGZxynihWI4wTFyvNnc 0RFXmzld/dRhDpJaiQU89G5RsDadhCfO1BSJJzl5Dywa97ZeJ7/KTUoeU823QbIX UthPQrAR9uTAfXHdNkmErkf/m3ps9l9EVGxc/vBqLPy5N7QgbFR80uksN2+UH1zf blqLILK8AbDf2RER2NW6ncaLjPHutxKaNMJ1J2bvqfMKPuod0izZi6HScB1qjzQc wKGnsazPMozh+tWssPiUIbu0PJle8QNUzxUvIzW8yUHPeKdGSgy/jE4COJyW4HVe Ni2NNeGRIYdpc7eO5liy73/TW0rPHvubzAbbK9DORGRAYc49rLCcJQuP89ommBzQ eUbDHZ7UIbTTF2Pu3Fyt0B3GUmod2b0MDTZ8J4Lpg7sq1Z3IuN+3ZOc866skkeq6 O00+NHjju83TM207+cWfEzNgkS08B73bwiM9JNHizNEK1ALC+0iCthD8s4ve7cCT dcPoXWq9V+DdV8QzpUCV4WUHwyQ4OV4lgzIooDDlZ72nVc5Kc/tn5h2U2rWrmjmo NfyzH9LDd6b49ynN15ktZUuvIzcpqYn4Y5iAXYN7liFy95tKdwE= =KtAO -END PGP SIGNATURE- pgpHAaxYOaXHk.pgp Description: PGP signature
Accepted libgit2 0.27.7+dfsg.1-0.2+deb10u2 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Tue, 27 Feb 2024 13:42:30 +0800 Source: libgit2 Architecture: source Version: 0.27.7+dfsg.1-0.2+deb10u2 Distribution: buster-security Urgency: high Maintainer: Russell Sim Changed-By: Sean Whitton Closes: 1063416 Changes: libgit2 (0.27.7+dfsg.1-0.2+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Backport upstream fix for CVE-2024-24577 (Closes: #1063416). Checksums-Sha1: d5a069d022d913103dfeeb05676e6c218142 2181 libgit2_0.27.7+dfsg.1-0.2+deb10u2.dsc ea9136427d103c4dab23d52d9ec449a8f45418d1 28584 libgit2_0.27.7+dfsg.1-0.2+deb10u2.debian.tar.xz 6930afcf1b3f4acd35316153715f38380d5b634c 6327 libgit2_0.27.7+dfsg.1-0.2+deb10u2_source.buildinfo Checksums-Sha256: e3f3ffaea7a34a521a56b8c1dcdb76be80eb727f1e4e80416a64eae81bc25d00 2181 libgit2_0.27.7+dfsg.1-0.2+deb10u2.dsc 98e459a484c60d590d0a18cdc26d345b52b19c1faad48122a2f2fba2348e968e 28584 libgit2_0.27.7+dfsg.1-0.2+deb10u2.debian.tar.xz 4e3cc8eb537310aa0124c640f3b1d95d7d80e432a0b0f4b0d9df716f03e8 6327 libgit2_0.27.7+dfsg.1-0.2+deb10u2_source.buildinfo Files: bbe0353415a66bec18684e2da9f88141 2181 libs optional libgit2_0.27.7+dfsg.1-0.2+deb10u2.dsc 3576c9c985bf0a8d485685ab62d08592 28584 libs optional libgit2_0.27.7+dfsg.1-0.2+deb10u2.debian.tar.xz 8d7fd7e6c3455517cc87321d71aff4ca 6327 libs optional libgit2_0.27.7+dfsg.1-0.2+deb10u2_source.buildinfo -BEGIN PGP SIGNATURE- iQJNBAEBCgA3FiEEm5FwB64DDjbk/CSLaVt65L8GYkAFAmXdnsUZHHNwd2hpdHRv bkBzcHdoaXR0b24ubmFtZQAKCRBpW3rkvwZiQMGzD/wPYj6jf66y626k3c0LlyZa Y3L3qkYrFHAAqKHSQUhAZywvC1At/MG2z8u73EkSDGa/D9Z+W05nXW4A9vYRvpJN czb42YzZvegwi65k9yoqREJMyhUKN1lf1PG5kEwvM4Z39HalL9xaNS0S4HEj+Bwc YraD6UPy6023yHsFwnGBzBM2xv6jDtMDoKWEkBdHVq7R55sW/7qbKTRfZyIDh2rd z0MKh9m2jv3R1omR1JL5NcXZKKSQshn7E1LWsPbGC+xNJTE6Vc5bGk9lJscTkU7k GUhhnEh/XCxiMa4DPq18hI0NX8bVJqT6h6LZL5p0uh6VRDsde9x+FrfprFMxnGoX 8+rO83XwQA/zpsIUUs7y+kBG52yGQJOoEqu7lTh/Y+nI8v88yRdq4Lvhk13SPJiJ OUtJZDCbC8F1qDkrVH5biRcNGD3NumWg1JieF/vzQvaMYlp1+u3q+jcsYZlu24xw g1tnb1u+TvUX1vhZy3A8nWTOKM+1FB1MQxu9Or65B5XUvmj6BwEhz89YAP9fNnR8 A3Y70x+SSEjDCUXOdZbU2KJNrJA9bvbp6sI4lCZmi9VrSeYL3F5Dwrm4qqUIVeDR 1QHGbXPUoY3tsqLvmLQ8NgNoyoYNkT1lFpm4Ekxf3i0UWhWHRAvTUEb/TRslNxYE v8pd9bNVczyuV2nh6+wPhQ== =55IC -END PGP SIGNATURE- pgpINth6F1Gnp.pgp Description: PGP signature
Accepted engrampa 1.20.2-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 25 Feb 2024 16:03:02 +0100 Source: engrampa Architecture: source Version: 1.20.2-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian+Ubuntu MATE Packaging Team Changed-By: Thorsten Alteholz Changes: engrampa (1.20.2-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2023-52138 fix for path traversal vulnerability Checksums-Sha1: 58effeb857e6d210259aa90040b98dc6a07a1995 2489 engrampa_1.20.2-1+deb10u1.dsc 6932cb5d6068beecee0c4bed959ee63c13af247d 1083196 engrampa_1.20.2.orig.tar.xz 10cfacc24cb174e8a3fb7f89000dc5f318cbb087 8492 engrampa_1.20.2-1+deb10u1.debian.tar.xz 2206252bdf7d1cdfa85fb2ea370720c72a36c9b5 17259 engrampa_1.20.2-1+deb10u1_amd64.buildinfo Checksums-Sha256: fc0062bbd8bc66945b5c4db54fae4ec929f276add8e10e8df804f538f5bb3eec 2489 engrampa_1.20.2-1+deb10u1.dsc 267b8354c1f6a1e669ef2e2b68f7e6189f2fc14ab4ee1a99d3901021947da939 1083196 engrampa_1.20.2.orig.tar.xz 5b2e63358df54c71ab91b6f8a26839d697e643995c6642cba8664e3c43d9ccff 8492 engrampa_1.20.2-1+deb10u1.debian.tar.xz bb2c7f28e8896efa119e00ea341e80c14f7ad0f9d602606ef9a001f0054b3c96 17259 engrampa_1.20.2-1+deb10u1_amd64.buildinfo Files: 50e0509489f3d55171c033047cc8de76 2489 x11 optional engrampa_1.20.2-1+deb10u1.dsc 7aa2329068a1e3d5607eb6b149601eab 1083196 x11 optional engrampa_1.20.2.orig.tar.xz f96aeacf4d96cdbe9d9df5d16021b4e7 8492 x11 optional engrampa_1.20.2-1+deb10u1.debian.tar.xz e067d6e4d4bab6ea1feb5eb10bc07124 17259 x11 optional engrampa_1.20.2-1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmXcztZfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRwjgEACmpnnWnyirAWaE19yqnhmhVH1CE2L5 grEYLGhYPIipo1DSa4qXnHLny4JmA0FDqMAK08CJWc4Ws2nMx4T2sHnl3YYUJiLp g0YaLz9ICX+o3upCRdPEMxOdR5JPbo2L0hyOZFaafXJZTLJhpoMUtC4qZxFQ+g7i 5wMZr0uu7VhD9iCJrM2WWlNQIjhFBBVX9P7MReo/NcvtAs0+MoyStDgaIRzYwY7P bHfQxdtCieqlJEok1C4dGUcLr1pdrfnpRKdkg638Tg6eh8RtI+0PXaLiO7EVzir5 8INsXKfpC6velDULokJAdnvYmBI52jyG8ymc8+RpPYnLKeJO7FMCKpjCMld5MsD1 4UlHXf22zr1xijBpVqhqg84+iad7DZoCd1sSB3UF3Qj5MNqDg8VXi0jiFzBI8p4x gS6JZ5khCJTafmvZqfN+DrKw6s4C5pAjCQmbJdmUAM7Spj+/wFLhr7HaxaCi1fZj WchuWieMq1ALLU1JzReS8hFmwezIRvoras36M7ln5eFee4BMk6zN9uQ+/gCHmu61 F/OEK6mXBLZZ97089hYbwsAZZ5kDEGsmh6lZx7r4nW496wswzdrZBQuaBfkuNxUO yyQawW9NwQLQrfET7hhNNEbYlEo5yjvuhvrEL1Hip6pZGygH6cJOYazLEwdidBw5 S5+llBxpXY2REA== =kZIn -END PGP SIGNATURE- pgpwJiDgl4UTn.pgp Description: PGP signature
Accepted gnutls28 3.6.7-4+deb10u12 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 26 Feb 2024 01:04:02 +0100 Source: gnutls28 Architecture: source Version: 3.6.7-4+deb10u12 Distribution: buster-security Urgency: high Maintainer: Debian GnuTLS Maintainers Changed-By: Guilhem Moulin Closes: 1061046 Changes: gnutls28 (3.6.7-4+deb10u12) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-0553: Timing side-channel vulnerability inside RSA-PSK key exchange. (Closes: #1061046) Checksums-Sha1: 93a81798a4989074dbb540165dc2443133796eea 3114 gnutls28_3.6.7-4+deb10u12.dsc c79bd09e9e4e51d64d115931e63301be8045e5bf 104752 gnutls28_3.6.7-4+deb10u12.debian.tar.xz c818ac152fed1b14863385e79078d282227f522d 11437 gnutls28_3.6.7-4+deb10u12_amd64.buildinfo Checksums-Sha256: cbf15d0135d5a7d3942204f90d16ff331355a203de9551d56ad3bc3045699758 3114 gnutls28_3.6.7-4+deb10u12.dsc 6370a6cca2cd83b77362a1b609c584854b2fbc2a104c92ba9eed5db825f17234 104752 gnutls28_3.6.7-4+deb10u12.debian.tar.xz 4709900ff9ad48da46e84d5b53965377c09af13a61da8c3d01e7525a583e8e13 11437 gnutls28_3.6.7-4+deb10u12_amd64.buildinfo Files: be8afc7b54acec98eebbf44a4874c01e 3114 libs optional gnutls28_3.6.7-4+deb10u12.dsc c202b38b0df7f36b34af791fcd15247f 104752 libs optional gnutls28_3.6.7-4+deb10u12.debian.tar.xz 69579501fcb21378c5841fdc9d98c705 11437 libs optional gnutls28_3.6.7-4+deb10u12_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmXb2AsACgkQ05pJnDwh pVL58BAAuOLbk18PG5qhWkBuwYw5EYdvl84xTkRsSFANZ30MJfocqLr7RqELWSJR RiqM+E+rWCcndxb0p5RrLR+Y7D295ozkCdSnSRletYFIcKX9b69iEytaOBjZAQXu G5wPYEwJq/YcJJSiVekAqXtuzJJKgmgrXX7MIXtvqsaXMge+efAJt2tuZG9PpspK r8EkKlYHIEHPRGdCuop6XOTtL2NgpOr4uUZRdEZN7u9GKhRNX7UapotoNXhyaxfz ary0ImuA1+qr6XJNXpvBnYEdo68EajGZJOGjVNBTKtzz0wv/9t7RNk3Xc/D2OJOt zLllY43IoV6EiACERgcYLd4w/mlhLC1XmhutBYBLP4O3Ak7Cf5Fu4JGrLxfO5GeV 0zu6K2QhWyIpDkw8FnZMsKWsCK3cZGB3lny8ZkxmLP0BA0cfZrFOhzzATaQQxBKT 2j/BU5PCAo8KRm0l0++belM/E2Z23PwIGW/OdjdqoDmTETpWXsxWn5laUkZ/s8Nl SNBk7UeR/tNv+yXE57dZMHdxpPngio4OjO16nIXO1O0CC+ZxlZTgcCmGM6b+8DDh TWzTjScXPdnKWoKLG7GF7w19EHQwSjzIHoEp1/lVUIk71tFimfvEJntlKnU06Ndk 8mmXOybRt2slidPzaXUGrt8d0oS/8BWa2DtCquje88azBqwJ6K0= =tmq+ -END PGP SIGNATURE- pgpW1gtuOTzTt.pgp Description: PGP signature
Accepted libjwt 1.10.1-1+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sat, 24 Feb 2024 09:03:02 +0100 Source: libjwt Architecture: source Version: 1.10.1-1+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian IoT Maintainers Changed-By: Thorsten Alteholz Closes: 1063534 Changes: libjwt (1.10.1-1+deb10u1) buster-security; urgency=medium . * CVE-2024-25189 (Closes: #1063534) fix a timing side channel via strcmp() Checksums-Sha1: 0f01e52a78ad55601b8a4b84814b18d1069f4cb6 2383 libjwt_1.10.1-1+deb10u1.dsc 0adf82766b762a5cb8efac0ab0222427de9d3c86 91258 libjwt_1.10.1.orig.tar.gz 82fbb9306c740d647ae82e81a54f9c6ce3497d23 8304 libjwt_1.10.1-1+deb10u1.debian.tar.xz 33df96f8b3a8f222d0068dd9d88f691f600a6212 8165 libjwt_1.10.1-1+deb10u1_amd64.buildinfo Checksums-Sha256: 63971303270e2bf5c2a76624f362196b1c7d53906be0cd77bd9de24c982521be 2383 libjwt_1.10.1-1+deb10u1.dsc 4f8f827248af3998c979fa97cfd0aca04956f2b340a379bcb93da66c9a3f63b3 91258 libjwt_1.10.1.orig.tar.gz a132d701ae1920a093a706e87d2ebaf4a478b0d20ecc2144cedbaf3b0f758f52 8304 libjwt_1.10.1-1+deb10u1.debian.tar.xz 9f97b27ca903af80c6ebcc886f6f7e43367f956bc6e47a228bc479bf51f8dd97 8165 libjwt_1.10.1-1+deb10u1_amd64.buildinfo Files: 9e183e38c8bf975b69fe9b5273b30ae6 2383 devel optional libjwt_1.10.1-1+deb10u1.dsc 5c5ab84bb0e3ccf30ee2891e7f719875 91258 devel optional libjwt_1.10.1.orig.tar.gz 6425141bf9407d1c7c6e5a7736e933e2 8304 devel optional libjwt_1.10.1-1+deb10u1.debian.tar.xz 24dd3a02d976ebf5fb6fca3d1c2cd8e9 8165 devel optional libjwt_1.10.1-1+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmXa+vVfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRwXjD/9SKdeBybPLQJmvvSZqP+slQ0FMrXfn ju1CWRrOmmyID6a0B4fJKV+Jk1lIUmFe44PW5PGNmFYG3E9KpkGoaqn9zGucKImk ycMcnn2ZnCwyvlJtM7lKR7W8GIfvoftlZndMdjXLqRwpmArCYjiwdv3gZxt5OFTX OEt8LaWP6K6To7mUx98Q4sq9w3KyBY1ixjNDMpwNRSnaycWCsmwtM3bQOU/gZTKT 5oRG4fmy9Blyp3bxiwN6tG1xhyJZ6SE3pkvh1jsLzfXHtWvO4vCXZ/XI/gS0xMuh xZ0UzQwdMhvORlG3zzkaLmUyfxilEdiUzsNfF0bWV7g95h+L7BXmA+rwrTOId6v9 5cUD+o1xqBFfcReJlEHo23XdjG8FBL5mZPdhTEDVBtagbjxXPe88+RW+vRV1xgqZ j3hyoQomNRW+th6O1nLgAwp74fN1dvOvxOE+E6JSWTnDENCYCB392ZH9WKZYTBHG 1PpETXUADAZ1snv67jMRu0g0u4XGLlLIscEfIOhKFMQJwk3MllQvq6Jk91dvLlyE ZoBmdZn9TOXY8mRys+FOj1cZ7fCY4AgA0iXg+Ntsl8fTqIFq5O4Ndinf6ZAI0Mw3 I7VIvVW0yNjLgR84WDU0aF5JLZv2dwW4cV7dj5ycyCI2V2a0xXtxFZVXkvxpHf7y Zr8AuwvHwrOaYw== =nUbW -END PGP SIGNATURE- pgpwHbRV99UZp.pgp Description: PGP signature
Accepted firefox-esr 115.8.0esr-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Feb 2024 19:32:23 +0100 Source: firefox-esr Architecture: source Version: 115.8.0esr-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Emilio Pozuelo Monfort Changes: firefox-esr (115.8.0esr-1~deb10u1) buster-security; urgency=medium . * Backport to buster. Checksums-Sha1: 736d115aba7f84eed1da18cb501a878803d14f98 47169 firefox-esr_115.8.0esr-1~deb10u1.dsc ea39095f58724c2c66e14a992a4e367b210729f6 183859 firefox-esr_115.8.0esr.orig-l10n-ach.tar.bz2 955ae0dbb1c80dbeaa4a31347c88a2f6ec76 122878 firefox-esr_115.8.0esr.orig-l10n-af.tar.bz2 83cfbc167a85a21569fb646eba3c7d401da2b01e 221134 firefox-esr_115.8.0esr.orig-l10n-an.tar.bz2 17fb77d6272cbc1e9f4dc5a4188eac4167f0edb1 251014 firefox-esr_115.8.0esr.orig-l10n-ar.tar.bz2 1baef1443d8dcccd1177a6dfe884a830d4ea11d6 185485 firefox-esr_115.8.0esr.orig-l10n-ast.tar.bz2 bd519ef82ac8654e15391d98299a7cd7d7558815 195387 firefox-esr_115.8.0esr.orig-l10n-az.tar.bz2 0cd84157686f86353b41192e7adf4cd81dadde4a 325843 firefox-esr_115.8.0esr.orig-l10n-be.tar.bz2 47ea97dafed9664f9ebf5176ef9ee19892dcb999 1487170 firefox-esr_115.8.0esr.orig-l10n-bg.tar.bz2 42ee7f77948c20a5571abf0242df937b4a11796f 233372 firefox-esr_115.8.0esr.orig-l10n-bn.tar.bz2 1d70755f8ca7a8792784733cb3a5ed2f19520dbb 1669563 firefox-esr_115.8.0esr.orig-l10n-br.tar.bz2 7ca91662b78e892303b952fe3175ec0371b0de26 191375 firefox-esr_115.8.0esr.orig-l10n-bs.tar.bz2 da2c51d7e4605c2201b336e4871782af43490a2a 241396 firefox-esr_115.8.0esr.orig-l10n-ca-valencia.tar.bz2 466442c774d34ba89682d6efccd1ddd391176587 713391 firefox-esr_115.8.0esr.orig-l10n-ca.tar.bz2 af79d54c9f282221b4eaf8fe50032455d16ce577 286038 firefox-esr_115.8.0esr.orig-l10n-cak.tar.bz2 3a2444ee0a685458a4431cd10620067b587039ae 332464 firefox-esr_115.8.0esr.orig-l10n-cs.tar.bz2 69259a37064af0d238d8ca12c2b155f27cb99f11 321977 firefox-esr_115.8.0esr.orig-l10n-cy.tar.bz2 f05bfe1bf9be8b62091689a8e8bfeeffb384d01b 1088333 firefox-esr_115.8.0esr.orig-l10n-da.tar.bz2 b0d2b8d509f32dfece7565f36be97e5a6c318bf6 322496 firefox-esr_115.8.0esr.orig-l10n-de.tar.bz2 4422c227896ddeeed85eef131ba6e5f4627994bc 324812 firefox-esr_115.8.0esr.orig-l10n-dsb.tar.bz2 74664174cef18370bbe4ddc938961b874e8d1f4a 2134233 firefox-esr_115.8.0esr.orig-l10n-el.tar.bz2 4d6726d409dbd6e43629064549b73d367cfd2e9f 511051 firefox-esr_115.8.0esr.orig-l10n-en-CA.tar.bz2 41831465cd0ef74db751eef2867e9df3a01da594 298713 firefox-esr_115.8.0esr.orig-l10n-en-GB.tar.bz2 a9288225b72445c076be79c9e5e929737dbf8454 306853 firefox-esr_115.8.0esr.orig-l10n-eo.tar.bz2 931d2f3e816dd470101c28dea4e7eec76ad46355 585383 firefox-esr_115.8.0esr.orig-l10n-es-AR.tar.bz2 3901d1e1e5a3358a83972b367738e43711948c36 582136 firefox-esr_115.8.0esr.orig-l10n-es-CL.tar.bz2 7cde7b2c698925cfce3fe396cc08cc47af480b8a 579827 firefox-esr_115.8.0esr.orig-l10n-es-ES.tar.bz2 60043169bff93afec64be891f44d43150ab107d4 568982 firefox-esr_115.8.0esr.orig-l10n-es-MX.tar.bz2 64ce7514b86a753d2ffb51dcb4d8d960cf64db2f 1137767 firefox-esr_115.8.0esr.orig-l10n-et.tar.bz2 2517d444558d0d9177b73eeabc83b853aa5df9f9 303384 firefox-esr_115.8.0esr.orig-l10n-eu.tar.bz2 438f7f226779f93fc7016ecb80b387191bec4fa9 238577 firefox-esr_115.8.0esr.orig-l10n-fa.tar.bz2 3f35c8520eba3b237f85c4c5b5988d7adaab9d95 201291 firefox-esr_115.8.0esr.orig-l10n-ff.tar.bz2 be53bc4d3f0961c1f066bd6031998103ef3a5dc4 312385 firefox-esr_115.8.0esr.orig-l10n-fi.tar.bz2 b30660dfbfc832b7bdcd5ee7865398fdfc39cc08 723158 firefox-esr_115.8.0esr.orig-l10n-fr.tar.bz2 abeb9a141716c1a7e19408371915f0dcbe164a7c 322383 firefox-esr_115.8.0esr.orig-l10n-fur.tar.bz2 391ca570d735abe9078826a9967730f67e9c72d0 2380463 firefox-esr_115.8.0esr.orig-l10n-fy-NL.tar.bz2 8748f68928e852caa7de7dd31c3bac937547061c 183136 firefox-esr_115.8.0esr.orig-l10n-ga-IE.tar.bz2 69160277670809a5982c44fde8ee8b17c1b48f6d 302200 firefox-esr_115.8.0esr.orig-l10n-gd.tar.bz2 96ae52f76af63e02f49a58c0ee2334524f537c4a 309985 firefox-esr_115.8.0esr.orig-l10n-gl.tar.bz2 20a02c0297b16dde1a71bcbf43274d7eed8492e6 312631 firefox-esr_115.8.0esr.orig-l10n-gn.tar.bz2 abed6babb06bb9f5e064260aa12e9aaebbc0f063 196384 firefox-esr_115.8.0esr.orig-l10n-gu-IN.tar.bz2 93893b9c04db500ffe174d51036d11694a6a4834 281882 firefox-esr_115.8.0esr.orig-l10n-he.tar.bz2 5953f2eba0858c5715b51067b30469851abbe5c2 222138 firefox-esr_115.8.0esr.orig-l10n-hi-IN.tar.bz2 d52a97ab376f841d110f29717b7a3f07c241d453 265738 firefox-esr_115.8.0esr.orig-l10n-hr.tar.bz2 44ba3b6ac2ea605d8b50b96cf613ee49c7b3167a 324565 firefox-esr_115.8.0esr.orig-l10n-hsb.tar.bz2 84ad2a3ee19be6d72f12c33606393a43cae5d8d3 1043704 firefox-esr_115.8.0esr.orig-l10n-hu.tar.bz2 75c5283c459f292846e1c1c275c3a85655940c35 260317 firefox-esr_115.8.0esr.orig-l10n-hy-AM.tar.bz2 1d7edd3f921cd71d37ad5117eccebcf0ec45217c 314574 firefox-esr_115.8.0esr.orig-l10n-ia.tar.bz2
Accepted thunderbird 1:115.8.0-1~deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 22 Feb 2024 19:07:15 +0100 Source: thunderbird Architecture: source Version: 1:115.8.0-1~deb10u1 Distribution: buster-security Urgency: medium Maintainer: Carsten Schoenert Changed-By: Carsten Schoenert Changes: thunderbird (1:115.8.0-1~deb10u1) buster-security; urgency=medium . * Rebuild for buster-security Checksums-Sha1: b72053485f4044a5b434071cfe5acbe19d974ae7 8391 thunderbird_115.8.0-1~deb10u1.dsc 39c4f948f0ce2f9360c88d356f8347197f3df9e1 549116 thunderbird_115.8.0-1~deb10u1.debian.tar.xz Checksums-Sha256: d22ef25b8b4519d98022c2cc38cf9e7b1bc1114dc3963ae799e24ae5f42f85c5 8391 thunderbird_115.8.0-1~deb10u1.dsc a523abb26e3c72216005d04de64f5975ad98e2ead5247338a15e053c40bed5ad 549116 thunderbird_115.8.0-1~deb10u1.debian.tar.xz Files: cf64c5d99774c8cb295c301c9161cf61 8391 mail optional thunderbird_115.8.0-1~deb10u1.dsc 88b37b35b33e4ed8392f9043970f38e2 549116 mail optional thunderbird_115.8.0-1~deb10u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEtw38bxNP7PwBHmKqgwFgFCUdHbAFAmXXmtwACgkQgwFgFCUd HbCvig//bASAT/8idC1c0AvMbPesBNIEwo2MVaCZ1YyBCwQHW+AwryYv9jAu25+b qCLJ4Etv/ksQTE0V8Em+nINYSHWCILKdPSEtCOqg5fsngnxbjUxpjk0ZxgDmjgdl JgwZGOdDrLub9JGYRBGyBn4ZzDmkz4LaPF2r8udGk4Em5UIa9zfJYmm0aDAFGdDR WPMtX7BNbDaed7GCl5HxvuNm9F8/j0h/gRyFfWdnTQ3PysTnQwOn9IfhTXVRvRQS fHXTdeEmAsS9H271bPGPTFws2BGbpADEtfsuy0DF0PVtRPPhftAZwGYVxmwC11tE i21u+8m6/vBqOnp2J34ihwgiqS2ioCxHb0uOzodbzIDryCdeJdm4jXDwp6erfUE6 cr8wW01uRg73CiGQZB/mDRJnfo2EQcDjoyn/b85kxNT1o2SvC2sCqqq22aoLgzAV qYsFzcUT+pyeBjkh8woW13tiJ6mp5jle+EXiGZdZPtvYRxOJMUiWTMbMACQVhKij HuJAG9cV8WSPBsIk6sYFG9i2+e8MQ2OdwR9f4qr70eH2yRLzqdcOY3eIj/aIbzSu q+yrcwwK3zgZ1AntwRpLhT+AXXlLhBElLM66ChAHCnKrxhZbBcj/2nE+A2qasOXf qKA5v7W4MbYEIhtrbleBCNPDJUzqaz22CVUvtdbaHOv0WIXnhOg= =j28C -END PGP SIGNATURE- pgpq3ynGqyia8.pgp Description: PGP signature
Accepted iwd 0.14-2+deb10u1 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 22 Feb 2024 12:54:16 + Source: iwd Architecture: source Version: 0.14-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: Andreas Henriksson Changed-By: Chris Lamb Closes: 1064062 Changes: iwd (0.14-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2023-52161: Fix an authentication bypass issue whereby adversaries could gain unauthorised access to a protected home (ie. non-WPA2-Enterprise etc.) WiFi network. (Closes: #1064062) Checksums-Sha1: ccd5d6d87ec6709497601a62aea083f74c86a429 1824 iwd_0.14-2+deb10u1.dsc 7eda226ec077584ed081c2cf740b9c7dff094db7 700844 iwd_0.14.orig.tar.xz be6822fcb08fb91c50192984fd1ab2e4d024562f 7252 iwd_0.14-2+deb10u1.debian.tar.xz 270c953da2b6276580a0d5cee4e1611c26e2d33a 6727 iwd_0.14-2+deb10u1_amd64.buildinfo Checksums-Sha256: 80745f3ab93f7918103e43a8fadf06c97f7b286cd3a0527e6c571733548e6a3d 1824 iwd_0.14-2+deb10u1.dsc c4258b5789a8074a2dfdc33ed5f02415b62ff1ce0b7cba636402883933d6a643 700844 iwd_0.14.orig.tar.xz ed9d8d9e38c3a5a4058cf7c816f763adb22b1d762f77ca9e1d191520fd334022 7252 iwd_0.14-2+deb10u1.debian.tar.xz c96c5251d7188f3bca625f0e6a04a182740d7a565f79fcf83874061efc1d5610 6727 iwd_0.14-2+deb10u1_amd64.buildinfo Files: 1550bf4e6bc3bc4c1c1bcc3ca6d96231 1824 net optional iwd_0.14-2+deb10u1.dsc 0f776b000a03fe1e8ec04fa16445754e 700844 net optional iwd_0.14.orig.tar.xz f5f5fd7271e9f8e475d33d60b19c34ff 7252 net optional iwd_0.14-2+deb10u1.debian.tar.xz 713140e74b508bae2e4678a5972c428b 6727 net optional iwd_0.14-2+deb10u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmXXR5MACgkQHpU+J9Qx Hlg4wxAArpXPrPTHFaAJRC8vW8fXOKdrE/SYnUDgVf5EX9jWjmObIfc1EC4f0fCV V8ZUwmP2zLRULK6BjqKyNOuC4bPW/lXFZ/a0BdZLEgzzPclz67kTwZhseCcyjJcb CD6ASvvm5h3HtEQZQLIX2DIPZt/2AN36iyUJV+mjRmCjAzBfYTqrZSpMx1ejM4nG gDTBJH166p9vf6fsvuQA99MoXG/6DAeZOgVzfLomlCtP2bGIOGPLYKcSV/+bIvwE ozh7rtrxovmwwSRRvrYf8duSFv3HML+A1ICYfbK6fdFcUKavPPCGIZR9+aFZLKd8 YcQSBxHYjTrL2PrG6v02+Yroi9Yh07gXgnDJ/xoUDrOfscAX3cHw4FIK+Bz+jc3s 55kYBN+M4fE/+T89eqQJfqVuEam3+CRGEtvuFQqGMU3RDWKLJrQqlMEL5mzSzRyG 68pnBv0tE4DExGi9uPsgaT7QX6OOrewA2IRYd6vb8x7eBiN7aT2pqgjI47CJAaUE Aa25abVXYVp9Cbpkv1r0DAoM0/tdRGuIqWyKL7jRBAF7MSQJIDhLAhCcvk79zz4V 9MV7LF0B5U5BVhqgrdbcH/WyKw6aavWQPIsMm2ApWkfDMKfwKzYG/DIio4b9LHxb xO/K84anz5mZrSNdxVKB//r6iQi8l9s89iOfHCCaPZgfGanTvow= =irlw -END PGP SIGNATURE- pgpOPstcY_oxf.pgp Description: PGP signature
Accepted imagemagick 8:6.9.10.23+dfsg-2.1+deb10u6 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 19 Jan 2024 13:20:50 -0500 Source: imagemagick Architecture: source Version: 8:6.9.10.23+dfsg-2.1+deb10u6 Distribution: buster-security Urgency: medium Maintainer: ImageMagick Packaging Team Changed-By: Bastien Roucariès Changes: imagemagick (8:6.9.10.23+dfsg-2.1+deb10u6) buster-security; urgency=medium . [ Bastien Roucariès ] * Fix a heap based overflow in TIFF coder. * Avoid a DOS with malformed TIFF file. * Avoid a memory leak in TIFF file coder. * Fix a non initialized value passed to TIFFGetField(). * Fix buffer overrun in TIFF coder. * In case of exception bail out early in TIFF file handling. * Fix unintialised value in TIFF coder. * Raise exception when image could not be read but no exception was raised in TIFF coder. * Fix CVE-2023-39978: a memory leak was present in Magick::Draw. * Mark rmagick test as flaky * Fix CVE-2023-1289: A vulnerability was discovered in ImageMagick where a specially created SVG file loads itself and causes a segmentation fault. This flaw allows a remote attacker to pass a specially crafted SVG file that leads to a segmentation fault, generating many trash files in "/tmp," resulting in a denial of service. When ImageMagick crashes, it generates a lot of trash files. These trash files can be large if the SVG file contains many render actions. * Fix CVE-2023-34151: A vulnerability was found in ImageMagick, due to undefined behaviors of casting double to size_t in svg, mvg and other coders. * Fix CVE-2023-5341: A heap use-after-free flaw was found in coders/bmp.c . [ Santiago Ruano Rincón ] * Enable ARM builds in salsa-ci.yml Checksums-Sha1: 7af5a1e0dd776b1c4a4b9f73ab0cb8e6f3cd17a3 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc 641b8eb20e2deb2dad12a101293e9905be6134d7 266256 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz 44e5d1ed6445607d239733180714c5169efb4e30 31683 imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo Checksums-Sha256: 53918c05acea7724571ec97ec111c8fa229eab843c96116854d7920e62360dee 5239 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc 1da356e74bc3c3f1df08d1a379c8d15400989fcd5ed422dbd74b7c66153d55d6 266256 imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz 0803e5caa0253571b089c4dd56acf2d58ec4ee4b56ff6125ad70e8ed2c5c8fed 31683 imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo Files: 22fee2c63d2be6779ce40b814873a3e2 5239 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6.dsc e49e6b6111835635e0a9f436b774ee0b 266256 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6.debian.tar.xz 58c5058b6e550fde8b074ec63aaeffce 31683 graphics optional imagemagick_6.9.10.23+dfsg-2.1+deb10u6_amd64.buildinfo -BEGIN PGP SIGNATURE- iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmXWVQERHHJvdWNhQGRl Ymlhbi5vcmcACgkQADoaLapBCF+w5RAAmnd4qav2hNgnlIfp3eC1mgkHIrOrNUBl HZNufudpnvKiefYbPsX74w+BtR9h2MKeoav+kGHpXvmlk4RTodO6fh4c/YJPEAPh A5/2J8zkjF4M7UDBBpzLXE6nUYM6EC64gnJ8rbH+xGnVm3aly17VnCfiatKqfvAc kc80jqdAM2AhGU9CGFFA2Q7GybSTh0/pWPtu7goBTxQdtj/JXdHV3rY1ZW0haxyk x2WjG8yF6R76b01pNYkFbPkGJ3jEaBL2ZCyjYwnXK/+nTbCtzsnUmJfJDdzvIIlu oZp4QTRZGDw5fTw2081r2rgwTiqJ7/IKDKoEO/dAJ8FkgFPwUSPEXlmF3PQj6kCc 8vVtHuocgzP6JF10ZV9+wovdGYOR5B063joCVOBQwzs4dJMD439LzioyD6l03dUL eVW+PdnGys5+EEmdeQOJrzvKToRYp5LMSUxfOY9js+8RcYwjY8OOvSzr9KW3BWGT aHDGaVs4eXNeMrS/z+XBfIQcMn/66dpF7rfX1LTFAZnpqaAtvfOFw2y6jA7KWAUo cqKarA6zPWJAPZLQ2f/iv1GfV12wAF/xTy4pcnMNRVSb/KuC3w+8FLPevRqOBQ3q x3RuyvNoFERgwCqdzZAavGIAZee9TH2RmmZX/hPrm3y/sJ015oHzDq+Nz7Ar5Nac ntlUu/yPdrE= =9ZKr -END PGP SIGNATURE- pgpcAnFRH9J0u.pgp Description: PGP signature
Accepted unbound 1.9.0-2+deb10u4 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 21 Feb 2024 12:06:49 CET Source: unbound Architecture: source Version: 1.9.0-2+deb10u4 Distribution: buster-security Urgency: medium Maintainer: unbound packagers Changed-By: Markus Koschany Checksums-Sha1: cb19ae9923fd9576dd338e5ac77e3d56734be91d 3209 unbound_1.9.0-2+deb10u4.dsc 746f1e7b96789c9b76b40c18abfb815ea129e0a9 50628 unbound_1.9.0-2+deb10u4.debian.tar.xz 15f6bcf6b8d78857e4bc3a19cc38f51c5b085191 11519 unbound_1.9.0-2+deb10u4_amd64.buildinfo Checksums-Sha256: eb3725142a45ff8211d8b2f8ab0506a58cb5503a6c7527cafb5fe072c4912fa1 3209 unbound_1.9.0-2+deb10u4.dsc 37e6fa5153d01ce11240287feb874978c7d3ab76b7f1203050a9a1a7bd2be5be 50628 unbound_1.9.0-2+deb10u4.debian.tar.xz 5a72c23c90ff576e7e0fde4a37e22007454f046901b0a02a602622f2c26af6be 11519 unbound_1.9.0-2+deb10u4_amd64.buildinfo Changes: unbound (1.9.0-2+deb10u4) buster-security; urgency=medium . * Non-maintainer upload by the LTS team. * Fix CVE-2023-50387 and CVE-2023-50868: Two vulnerabilities were discovered in unbound, a validating, recursive, caching DNS resolver. Specially crafted DNSSEC answers could lead unbound down a very CPU intensive and time costly DNSSEC (CVE-2023-50387) or NSEC3 hash (CVE-2023-50868) validation path, resulting in denial of service. Files: bc808249dc6f81fea9fbefad3192a597 3209 net optional unbound_1.9.0-2+deb10u4.dsc 6a7f4a95afcbeba56da58e8a1c02dc65 50628 net optional unbound_1.9.0-2+deb10u4.debian.tar.xz 1b6953ed8a5df9b4880becaee239dc03 11519 net optional unbound_1.9.0-2+deb10u4_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmXV2Y9fFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkpFMP/i4KGn/jNxHxImceBerVMXTuIwFozIQrG8ES 5Hs7lB77jkMDZTV5n8IOjiO3vVKxUpDp+ydyPbv1fbDx8iU1dtOm1Dc7d5Smbm+Q jvBviG62CEfN7vfebomFGCTRmjK5IynddNZhj+GPEVApXoJJtnc2sLbtU2lCEIsO wnfnJMlo7IpAwZ6sK7w9HNy+X5lIX1ZwQF8+DH9EPWlxRlcFtS/CgO0p/nksHYSG c2Hka9MklV0A+PLqx/Kl8KYOZNdf9ubWb9Yjc03qZwFNxl1yRDqueYyE3FNT1yG9 UI2CepqfvNqbVjX6xogeP6ZQUu/ZsaDdY5iiM+76jkdpZgkUFinyyKvV8IfHO6Fq /XAjCM33UWwRQojdxWhj6ueidsuyA3rRZr155QP15INR/ip7mqmHKuCujtmaqnwb tqG3lBAW4K1fIAgt8hEbz5M98pROhhrGb8z71pX7q06tYFNNvFVvC1USf4DJNGIS 8i1A0LWzU4S6yISpOWWvqo/hRUpXROfYUN79saJkpSbNPr5If/KmZhBypyszuIOW ST2KsyTNWnFrX5rhHN/9X55VhdRh1Et85UMo/zCKJtCgcCRWQMx7Zg5CUZThq0k7 vfAsMzJB8gHih5OizGb/KgbiCo2Osko/IiKSHTPHl6kywlBp0F3bs0eFbBgwbzqo 6GkkO8A0 =/ePO -END PGP SIGNATURE- pgpdqDGlJnXvO.pgp Description: PGP signature
Accepted runc 1.0.0~rc6+dfsg1-3+deb10u3 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 19 Feb 2024 00:02:56 +0100 Source: runc Binary: golang-github-opencontainers-runc-dev runc runc-dbgsym Architecture: source all amd64 Version: 1.0.0~rc6+dfsg1-3+deb10u3 Distribution: buster-security Urgency: medium Maintainer: Debian Go Packaging Team Changed-By: Daniel Leidert Description: golang-github-opencontainers-runc-dev - Open Container Project - development files runc - Open Container Project - runtime Changes: runc (1.0.0~rc6+dfsg1-3+deb10u3) buster-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * d/patches/CVE-2021-43784.patch: Added to fix CVE-2021-43784. - When writing netlink messages, it is possible to have a byte array larger than UINT16_MAX which would result in the length field overflowing and allowing user-controlled data to be parsed as control characters (such as creating custom mount points, changing which set of namespaces to allow, and so on). * d/patches/CVE-2024-21626.patch: Added to fix CVE-2024-21626. - Due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape, or for a container process to gain access to the host filesystem through runc run, or to overwrite semi-arbitrary host binaries, allowing for complete container escapes. Checksums-Sha1: 147181303583fae6261fc9f73f1a25ac9925e5b1 2825 runc_1.0.0~rc6+dfsg1-3+deb10u3.dsc 4621756acb358643463fadc903c270537cf28394 205292 runc_1.0.0~rc6+dfsg1.orig.tar.xz a62e115b17a8725998c9cb9c2263f592e943a4c9 27044 runc_1.0.0~rc6+dfsg1-3+deb10u3.debian.tar.xz 0267f33028519b3c14f9231200cedc4723ce2883 177412 golang-github-opencontainers-runc-dev_1.0.0~rc6+dfsg1-3+deb10u3_all.deb 1ea03dd17f4f76292bb33c4578fd37cdb49901a4 1903184 runc-dbgsym_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb f95f3e3417ab07de0d58d8d62ba494862d38ce9c 8971 runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.buildinfo ec6290127b356eaef827f15eb328acdeac4a5d19 2580452 runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb Checksums-Sha256: 255fea4ff97960a4db4e451d8f987e57f12df43890364e008914ce4a29b5456c 2825 runc_1.0.0~rc6+dfsg1-3+deb10u3.dsc dbb1b7e3751687edbb23738176f38f36b6b21a146c8a1af4df6c19a17cd6dfae 205292 runc_1.0.0~rc6+dfsg1.orig.tar.xz 37b11fee62362fe5bd73a3c1da9a26ca33b5ea7963ce4ebf0634d648925ae608 27044 runc_1.0.0~rc6+dfsg1-3+deb10u3.debian.tar.xz 6b7c4f5c9aac425c5596a4a0c987e90251a4408eccdb89142c0c90c773e6db70 177412 golang-github-opencontainers-runc-dev_1.0.0~rc6+dfsg1-3+deb10u3_all.deb 9cb8d1496440f7617ec6e1bf315dc06519685ae65fc27ef8dbbfab7278b3b6fa 1903184 runc-dbgsym_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb ebd3948d1bc225e9349501cba1b5bad5f46893346551c33345a70acda2ca08a7 8971 runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.buildinfo 3e2d15874180f63206dad51d85003c029fc65a4b37be841be9bdfb1a8c123598 2580452 runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb Files: 58a62723a62bed4299341800637989d3 2825 devel optional runc_1.0.0~rc6+dfsg1-3+deb10u3.dsc d3f9984668dd53953041843ee26fa4d7 205292 devel optional runc_1.0.0~rc6+dfsg1.orig.tar.xz f7fada2a1cae1ac5baaa3bf53388abce 27044 devel optional runc_1.0.0~rc6+dfsg1-3+deb10u3.debian.tar.xz b923af3f3d29df3115a0133e8a977f2b 177412 devel optional golang-github-opencontainers-runc-dev_1.0.0~rc6+dfsg1-3+deb10u3_all.deb c6d4c1cb1cfa6dfb334788d14359e227 1903184 debug optional runc-dbgsym_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb 0e6fc60632240a44a2c2af80610cee34 8971 devel optional runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.buildinfo 983b37b95a59db2015ff0facc23769f3 2580452 devel optional runc_1.0.0~rc6+dfsg1-3+deb10u3_amd64.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEvu1N7VVEpMA+KD3HS80FZ8KW0F0FAmXSndoACgkQS80FZ8KW 0F2WnA/9HOWTDWjzt9AEBi0doQ4JguR3TbhNgyBAQzao5gSBHp7CkI4F55SRj+bA vkCSQyoYtIOjqt+M/LZ/8kNd7Duw8kh+UGBxnJzea+qwJ6nsfKwo9pAPql9gI+Ss U0vMfUuPYcT5ZM6qoLDhF2HGcvibWb0xHhrW2Iz3xc2C/PX/TUvpa8iDdJb3A4q3 PljNgHfTFC52dj20rzzN5i9NRQPLRSEmYNEYPyNguvf1+AxFbBYX0pFTcjzE0ReE NaNJ2dZWFlkwrpbngLbIGd+vNPdaDmKAkhMtUQxxNUj/qNI5JlF+BBeBav9APBir QW4FdH5o8uMZp+b/Mi0L4alP7el5APqGM1O1csNAOQgkEwe0m8GFXCSKlaaW8Cr5 Anx19JGimc0ysxbqTbxAHCkUCDvXmnTUbkJM2iCyhj7KnNxts6KP8YBiqbEQUu/d yFEROU6SAAE+eeno+h3NBBeaaFryJQRR3Uta4neXiuSzXrIiNYy68EdHdOmGtbtZ C0JNrM7KlLAb3bteJOLnjdHRBtyKdgHKD/uVE2pir2mnlOSqOC4V8Zo0KP7Jyead 9RxqNsoVwbOX6zJRoe8aSyB/q3y4bdAR7gRf/sqhv7WIPrtRQVNfCvnjYDz+5ZvD vQ8KpgqSq5Y1Loo9dH91d15zVHSNHtaLAOXZU3PDV5/eJ8paQgU= =fvv/ -END PGP SIGNATURE- pgpFC6rx4TCgq.pgp Description: PGP signature
