date:20190725

Accepted patch 2.7.5-1+deb8u3 (source amd64) into oldoldstable

2019-07-25 Thread Thorsten Alteholz

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Format: 1.8
Date: Thu, 25 Jul 2019 20:03:02 +0200
Source: patch
Binary: patch
Architecture: source amd64
Version: 2.7.5-1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) 
Changed-By: Thorsten Alteholz 
Description:
 patch  - Apply a diff file to an original
Changes:
 patch (2.7.5-1+deb8u3) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2019-13638
 directly invoke ed to avoid quoting vulnerabilities
Checksums-Sha1:
 922020d86da7b6e5d7b62d7a32b5311b5b213690 2019 patch_2.7.5-1+deb8u3.dsc
 8fd8f8f8ba640d871bce1bd33c7fd5e2ebe03a1e 727704 patch_2.7.5.orig.tar.xz
 e57c41f99419c1c383970daba8bfa87c26f0e9e0 11976 
patch_2.7.5-1+deb8u3.debian.tar.xz
 95645de701a7c26d2d6fac200a81cf8c7a3e8b43 109418 patch_2.7.5-1+deb8u3_amd64.deb
Checksums-Sha256:
 473fdf97f57e584799c72150397562d16bb1b8aa728a299f3b3d8c90ab7c6c47 2019 
patch_2.7.5-1+deb8u3.dsc
 fd95153655d6b95567e623843a0e77b81612d502ecf78a489a4aed7867caa299 727704 
patch_2.7.5.orig.tar.xz
 fa8c2a0814ce98a4db137ea9859a60487cd5027bf259ae8d0a7b474a8d68791b 11976 
patch_2.7.5-1+deb8u3.debian.tar.xz
 4e6f715be6d28d53a9fc057b722ccd215018349b77eaf920bab27d7ba535e755 109418 
patch_2.7.5-1+deb8u3_amd64.deb
Files:
 5a5a2d599eb4a7355f106c455fc8ec70 2019 vcs standard patch_2.7.5-1+deb8u3.dsc
 e3da7940431633fb65a01b91d3b7a27a 727704 vcs standard patch_2.7.5.orig.tar.xz
 c703aa6f5e1fe39aee12bfb48abbce2e 11976 vcs standard 
patch_2.7.5-1+deb8u3.debian.tar.xz
 a3e33e6275011ee942c177bba78757fd 109418 vcs standard 
patch_2.7.5-1+deb8u3_amd64.deb

-BEGIN PGP SIGNATURE-

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl05+HJfFIAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR/SDD/9XdmkGaTomEIguXwiFJ4r1e7Hxo3iA
ujSAZep8Lz/KWNe/IfsZnxFJ6MYs14WwutTjQP1PBtrINXv/mpS5ZA+3a6omTI3p
jNtRhXhDCt6VHUDnOzjQcqcyhNYNlHTBxHeuQkRWACfJpgNqBe488fvZL/UQkcgS
vJ/zMJ6bPJQRN7VOuOFAgDhPOz0SrMpgyTiJFXXclo6IO/JwxnJZy4zwtmaJ6d+Y
gLNoO0Gze09AM4GtdoY5GdWAF9fgn1LIgIV9wPywIU/h8knbsCkyhek8yDDA2Knx
+/iJ5gD9i6x72ogZtVnLSTZYc9+NkgWtdryPAGnKuCb7WwImVRU5hqtxtv6A2gq6
WW1IUJwS4oJ+zK1JGGj17+k0/+MHNuuTJF+eX9dPpPR4VRCj/R0L0KanlVPHv+5W
JN9XexEQG9kPV92zxI89vq2mpL7nJih5/e+pp5sZx8dWZTsnPEMNkeRapN0HmOPK
Av8lOnAIYvBkmzlnrG3D+u4C2nMcj0craOIly6mhNPEgSX+nasK6c4Mj8NeVqfd5
zPIJXi57b0U8faj/9k2EVaNtVW6IpvWheCacfPkkPa5iiQIURIVDRZPZVXB3UvBM
v+Gtwg7ociUHfacfi70tsFsRmMqBIweJVSJoeTNksqlFphAoxZARIvjNx/D76La1
sRn2Ei5odNf1Cw==
=uh5E
-END PGP SIGNATURE-

Accepted libssh2 1.4.3-4.1+deb8u4 (source amd64) into oldoldstable

2019-07-25 Thread Mike Gabriel

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Format: 1.8
Date: Wed, 24 Jul 2019 23:52:01 +0200
Source: libssh2
Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg
Architecture: source amd64
Version: 1.4.3-4.1+deb8u4
Distribution: jessie-security
Urgency: medium
Maintainer: Mikhail Gusarov 
Changed-By: Mike Gabriel 
Description:
 libssh2-1  - SSH2 client-side library
 libssh2-1-dbg - SSH2 client-side library (debug package)
 libssh2-1-dev - SSH2 client-side library (development headers)
Changes:
 libssh2 (1.4.3-4.1+deb8u4) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * CVE-2019-3859:
 - CVE-2019-3859 (+ CVE-2019-13115): Correctly check key_state data length
   in kex_method_diffie_hellman_group_exchange_sha1_key_exchange() in kex.c.
   Avoid various signedness flaws introduced by the initial fix(es) around
   CVE-2019-3859 (regression CVE registered as CVE-2019-13115).
 - Add CVE-2019-3859-4_channel-c.patch and CVE-2019-3859-5_userauth-c.patch.
   Derived by manually comparing upstream security fix commit
   dc109a7f518757741590bb993c0c8412928ccec2 against what we had in
   Debian jessie LTS's versions of libssh2, so far.
 - This completes a series of fixes unfortunately only partially provided
   in earlier security uploads of libssh2 to Debian jessie LTS.
   Due to non-optimal CVE documentation and the manifold of upstream 
security
   changes before libssh2 1.9, it hasn't been easy to identify all
   necessary changes to fix the recent CVEs (2019-3855 - 2019-3863).
   Furthermore, for a non-upstream dev it has neither been easy to identify
   which upstream fix was for which CVE.
   * Add additional-bounds-checks-in-diffie_hellman_sha1.patch. Additional
 bound checks in diffie_hellman_sha1.
Checksums-Sha1:
 8d641aeee99e8b794f55e1687cb66e3f7e35911e 1928 libssh2_1.4.3-4.1+deb8u4.dsc
 b99bd9b745257afff48c4d57ffd6a84be817 20156 
libssh2_1.4.3-4.1+deb8u4.debian.tar.xz
 de3d5ec45b0e3d3e84d4b4f1471715c053bd4b30 128178 
libssh2-1_1.4.3-4.1+deb8u4_amd64.deb
 0dea0a00985e1b34de5b3a959d5921616b01f7e5 292814 
libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb
 88b785b3b63ea72d5aa8f84076064a71ef11cb4f 234494 
libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb
Checksums-Sha256:
 d1a376b374716428beacaea56183aa5e266dcb62541b4b92017315eecf379478 1928 
libssh2_1.4.3-4.1+deb8u4.dsc
 e56f275f519e4dd268684c9b64954913858768c1aeed490dd201638ef1e57c42 20156 
libssh2_1.4.3-4.1+deb8u4.debian.tar.xz
 cf343318fb491b04efc7fc02e545c477c03a5ae524fd117e150736db394ad46b 128178 
libssh2-1_1.4.3-4.1+deb8u4_amd64.deb
 820e93fd3f120ad794be81626482e2cc531c3d80aaeb75dfb0d95d0c70dd17e1 292814 
libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb
 10a77e1c552a65089aef2f5648bd1c167681b51390629e670896483d59b973c4 234494 
libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb
Files:
 95886648f8f3bb10dffaee8697e2a596 1928 libs optional 
libssh2_1.4.3-4.1+deb8u4.dsc
 3e640ffb7928640320fccaab24869715 20156 libs optional 
libssh2_1.4.3-4.1+deb8u4.debian.tar.xz
 188105456864a29804481c65a97a0ca1 128178 libs optional 
libssh2-1_1.4.3-4.1+deb8u4_amd64.deb
 dd779d89c0c7bf03b219c58ec4e7b321 292814 libdevel optional 
libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb
 3c9c2c9c9d0088fe9a482fbe83b4be3e 234494 debug extra 
libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb

-BEGIN PGP SIGNATURE-

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl058/sVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxyIQQAJHYrpCejc0FxeFLAKqG9wq8M2hw
2pFhG7OzTDXNHPsInOkJe1usgwoEuylI1dDwGcLIRK+T2UseWGwuEay1Nng4kMdW
xX5wP3VFt5AVgVgmOshZXJ0VK1lFdgMoyeJrUwiwS3a0QLUsabb/NosbT1yKS2de
N/jE3f7uc5qDjUmjvrlSBfAEDz9U3/S5B80F0T0SE472oApgdV37ft+wH8sTajDf
+XP9uQdxmkcwmyzjelKzsY3sAVt5v56R448ZAc+StdBsauogyMfvRTXiTKR2OMIJ
Jh4KnjvympgeA3QezRnN9GQ/z3dcPj1YV1LlB97V019uU6GUN1U1FSnDJTHVyRLH
2kqpZXgRXncYbBvROqUAUQkgwEcZb1pJ9jajPV5g3qzu5yP6TkoI1a0fxVAByJLp
bHSk9/r54rH56sHZelrsUHietkcKRV49bq/GPyQrwFcj1drO40LtvOwOFfQnqUNP
7LnAavCyXpSWBbyAU9tJKQSMHH8jvxG2dP5FvwH6bXLYEas1MoXZtruXfROmtX1V
JhY8wtXa3iKVbtuJFhVpWVYz+OimEn4AEDxB6DuviCkaySbtqX6fobsadJb1Z9ev
pCUx4oHixqtndcNZc1dKyfKh1Q5QecQ5pNSdv/FuPsZvj/T4cDa1maVOHNzfCwjj
RiwTc6XvfTL98nmw
=F2cE
-END PGP SIGNATURE-

Accepted patch 2.7.5-1+deb8u3 (source amd64) into oldoldstable

Accepted libssh2 1.4.3-4.1+deb8u4 (source amd64) into oldoldstable

2 matches

Site Navigation

Mail list logo

Footer information