Accepted bind9 1:9.9.5.dfsg-9+deb8u16 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 28 Aug 2018 18:03:02 +0200 Source: bind9 Binary: bind9 bind9utils bind9-doc host bind9-host libbind-dev libbind9-90 libdns100 libisc95 liblwres90 libisccc90 libisccfg90 dnsutils lwresd libbind-export-dev libdns-export100 libdns-export100-udeb libisc-export95 libisc-export95-udeb libisccfg-export90 libisccfg-export90-udeb libirs-export91 libirs-export91-udeb Architecture: source all amd64 Version: 1:9.9.5.dfsg-9+deb8u16 Distribution: jessie-security Urgency: high Maintainer: LaMont Jones Changed-By: Thorsten Alteholz Description: bind9 - Internet Domain Name Server bind9-doc - Documentation for BIND bind9-host - Version of 'host' bundled with BIND 9.X bind9utils - Utilities for BIND dnsutils - Clients provided with BIND host - Transitional package libbind-dev - Static Libraries and Headers used by BIND libbind-export-dev - Development files for the exported BIND libraries libbind9-90 - BIND9 Shared Library used by BIND libdns-export100 - Exported DNS Shared Library libdns-export100-udeb - Exported DNS library for debian-installer (udeb) libdns100 - DNS Shared Library used by BIND libirs-export91 - Exported IRS Shared Library libirs-export91-udeb - Exported IRS library for debian-installer (udeb) libisc-export95 - Exported ISC Shared Library libisc-export95-udeb - Exported ISC library for debian-installer (udeb) libisc95 - ISC Shared Library used by BIND libisccc90 - Command Channel Library used by BIND libisccfg-export90 - Exported ISC CFG Shared Library libisccfg-export90-udeb - Exported ISC CFG library for debian-installer (udeb) libisccfg90 - Config File Handling Library used by BIND liblwres90 - Lightweight Resolver Library used by BIND lwresd - Lightweight Resolver Daemon Changes: bind9 (1:9.9.5.dfsg-9+deb8u16) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-5740 The "deny-answer-aliases" feature in BIND has a flaw which can cause named to exit with an assertion failure. Checksums-Sha1: aa0e4dde0b1d234a57df91a01c96f9e5f476eca8 3624 bind9_9.9.5.dfsg-9+deb8u16.dsc ea05323d1d799fae970a7124debe297ef71f2cd0 7877309 bind9_9.9.5.dfsg.orig.tar.gz c77833ca8ac5bab642eab8607822867010c8196a 138716 bind9_9.9.5.dfsg-9+deb8u16.diff.gz 075d07269622441b69e90bbe72c0219828d199b9 340638 bind9-doc_9.9.5.dfsg-9+deb8u16_all.deb d8333daf85bcf10d6ea4c01dcd7e7cd7ea6595f6 24368 host_9.9.5.dfsg-9+deb8u16_all.deb 86a210940e42529909bb7a0b69e420d1cc753281 317320 bind9_9.9.5.dfsg-9+deb8u16_amd64.deb 85e23618e25f4f6b80e01eb958264cd20bca1bbc 168682 bind9utils_9.9.5.dfsg-9+deb8u16_amd64.deb ecb893c9760081704102583c5d5704e8a9b86a1b 68400 bind9-host_9.9.5.dfsg-9+deb8u16_amd64.deb 4ad7d71ac228f6696d86faa6b03b56fe79044ac6 1232568 libbind-dev_9.9.5.dfsg-9+deb8u16_amd64.deb 12c81a9489a8c039d67e56a26a772e2661d258e7 44162 libbind9-90_9.9.5.dfsg-9+deb8u16_amd64.deb 8157a3e93d39de6766ca9e249257c09cdf1ad2ef 681720 libdns100_9.9.5.dfsg-9+deb8u16_amd64.deb 06a05956e2900b8bdba2fd5649efc452e4738ab6 169548 libisc95_9.9.5.dfsg-9+deb8u16_amd64.deb 13611403bd0271e462770e0f63f3a080c5358ed6 53918 liblwres90_9.9.5.dfsg-9+deb8u16_amd64.deb ab42ef59ce05ba9fbd8587e895cdebe1f075397d 37424 libisccc90_9.9.5.dfsg-9+deb8u16_amd64.deb de643c8b0d2d25ac819e3541c5726def6aa390ea 57942 libisccfg90_9.9.5.dfsg-9+deb8u16_amd64.deb cc57cedfc229a52dc4174b6c059eb4d5d63940df 119808 dnsutils_9.9.5.dfsg-9+deb8u16_amd64.deb c067e21c3d1516f28be1c35cd6def3d9852b5aeb 233072 lwresd_9.9.5.dfsg-9+deb8u16_amd64.deb 7087bd86f20546a814451a3a749b5925dd3f308e 830116 libbind-export-dev_9.9.5.dfsg-9+deb8u16_amd64.deb 41dced45f1da2559e744a9a48a17dc566c1a8ef0 456852 libdns-export100_9.9.5.dfsg-9+deb8u16_amd64.deb 05654280a43aaf2754fff6cf3fca560c08038db3 434708 libdns-export100-udeb_9.9.5.dfsg-9+deb8u16_amd64.udeb 1d3f4249f60a9fbef04d9e181ff66a9cc4f99e80 141150 libisc-export95_9.9.5.dfsg-9+deb8u16_amd64.deb bb98a8a736c61c6928739f3a9562be5dadf75ebe 117380 libisc-export95-udeb_9.9.5.dfsg-9+deb8u16_amd64.udeb 1c5ead3a5b068ecaab3d79be5b998b254371658e 41520 libisccfg-export90_9.9.5.dfsg-9+deb8u16_amd64.deb 9de2632361be23d13d4bf3a7f95b10e5aa5fc154 17656 libisccfg-export90-udeb_9.9.5.dfsg-9+deb8u16_amd64.udeb 39807958a0aaa1ae525e339ab3c9058e4de25e99 39276 libirs-export91_9.9.5.dfsg-9+deb8u16_amd64.deb 9f669e2e650d8b8efed5a26589012c1f95907d4f 15360 libirs-export91-udeb_9.9.5.dfsg-9+deb8u16_amd64.udeb Checksums-Sha256: 76b3a3fd54dfc77c2b9982b7eae28437529c229b6076ac214ee39c659125ffb4 3624 bind9_9.9.5.dfsg-9+deb8u16.dsc 8108e01d5b501642d986beae7dfff9650b5bf54d87677275a8aaf4f0bcb008e6 7877309 bind9_9.9.5.dfsg.orig.tar.gz 8b0e9215332f39854856246939202f4d63eb69aeb9316037f55df582db058c33 138716 bind9_9.9.5.dfsg-9+deb8u16.diff.gz 0a679baf3bf24b3263cd6673a9145bd0b3515208279e1a52fd496ee451b8f7cf 340638 bind9-doc_9.9.5.dfsg-9+deb8u16_all.deb
Accepted 389-ds-base 1.3.3.5-4+deb8u2 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 30 Aug 2018 16:40:44 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg Architecture: source all amd64 Version: 1.3.3.5-4+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian 389ds Team Changed-By: Mike Gabriel Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols Closes: 906985 Changes: 389-ds-base (1.3.3.5-4+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-10935: Check if the we are able to index the provided value. If we are not then slapd_qsort returns an error (LDAP_OPERATION_ERROR) . Fixes: Any authenticated user doing a search using ldapsearch with extended controls for server side sorting is bringing down the ldap server itself. (Closes: #906985). * CVE-2018-10871: Set nsslapd-unhashed-pw-switch by default to 'off'. Fixes: By default nsslapd-unhashed-pw-switch is set to 'on'. So a copy of the unhashed password is kept in modifiers and is possibly logged in changelog and retroCL. Checksums-Sha1: 4217c76d6af70a24a966a6d8adfda494aed58beb 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc 2897b418f04166b34c701155a7b62357d98c9272 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 9d7d1af739203b1460f3ec583dbd621a75cf02fd 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 80fe90f6ba1f4db7b0f5c27ae8c1d3954ccfe9ed 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 67381a9a2b0d0109717ba8b5e596f7bdb193602f 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb bebce1d084971bcda14d53caeca8c205a9311c5a 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb f935135d1de21fe8ee7608836d12e9d52384fdfb 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb bd77312010bb9ddfc32127a17017abe861468f5b 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Checksums-Sha256: e67800084a9615523a31dc04306b30eb075f3aef6ba6f46db803d87fa88cd4ed 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc bde8c7a7170960f4a5f53f0a75e4fe532194fdcdaf2c0d37a2b7d65d986d5da3 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 1eaa2b2d8244f44131a583b6e83a29c5f76f1add6178ae2f7078b45256f34115 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 2f4dac3301e033ec29a16ba33875be780d2056866e2a1ec1ac1a0488328630e2 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 9a584b495818cd498870bc2c4dc1ce682147429a780e2f089730e008d2e83018 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb e33e5561240cc757f10c20af38e2d7462b67c1df59e0ad72edf2691c70a29b26 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb 40d88b201f1123a93c394f4a7eca96c6e67f262ee53571bff6a0a3554cfaee2f 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7a047fb06154f1c0eb7a8836ff160cbd0c10ab032516d18a1f973da852693f89 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Files: a04a8814c0a7ed4e1d153ce6c99f3c7c 2667 net optional 389-ds-base_1.3.3.5-4+deb8u2.dsc 841eaac26a5e618806ff414596b003e7 34856 net optional 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz d36df017cf42ac74a375f0ea8f1dbd38 16118 net optional 389-ds_1.3.3.5-4+deb8u2_all.deb 5129f83e3cd37b39c0c171cde0d1828c 387850 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 5ef0349745cb6c59e9b5045b3836b564 1283148 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb cf93a0c9156ae41460881dbfacd8082d 69502 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb afa5957497585a9dd4d36d1e8371673f 1460054 net optional 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7954351a44eba927fd7b00788b03dfa1 4181384 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJVBAEBCAA/FiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluIJvchHG1pa2UuZ2Fi cmllbEBkYXMtbmV0endlcmt0ZWFtLmRlAAoJEJr0azAldxsxODkP/0YAzcfC9jUd YK+F+xm86sVXkF3N8iLUahj1CfyAs4mFiGBlyqHdASZ0CPoN/lLx9rFB2y7uUJtI L/eylItucQLqq153enDRinAYHVpRX7KBj2DKHasnKIKAtoNiqCtVP4pKHy9yJvfy KhDdc5QZRQNIxHKieWgH0LFJwboL+da0pHp3N7Sj3AoEUGSXPVcFgREFKj4Eoh0P kQPjusHA7OT9LSGtsD0g07wSdvfHHmpkned+im8J27bLYario6Ia1+UAYLXBxBag m1whQ1a9NsXaNmA+KsDIXjDIKfEBDnyC9nH916XsTmBPMH2RilFYidrjWElllmDG pgydAplRNrtD76i60St6CCd76jNluozmwOGzB6DWzxUMzMf1ciWpkwFsrCRlXPbP o+xyB3g698xJN5AcY2OGU7CcDkCtGEGPIO89e+delfi8tddKKUMPzDrYjIKLLmeF T1giEw6YoyyRcTIMDW3axbr6pOUQVxDyi7aSm7eU+joN0GY+aIeo2I/g7L0nb5Ze M9Wlg/72lAmoGyPBFJbyjaI1HsWxc1LxlIT1VMvXG1egRhvfqwP5S76R9aUL5TYu veGLUdOm7kl++NoXHU3lOTqZXsmL6wEiOGG065rtD4yo5QRhwBOI90v1JnRuIP7R crBJ4oTVv3qwXm/iIjHpdYNcDkWRfmRG =sVSD -END PGP SIGNATURE-
Accepted squirrelmail 2:1.4.23~svn20120406-2+deb8u3 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 25 Aug 2018 22:06:19 +0530 Source: squirrelmail Binary: squirrelmail Architecture: source all Version: 2:1.4.23~svn20120406-2+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Jeroen van Wolffelaar Changed-By: Abhijith PA Description: squirrelmail - Webmail for nuts Closes: 905023 Changes: squirrelmail (2:1.4.23~svn20120406-2+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Debian LTS Team. * Fix for several XSS vulnerabilities CVE-2018-14950 CVE-2018-14951 CVE-2018-14952 CVE-2018-14953 CVE-2018-14954 CVE-2018-14955 (Closes: #905023) Checksums-Sha1: 12ee9606bc5d8525a042bc7bfd8de81a4931bf56 2031 squirrelmail_1.4.23~svn20120406-2+deb8u3.dsc f895e7977300dd404babc616fa0f6c572a49e197 662295 squirrelmail_1.4.23~svn20120406.orig.tar.gz 77698ffd3ee2d65650ae3a85ec780df8a4571f68 35712 squirrelmail_1.4.23~svn20120406-2+deb8u3.debian.tar.xz c67e8d9d91e303fc963801818e05def94ffa70cb 497398 squirrelmail_1.4.23~svn20120406-2+deb8u3_all.deb Checksums-Sha256: 090f319e3e7d5a94e84030571c2d30a6220c4ba8c79c8dc0f36a96ec20a88164 2031 squirrelmail_1.4.23~svn20120406-2+deb8u3.dsc d28afee95f2341d80bcb74911972b7cd8f5d22c7dc3cbe983cf2002e81aa1337 662295 squirrelmail_1.4.23~svn20120406.orig.tar.gz a8a35450361a23c30a3dbb184f329f52b889ad4dbd6c5a3b308f470dbea5e757 35712 squirrelmail_1.4.23~svn20120406-2+deb8u3.debian.tar.xz 5b54b985452a4541f6332ab51c28c26e3c0015c2951b602db415c29420ac2c1b 497398 squirrelmail_1.4.23~svn20120406-2+deb8u3_all.deb Files: 6f07235530825e0589ab8ccd3b41a143 2031 web optional squirrelmail_1.4.23~svn20120406-2+deb8u3.dsc 19446dea9c11a4130ac34f6004d64e0f 662295 web optional squirrelmail_1.4.23~svn20120406.orig.tar.gz ad7c114aa936e082452df19b24067efd 35712 web optional squirrelmail_1.4.23~svn20120406-2+deb8u3.debian.tar.xz 0edbdd56dedffe72c139268e1949b4d3 497398 web optional squirrelmail_1.4.23~svn20120406-2+deb8u3_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAluIEPsACgkQHpU+J9Qx HlhQvQ/8D9/vI/rSIM62jWEWJ01OG/HzUOtammEL7LTEivTziYN0Pessfub4u18b 24jidn1rEohTF6UskZRM7nc4vNMfoYx2TVeMoBybTL0zHsBZxRhHohsKqK4xCPXw OAdgxyTdJhiRtk1ECIy1CP9jDO4AaR5lykRdCY7FJ6OW9ziQ7ULRxO7O2N7pB1VX 9ZLNUblWs3UcjGbytO6ev98GqAZL9j8XrRNzAWUHRwVO6ZLgrDoOJaRzTkyaqdrj Ri3943eCf3dFCmQh0fkdw/XyhBTygRQxyuJWmb5TooUjpf1XDZVP+d7oxQtgBwon P8JvIb/ImpLg+0kDYb74g8uuV4/K+UaMfQgYVPvBYV4FVxxLCOVzzvmUfM/0PUoi bsMm7t1fc5aReqYzN4xrb5rEdo9bUA+dST3xTVoWgqkCMAkNKKjQshyvMvZtIke0 j2PpaQtHobl8R+y9Cpv4kYWT1WApGNBQBXwhWXu2JrpunG2hr2wb87eHWGUejxYr Bdyq899CI0onBn0MZIsjjeKSorkjiSD0CQtngs6StBcCewAJCbOH7O7XMCIoecvo QzE4s+RT0Mqbsoei88FaW9HGBmm/akC2XUYLtkCx2IAbjHwzyD9n3xM51VjjFaw3 eEx/KjCI6nS87xqy+3PH3jteF/jrOMTFjlC0glvIM+yIZ3UHJtI= =ZiID -END PGP SIGNATURE-
