Accepted ruby-openid 2.5.0debian-1+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 09 Oct 2019 17:00:00 +1100 Source: ruby-openid Binary: ruby-openid Architecture: source all Version: 2.5.0debian-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Ruby Extras Maintainers Changed-By: Brian May Description: ruby-openid - Ruby library for verifying and serving OpenID identities Changes: ruby-openid (2.5.0debian-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-11027 Avoid SSRF for claimed_id request. Patch source: https://github.com/openid/ruby-openid/pull/121 Checksums-Sha1: ff8368cf66c0811859caa1e2091a7ed7fb97da04 2146 ruby-openid_2.5.0debian-1+deb8u1.dsc 10d425fb8ec63e264845583f5ad753cf458523c2 326346 ruby-openid_2.5.0debian.orig.tar.gz 3e1385925f6b0f8b0255d21467b71e373a32b4b8 7548 ruby-openid_2.5.0debian-1+deb8u1.debian.tar.xz 789876cb6e453cc5fceb4e9f4b0a297535f6a07e 170744 ruby-openid_2.5.0debian-1+deb8u1_all.deb Checksums-Sha256: 03fb3965d9f97a954aacb7027431ff2b306fd061f3d28badc3fac6e201d82d3b 2146 ruby-openid_2.5.0debian-1+deb8u1.dsc 197a5c1ed63a3bcdb6513a5804c34d5b072f3d9303bfa42e9018ff03b3c50589 326346 ruby-openid_2.5.0debian.orig.tar.gz 7907f41a170a59ad676c5d0ca1cabe6912f4f05a71879a829d652e9e555f0b62 7548 ruby-openid_2.5.0debian-1+deb8u1.debian.tar.xz 8278715c697ac1624cffe8f5c8bc086eb1f7fdb43918d1f18e1a4eb68ef58e3d 170744 ruby-openid_2.5.0debian-1+deb8u1_all.deb Files: 9d418b87bc78d816cbe40b339abdcabb 2146 ruby optional ruby-openid_2.5.0debian-1+deb8u1.dsc 0c92bf53f4de09070b51a12d28225190 326346 ruby optional ruby-openid_2.5.0debian.orig.tar.gz db3e2796a8b1a075f3b7ebc5be2d911a 7548 ruby optional ruby-openid_2.5.0debian-1+deb8u1.debian.tar.xz cccea7acc886ba2376107163694a8475 170744 ruby optional ruby-openid_2.5.0debian-1+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl2gBT0ACgkQKpJZkldk SvquCg/+N9tovppp/SRmg4+V3xukowx3l/hevba8P/3F5s27DJJsYC91YmyM09my AyUf22CkzWBgEGpQ5X18OlO05CRLGki4V8N8v1JLiINETX/XzV92Hd4vlkI4a8kC A7jFunGuAi/5CffeXecJo6AN+SHoQhJTDF4kyVQttD1qU938CYKiWR0fRJDSwYoM nh+5BJbrmqtHENb2LFcMi3uHhyF7ZB9uHoio+64ZICQn4EGCDwmweK5b/72NaJWK P/OWeQJ58Sk6IKYVthMuT41OKE7ZmJ6Jkl+3MAD9Mw4KUdgDRrw7cso5jGZXzq6o MAOEfUGIcNzKk3q4DXAt+GaC6rHOXfVg1u1IImIMGNKn+qN/5nb968S+pbD67bQ6 qzq+dp3pcgPulrN7zMGGIM1qq5Fl/9P93R+SgsOZTEUkY1oaZ+Y/9f/w6Te62IRO SDStqarkjyvTNSpmf0JKl1LOhc5M8nyW72mj9RIF1jywXJZhQa8JSFY5U+e/vZZE ihuUUkZXCbYW+Vk/px4R+uDFjUV0zqQD0/BQZgA2wmwwIZSBoDQH58iobdHmsr1a CuyiufXJ/jxf4o0qkdz231L3a53+QOm22nvjEiC/MuFUYow2k9WGvbfLIf6qxtbM rcsFdcNgw8m6vTzNb09/QPQWoEl02rGYfaRfPsBAMxcLf3mSjgg= =gTrI -END PGP SIGNATURE-
[SECURITY] [DLA 1954-1] lucene-solr security update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Package: lucene-solr Version: 3.6.2+dfsg-5+deb8u3 CVE ID : CVE-2019-0193 A security vulnerability was discovered in lucene-solr, an enterprise search server. The DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debugging / development of a DIH config. Since a DIH config can contain scripts, this parameter is a security risk. Starting from now on, use of this parameter requires setting the Java System property "enable.dih.dataConfigParam" to true. For example this can be achieved with solr-tomcat by adding -Denable.dih.dataConfigParam=true to JAVA_OPTS in /etc/default/tomcat7. For Debian 8 "Jessie", this problem has been fixed in version 3.6.2+dfsg-5+deb8u3. We recommend that you upgrade your lucene-solr packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl2fg5RfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTVNxAAuEwe3PMnQduc9YzLmK3hduRsQzaj6BalWAbXehYqbMw4vukl+mf6D0Ss fbfIS8ajSTTuegRO/W6vlVLyKYbXPI4N5I5khn5zfru4ypJTojfCWGDHeHGpvfet 218MHQOXU+B0b0vJKVWb624MS8kHse88tKlAxvRBnZRS4WAnPrOhM9P+q/zOHikL BKwLwBMVYPloe/7+5JIKYOZikociq2gzaiFwUQILFK/SAkz9TrimBPquTNFmosWw 2vwxpc4LQ7KDLqRlGF0rxiePmUlecVcBfZnDT7ZpXBWq8dI6iQZk5Y77Uaqw03CR nBp287gvYFD4MvVxRzbd4bv1RuO/CEcvQSxrruwCvWhLzjO9BZdSl2NHNBHJtVfa n1ZgS1u6+1tC2AjVOvXMFP+7auvYYix50BLFZyEwPx9zRD1XEtgvGQPwuvqWG7fR RxyEursttbGIDGdaqahWD2F54UoT0b/khcFRvZZFTryk4z4uRC+npWqJhP+9sG46 i+Ej9ERfH46y+22jAcNGHttD3L7Q9fUHZJoWzWRL2OtNZtV38Z7lofI5lHnHIbu/ BfSdOXttAx6O2sJgKYKdbW4f1w60dtvbb08HTcC53NqB+5SzahkA21AV2aQfu8gt TecDB7Hi70/YSC3Rhb4ro2KLj95dVIF3BJRqzhuvILIqw3dCfBE= =zOae -END PGP SIGNATURE-
Re: packages from old security releases.
El sáb., 25 de may. de 2019 a la(s) 10:41, Raphael Hertzog (hert...@debian.org) escribió: > The reason why Wheezy Extended LTS packages are not in the Debian > repositories is because Debian was not interested in keeping the wheezy i'm talking about ARCHIVE not main! archive.debian.org > repositories alive for longer. > > So Debian is not going to merge those packages. > > And while you can benefit from those packages freely, this is only > possible because there are sponsors paying the work required to provide > those updates. > > See https://deb.freexian.com/extended-lts/ for details. > > Cheers, > -- > Raphaël Hertzog ◈ Debian Developer > > Support Debian LTS: https://www.freexian.com/services/debian-lts.html > Learn to master Debian: https://debian-handbook.info/get/ >
Re: libsdl2 patches cause regressions in Jessie
On 10/10/19 6:35 pm, Hugo Lefeuvre wrote: > Hi Abhijith, > Looks like I'm actually not the one who issued this update. Abhijith: do you want to handle this, or should I proceed with a fix tomorrow? >> >> I will look into it. > > Well... I ended up preparing the update and planned to upload it this > afternoon after a few more tests. Thanks. > Unless I am mistaken, there is another regression in libsdl1.2, the update > was missing this patch[0]. > > I forgot to add an entry for libsdl2. Ok. I see both entries now. > cheers, > Hugo > > [0] https://hg.libsdl.org/SDL/rev/32075e9e2135 > --abhijith
Re: libsdl2 patches cause regressions in Jessie
Hi Abhijith, > >> Looks like I'm actually not the one who issued this update. Abhijith: do > >> you want to handle this, or should I proceed with a fix tomorrow? > > I will look into it. Well... I ended up preparing the update and planned to upload it this afternoon after a few more tests. > > I have added a libsdl1.2 entry to dla-needed, will handle the update, then. > > As the initial mail says regression is on libsdl2. Can you let me know > why you added libsdl1.2 to the dla-needed ? Unless I am mistaken, there is another regression in libsdl1.2, the update was missing this patch[0]. I forgot to add an entry for libsdl2. cheers, Hugo [0] https://hg.libsdl.org/SDL/rev/32075e9e2135 -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Re: libsdl2 patches cause regressions in Jessie
> Unless I am mistaken, there is another regression in libsdl1.2, the update > was missing this patch[0]. > > I forgot to add an entry for libsdl2. the dla-needed entry was confusing, indeed. I have updated it to reflect the current situation. -- Hugo Lefeuvre (hle)|www.owl.eu.com RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C signature.asc Description: PGP signature
Re: libsdl2 patches cause regressions in Jessie
On 09/10/19 1:32 pm, Hugo Lefeuvre wrote: > On Mon, Oct 07, 2019 at 11:22:45PM +0200, Hugo Lefeuvre wrote: >>> This looks like a regression, indeed. I will provide a regression update >>> as soon as possible. >> >> Looks like I'm actually not the one who issued this update. Abhijith: do >> you want to handle this, or should I proceed with a fix tomorrow? I will look into it. > I have added a libsdl1.2 entry to dla-needed, will handle the update, then. As the initial mail says regression is on libsdl2. Can you let me know why you added libsdl1.2 to the dla-needed ? --abhijith
Accepted havp 0.92a-3+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 04 Oct 2019 08:25:20 +0200 Source: havp Binary: havp Architecture: source amd64 Version: 0.92a-3+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: ClamAV Team Changed-By: Hugo Lefeuvre Description: havp - HTTP Anti Virus Proxy Closes: 920865 Changes: havp (0.92a-3+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. * Upload based on the stretch package, thanks to: . [ Sebastian Andrzej Siewior ] * Add support for clamav 0.101 (Closes: #920865). * Bump libclamav-dev build-depends to match. Checksums-Sha1: 477a2659eb34c87d9ced6c82be2ce2cfeff0edc6 1957 havp_0.92a-3+deb8u1.dsc 5bb6b14b187e40a367f9097a5697e2f7ecffcb15 121987 havp_0.92a.orig.tar.gz e55cdd107fcf658a17eae1be5d2fc1bb8966a07e 24476 havp_0.92a-3+deb8u1.debian.tar.xz c9a0ceafe4661da3191c082f4ba88ad6c8800a0c 133114 havp_0.92a-3+deb8u1_amd64.deb Checksums-Sha256: e852101e80a50e878b56652632a450e331a76428e3d619e8fbca41cad8002608 1957 havp_0.92a-3+deb8u1.dsc 0dec86390b5738184aa7155af0c66dd00a97476fcd7377bcec8f1f0bf50f0e9a 121987 havp_0.92a.orig.tar.gz 112e26c9337e87b64a9d15b985f59c8ba814306986a0686bc9fefc4f4c07901f 24476 havp_0.92a-3+deb8u1.debian.tar.xz 2dbcf6381166f8e4b5bc22650dcda9276ef102090ca2af8b641bd311ff91fc15 133114 havp_0.92a-3+deb8u1_amd64.deb Files: e808b06e917f1bc98458506576cb64ec 1957 net optional havp_0.92a-3+deb8u1.dsc f9a3746eceea579b9034c5fa8a69 121987 net optional havp_0.92a.orig.tar.gz 424768304fadb05a74b687dd661bb2ba 24476 net optional havp_0.92a-3+deb8u1.debian.tar.xz 5159f758112f59e44364da0f48c36753 133114 net optional havp_0.92a-3+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2fDAoACgkQEeMFjl5E GkIUnwwAkQG1eN6lFcnO/6I48sj7VEHosuPBx0kBgbvoyOH5PDxnuLK/uBcRCTgG vNs8RShKO+vkIbafYWDXn0S59gUnbRzo5Jjr7Sx4036FaIXUNQpLRzlPfQgiYLtT Tu9OwPnwHYdZ68vYSIg1lqqba2snJI6RH5f3itKmHIFn6mhl4yE6A+dMFMD+a4Fk TWADMFTygQQ0ZnJUVeNfdgj8oKn4SBX+lQymBYF9FIXbsrcXb4az1mL6I5Jg6A8A R5tpCqEuH/BK8bE/a5ez02vE+BLULADzByqs4fV0K1HF4yY1vEjopDIeYX8rqHHg ju3PJAR4d35wcd9Z7t3XjFO9SFhq+QX73XD3twPLZUfUIrJvxydhXLPFTdKDSU0Z 52RSC2LIG9rAEdq71kGDaYKnTX4yWKQObbtdfg8coIN3ilF23oFBs0b8GOBYRYIk J0JLbhgdgHifUhHXL/V6Ra9mL9Ujx3kLHsn70xcqMZyhpj3So/Fw14LPNrcvHDtz p/7uVws3 =hBUg -END PGP SIGNATURE-
Accepted c-icap-modules 1:0.3.2-2+deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 04 Oct 2019 11:03:26 +0200 Source: c-icap-modules Binary: libc-icap-mod-virus-scan libc-icap-mod-clamav libc-icap-mod-urlcheck Architecture: source amd64 all Version: 1:0.3.2-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Tim Weippert Changed-By: Hugo Lefeuvre Description: libc-icap-mod-clamav - transitional dummy package libc-icap-mod-urlcheck - URL Check Service for c-icap libc-icap-mod-virus-scan - Antivirus Service for c-icap Closes: 919814 Changes: c-icap-modules (1:0.3.2-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Security Team. . [ Hugo Lefeuvre ] * Install missing files /etc/c-icap/*.conf. . * Upload based on the stretch package, thanks to: . [ Sebastian Andrzej Siewior ] * Add support for clamav 0.101.1 (Closes: #919814). Checksums-Sha1: 3823d9bdec234c9c1dc4c34c0337e4e9037853d1 1984 c-icap-modules_0.3.2-2+deb8u1.dsc 98dd7b3bf40b8831e297ffa8c4e1eaf7cef57cd0 384788 c-icap-modules_0.3.2.orig.tar.gz a365a7eea4541db0251fbd952ba2b83d458affa2 5672 c-icap-modules_0.3.2-2+deb8u1.debian.tar.xz 452f03702ba6e12f781a685efc06f8c61b08614f 33986 libc-icap-mod-virus-scan_0.3.2-2+deb8u1_amd64.deb 456dfdc694725fd56f5a77abce8b56b9fa3e5591 3490 libc-icap-mod-clamav_0.3.2-2+deb8u1_all.deb 3820dda57c6e4c38d95a5fa070e63cfd31ce1092 27160 libc-icap-mod-urlcheck_0.3.2-2+deb8u1_amd64.deb Checksums-Sha256: 324fed5bb07b282bd1012c8d0b426e7ff9c6cb1dc1d1f04f91cbcb9a7853c8c1 1984 c-icap-modules_0.3.2-2+deb8u1.dsc e3472662687cf9fa37a496df31436924326e315920056a404f023ec5e852e239 384788 c-icap-modules_0.3.2.orig.tar.gz 5ed34f0c0ccae1376d935b6fbb3caec49b3d6cba765e6ff89d1de75c84e1f733 5672 c-icap-modules_0.3.2-2+deb8u1.debian.tar.xz 5483f316d133e5af7c50f82ddfca14a020924b4a6d7f58e4a8e091b858d7d6c7 33986 libc-icap-mod-virus-scan_0.3.2-2+deb8u1_amd64.deb f2c5cc2b7c353950a19ca099f69c1572586b72e283345daa012068f45231329d 3490 libc-icap-mod-clamav_0.3.2-2+deb8u1_all.deb d66d9fbbd642bea69916ccd3e9add34fa27d72d3260b74835720fa7d8be9a7c5 27160 libc-icap-mod-urlcheck_0.3.2-2+deb8u1_amd64.deb Files: d09b51a791509ff7232088cc63d830c7 1984 net extra c-icap-modules_0.3.2-2+deb8u1.dsc 25a904f98cddbcc7431b22720cd3996e 384788 net extra c-icap-modules_0.3.2.orig.tar.gz fec782f61b574b665943a0c1039d0b5d 5672 net extra c-icap-modules_0.3.2-2+deb8u1.debian.tar.xz 5beed0d1397058e8e35ebb32392bc390 33986 net extra libc-icap-mod-virus-scan_0.3.2-2+deb8u1_amd64.deb 30b37c43b81bffba6121b78a0c2de7ef 3490 oldlibs extra libc-icap-mod-clamav_0.3.2-2+deb8u1_all.deb 4b871c259974e9c99aa7c83b38957efb 27160 net extra libc-icap-mod-urlcheck_0.3.2-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQGzBAEBCgAdFiEEeDb9QWtkMa2LX4zREeMFjl5EGkIFAl2fCsEACgkQEeMFjl5E GkI60Qv/ThL3ZxOoF/m4PgcqD4dJDDIdAZtfSksloKwtZiW25YbfjFpRdQg7MMD6 6EAcQ2ueSMjMKt/LfHvjtsWAni01h+yudVufOpCkZulbqzQGWNB0urkP1YvsWH0h OIb9Epf+ti22K/sotjG4+cVRQ+e2G5h0aZSdRIm7kTltqD/hS6j3YK0z7/9gEwfr hjZyRb1/n+cqgEHvXC4gJpIuZD4VEwDYj/ZUwtZhxbQWeE9rDJtIA007zHE948Zi ow0KmSGMUOOOu5O/+W3ayUnH/9GOv4P6tVtAmI9EHBg7mogULJZsrSiwPo5d4RVc Blk6AHX2MsBzBuhUS4qbVaTYusBAd+W1bVqu4PV72PvOI5wPYxPdEVDHt29f2WhJ QbpSSkPcOea1fqGl44k6TSHh5NJ84WGDfdG8nbB/iBNNJs2ygCLZ0cg+jxMpmh+t kD9FBw0Yu/S2cSYzFeCjde+aiPTBuUXhd19KrLXraPBlnL/djWMbUuWDAD+q4kxF aGAeQSgB =gKQC -END PGP SIGNATURE-