Accepted linux-4.9 4.9.189-3+deb9u1~deb8u1 (all source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 30 Sep 2019 15:49:24 +0100 Binary: linux-doc-4.9 linux-headers-4.9.0-0.bpo.11-common linux-headers-4.9.0-0.bpo.11-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-0.bpo.11 Source: linux-4.9 Architecture: all source Version: 4.9.189-3+deb9u1~deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Kernel Team Changed-By: Ben Hutchings Description: linux-doc-4.9 - Linux kernel specific documentation for version 4.9 linux-headers-4.9.0-0.bpo.11-common - Common header files for Linux 4.9.0-0.bpo.11 linux-headers-4.9.0-0.bpo.11-common-rt - Common header files for Linux 4.9.0-0.bpo.11-rt linux-manual-4.9 - Linux kernel API manual pages for version 4.9 linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches linux-support-4.9.0-0.bpo.11 - Support files for Linux 4.9 Changes: linux-4.9 (4.9.189-3+deb9u1~deb8u1) jessie-security; urgency=medium . * Backport to jessie; no further changes required . linux (4.9.189-3+deb9u1) stretch-security; urgency=high . * vhost: make sure log_num < in_num (CVE-2019-14835) * ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit (CVE-2019-15117) * ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term (CVE-2019-15118) * [x86] ptrace: fix up botched merge of spectrev1 fix (CVE-2019-15902) * KVM: coalesced_mmio: add bounds checking (CVE-2019-14821) Checksums-Sha1: 9e4c19a3ed9e6f4e18905657efa747fd3fa7f27b 15751 linux-4.9_4.9.189-3+deb9u1~deb8u1.dsc 7b05c2c621c331b58e03d0cbf04ef8e00134af7b 2028376 linux-4.9_4.9.189-3+deb9u1~deb8u1.debian.tar.xz ac279987526e87d7e435c2ec5fa0737b76b67abb 7710232 linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u1~deb8u1_all.deb 9e82b2116834a97c72ebd31dad9e6b94bba8f59d 5767012 linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u1~deb8u1_all.deb 871f7d26d3b75c64d0a9a8996ebaabb157e0f719 708822 linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u1~deb8u1_all.deb 11c626f31315c40596d1af934d0f2d631151c667 11442010 linux-doc-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 0edc3f35e4627e54c87140507dcd6c809303843d 3247976 linux-manual-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 01b6f488f8c7fa0340dc9f5e98112ee76c1ac925 96898772 linux-source-4.9_4.9.189-3+deb9u1~deb8u1_all.deb Checksums-Sha256: 586342ea99969ffa7f56b13e48e21746013846b89606d26dfd0c41a11b8f7b54 15751 linux-4.9_4.9.189-3+deb9u1~deb8u1.dsc 02a6ed85333f832354f4b3191e0294dedf85b49ae6da7e9bb968635b4a7962cb 2028376 linux-4.9_4.9.189-3+deb9u1~deb8u1.debian.tar.xz 2da03ffb13d9e04892804252f7d30fb4b4020f8d5072b2902cb1f0014034b32d 7710232 linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u1~deb8u1_all.deb 8b72a01f9592e0f598262f476de2ae3757d68f30118c2f770379ce89af6e931a 5767012 linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u1~deb8u1_all.deb 7ae0f150fd31345d3ad01f8a404d1df2db59456601839ef45b3b9e07f5c1751a 708822 linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u1~deb8u1_all.deb a3f79c3277d1f42dad825a6478b25d8e1cbe9f01d9853f900f0ea7cda5229148 11442010 linux-doc-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 90f41f355e3da98f6c2f52d1f1cda354b4efa6a42c5135406c959e3efc66e2e9 3247976 linux-manual-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 7038f703b34f38431904d46b52e41c2d906120c0b8c1fa1f69589e40f8ec0880 96898772 linux-source-4.9_4.9.189-3+deb9u1~deb8u1_all.deb Files: 354af74003a39f10f78737f3491ad597 15751 kernel optional linux-4.9_4.9.189-3+deb9u1~deb8u1.dsc 99f64ba83e17682b16dc6853e173a240 2028376 kernel optional linux-4.9_4.9.189-3+deb9u1~deb8u1.debian.tar.xz aa9dd83c2fec34dee0ddbe34c977f37b 7710232 kernel optional linux-headers-4.9.0-0.bpo.11-common_4.9.189-3+deb9u1~deb8u1_all.deb 23f7ad7461dc0e3e3ab40a71d8a4fc76 5767012 kernel optional linux-headers-4.9.0-0.bpo.11-common-rt_4.9.189-3+deb9u1~deb8u1_all.deb 026b0e008f16add0deaf2f21bee5aa1a 708822 devel optional linux-support-4.9.0-0.bpo.11_4.9.189-3+deb9u1~deb8u1_all.deb c93adf547e751acc5e38b873999ccd28 11442010 doc optional linux-doc-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 28cb1ddad73cbddfbf781f2869df481c 3247976 doc optional linux-manual-4.9_4.9.189-3+deb9u1~deb8u1_all.deb 4e3d8ea064acac893212967b11966c9a 96898772 kernel optional linux-source-4.9_4.9.189-3+deb9u1~deb8u1_all.deb -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAl2SulcACgkQ57/I7JWG EQkLfRAAq3ZSFFtAd1jwW2d8OGLxbIBRyHujQIRxKD8t7n51GOLIv3z/rGUPNKo+ 3BT26swlp7JppB+L4bvFlG/+MGgFYMXMaUe76e67oMc3e99OsavfUJ08LJoQ9Ctq YnHfvGAdofYXtYVQrkTIRG5K1++CF7lYGv6x2JBAszaI3NI9aICCESo3+X7+9rdl WrUOLF+FfnlG5sCkE0Eqm5UnwkVdMVcaqskS3Utnz4o7TtIzjnHOUuiq60g5SIs9 03DBmEugESqKzjFBYr2xKYbw5TAQVzOiS1pewE0ubLfU8m+qe6yLxGG5dKcY55tO IgpUJYqzvH8hBE85ZlcvgHx8+dFhDOO7VmIX/P+MVQ+VuSr6UDGqWSWV9KV6K8hQ DLYsdN0vyJEwk3uP3Zqrl5HBFNj+AiukvuRNoQZPD9ODGAomWgTDZXkBuvbmpe+P nUMvYIY3zqEZHs4SRE9IxsB64naqYEiLwAAT5WU2OYs40jjoTrVNhfABtT8yAV84 w22s5I52lYudCsJTznYVOBaElUttxcBNNvIq2RacC7tK7XD91tSxqfmIMgrkIGwI
Accepted phpbb3 3.0.12-5+deb8u4 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 01 Oct 2019 00:58:32 +0200 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.12-5+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: phpBB packaging team Changed-By: Mike Gabriel Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Changes: phpbb3 (3.0.12-5+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-13376, CVE-2019-16993: includes/acp/acp_bbcodes.php: Check form key in acp_bbcodes, and check form key no matter if submit is set. CVE-2019-13376 has been a regression of the fix for CVE-2019-16993. Checksums-Sha1: 6d6d9affe388f4d8510eaeacee4cab9a8975cf5e 15438 phpbb3_3.0.12-5+deb8u4.dsc afbacef7b089b24a718f06a84a7f437747f80889 99052 phpbb3_3.0.12-5+deb8u4.debian.tar.xz 459eef08644bda4ed4ea0f3022f36710980cffeb 1484840 phpbb3_3.0.12-5+deb8u4_all.deb 8c9a24e851be7bcbd2cf5a9d1cd14b3bd1c2bc9d 5731834 phpbb3-l10n_3.0.12-5+deb8u4_all.deb Checksums-Sha256: 9c05add1960763674d5e56eb453525f9c7389cc7e1ca7cb030a495b81e009440 15438 phpbb3_3.0.12-5+deb8u4.dsc bb5752e45f148bf77b36151c2f951845b504c0510f7b909cb94a718186e7bd5a 99052 phpbb3_3.0.12-5+deb8u4.debian.tar.xz 61d04be8d0925a2d6f589fc843c85c3b1260ef645eede899edfbacd369603d49 1484840 phpbb3_3.0.12-5+deb8u4_all.deb c2843bb96ea06b487bb118ae3cfb8055308c04b5c1220b360f40be91040cec1c 5731834 phpbb3-l10n_3.0.12-5+deb8u4_all.deb Files: 967f06cb7ca3439989e9ba9d5e308d46 15438 web optional phpbb3_3.0.12-5+deb8u4.dsc fd97298982c26125b9009b225b0df4e9 99052 web optional phpbb3_3.0.12-5+deb8u4.debian.tar.xz 02a4f62f077642a74737e6c49451266f 1484840 web optional phpbb3_3.0.12-5+deb8u4_all.deb c3d35ae8ecf02f4ab3c8895bc7d0f3b7 5731834 localization optional phpbb3-l10n_3.0.12-5+deb8u4_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl2Si1cVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxroUP/AhZFBvugq12tb3/S6l2g40YSe42 mrhjgf6VkNfrfJYw92uvGMgtIJOcxVtWnAqhpwd8KrD/WasTDwHV1xtJEBsZv0G/ 1jC4ItJy9NrIvBdUTQRFyHPZ6EbV451bynXnCoOjTCMLHFUSOTHrRxg/sm3lFoX4 jtPgxqOcQAV8rl5UdU7Wcvj1+3L6FdpBSeyZ0PZDsyipR5YaCahiC4szYAbIaGSv GYKW0G4q/DHiqLwmJiBLOY7bjVUdGRFXf+8HTnQ0+ERMYsfDZVQco8e/jPF12gfZ QAy7jpW3XFduJ9Ff2cb9zsfPDPje5imAKvzW2jYyW9seU3CJVPheAjNSoZZmZmSD RlNust9sWFjt7CjLIPe6ATflOzzFgvGrKigV0dtWv0FklTtCcvWwEvsD4N/oDl8c M6mc1k67O3jE5BsnXs+4KXpwqTnaGb1EOTPcH4yyYR/9fysfwXIfid7McdtfEwo6 MtyvhpkDM+viZ89rWUmxi8DVnyHjWzsDxUDprZFo3l+FnoOc6nqs52t3+Ji0AtgY yZP8J1/1s/y5cidt2MIosRUDcjuAlPYqiw5rAiRnb4aVdqBA44yU+8ws1bRasRHn l6hCR7+/KNqWYjZGK82VSCNmzmWuGsCKr1fQW6nliETVxKPiPXZq8suSOWrtV9vH 10XRyXFNfg/ApBbJ =/g1M -END PGP SIGNATURE-
Accepted netty 1:3.2.6.Final-2+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 27 Sep 2019 15:13:36 +0200 Source: netty Binary: libnetty-java Architecture: source all Version: 1:3.2.6.Final-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Chris Grzegorczyk Changed-By: Mike Gabriel Description: libnetty-java - Java NIO client/server socket framework Changes: netty (1:3.2.6.Final-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-16869: Correctly handle whitespaces in HTTP header names as defined by RFC7230#section-3.2.4. * debian/control: + Drop 'DM-Upload-Allowed: yes' field. Not supported in jessie anymore. (The netty src:pkg never got updated during the jessie release cycle). * debian/build.xml: + Enable deprecations. Fixes FTBFS against OpenJDK in Debian jessie LTS. Checksums-Sha1: 3b1e928d0b9f1aebfccae2866cfe9b41cee8699b 2256 netty_3.2.6.Final-2+deb8u1.dsc 7f827bef533e48d7de9cc8d4f8d77e4f9fef3668 616765 netty_3.2.6.Final.orig.tar.gz 39e0f837a4d708c9e87716628920ec812843c604 6728 netty_3.2.6.Final-2+deb8u1.debian.tar.xz ae5834dad673a8943c6649701731da5bed0c374b 662648 libnetty-java_3.2.6.Final-2+deb8u1_all.deb Checksums-Sha256: 47784bf99b746fed7eb08e0b0c5a3855a9f94cee860ef5e0758423d00f6cf7c0 2256 netty_3.2.6.Final-2+deb8u1.dsc 49a4097ea1575934521c375acfe7aa1f497a4d450df33c6f5273f63c951d9726 616765 netty_3.2.6.Final.orig.tar.gz ca3de4bff95ecefbf0d1bcbf3340e091431da3d9de2f0bbf0db1c97617f17cc0 6728 netty_3.2.6.Final-2+deb8u1.debian.tar.xz 1ce6d7a491a1aa878c6a79b3f9e2e630bacb8554140211c4be4312b6417943ee 662648 libnetty-java_3.2.6.Final-2+deb8u1_all.deb Files: 087f8d6dc2815ce4f528118257a3c44c 2256 java optional netty_3.2.6.Final-2+deb8u1.dsc 60090b47433147396031b28ee50de4cc 616765 java optional netty_3.2.6.Final.orig.tar.gz 641d92730fd122955260c32694d866a6 6728 java optional netty_3.2.6.Final-2+deb8u1.debian.tar.xz 1ffa8b36d5d9135df5d686c4a3fe84f7 662648 java optional libnetty-java_3.2.6.Final-2+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl2SbwsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxJKAP/RM97yz4jxFDxEgAO0WGtDp4LVaS QkZ6w6Q8YrAaWup4oP/a4e0lJazhi4MYXziE3GzGNoCn2Nyu7PGCg9/XcH+Kd+vT 5QGmyILSqLhDtgPHl23BJ01wt7k8q53gf6k5xGS1c69IFeduSOXwTEsTHopMGwPT dHaFdeX8Job2RNs07qjaQSxQ2lH26gWXQDyg08hy3ZF4wt6VWFMIrVdQg+xL4mPa /cRsFBuVOhYRdAwbTeY4jISxeSvMTpsSxJXNefTnumTbCCcdkCgXwKN/IbgLLBnp P1E/FyiUFANx2pZ6p/P60VP1/x2t29sU2JVKXIdcwleDehyGEzsSpnbcKqRGZywg i+nLTbBG8Ar04dssIPQwWye/IV8LY4UeuUSzm/3OcD6BbC5g6FYYhL3YKh+9EDAC EVIot0uVTtiYvBXd/+dObsskl6WSlV3S2O5eqDanXeLY0tV5Uhs1d2Pos+a10TDX Xx430x9A/q0WS/4UMJh26pqIg4Qy2B0ZIiMRBZL/4dq5FPbfENgezm4pUNFQKVef vnVp1wDJG5FDao0tgOWPGP88eFxqkEk0Rj3L1qbZYGgg1+64T7YoFrZyA99zxOyw q5LUNLsOvEREvMMCXTyOUwbHUi4dho7MU0f5luT47J0jwDc/TVqMGPrkPvknI+2u n3gjPEuP4TrXstBP =xJrL -END PGP SIGNATURE-
Accepted poppler 0.26.5-2+deb8u11 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 26 Sep 2019 19:13:02 +0200 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u11 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Thorsten Alteholz Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u11) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2019-12493 stack-based buffer over-read because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions * CVE-2018-21009 integer overflow in Parser::makeStream in Parser.cc * CVE-2018-20650 denial of service due to the lack of a check for the dict data type Checksums-Sha1: 9155a17eb9fe8a7e43141e40533fff6dd5338c44 3465 poppler_0.26.5-2+deb8u11.dsc 12937666faee80bae397a8338a3357e864d77d53 1595232 poppler_0.26.5.orig.tar.xz 05b77095ee2fe0d819a0dee3b6dd267c18c3f98c 47584 poppler_0.26.5-2+deb8u11.debian.tar.xz 6be77790a8ed91ae629d557eb29a981301d37d3b 1213966 libpoppler46_0.26.5-2+deb8u11_amd64.deb 0f07ff8700ec7c8d3ebf9162e0ecb5bc0d360986 768402 libpoppler-dev_0.26.5-2+deb8u11_amd64.deb 87dd3b5dbc4198651a0b83edc9c8ab500f91 181534 libpoppler-private-dev_0.26.5-2+deb8u11_amd64.deb c111f3314a4879e870020b6b46d4d45f48c7c9aa 122676 libpoppler-glib8_0.26.5-2+deb8u11_amd64.deb 7e8517b0514b1eaae8814a0d15f3b398aa1656b8 164584 libpoppler-glib-dev_0.26.5-2+deb8u11_amd64.deb f2d6056a6f8b2285fa4431d2a7f0fb8357fd9752 86762 libpoppler-glib-doc_0.26.5-2+deb8u11_all.deb a979aa07959e7f6f02bd99db90fb0be8a450dc44 35264 gir1.2-poppler-0.18_0.26.5-2+deb8u11_amd64.deb 89156edc3b832d732ccb07c4eca20a281a5d6063 128756 libpoppler-qt4-4_0.26.5-2+deb8u11_amd64.deb 8dc0050856caab3c3a58774498adec553e3ee3cb 159692 libpoppler-qt4-dev_0.26.5-2+deb8u11_amd64.deb cceaf9e00b8feda9f7a8f69d6d22ac222030d876 132966 libpoppler-qt5-1_0.26.5-2+deb8u11_amd64.deb 4ba352f2525c1c7e7c0a7facc22ae2c7e8364b8d 166438 libpoppler-qt5-dev_0.26.5-2+deb8u11_amd64.deb c8284f829eba99fddf84ac2e7ac609f2f1662a40 45768 libpoppler-cpp0_0.26.5-2+deb8u11_amd64.deb fc560e84ac008add0aa176a469257ae585ec8688 50252 libpoppler-cpp-dev_0.26.5-2+deb8u11_amd64.deb f1f1bbc914aa734657a901146f39ac5eed338d33 141910 poppler-utils_0.26.5-2+deb8u11_amd64.deb 478a4d92d2b4d492333173a4a3290b01b2c5ec05 7684854 poppler-dbg_0.26.5-2+deb8u11_amd64.deb Checksums-Sha256: 3ba446c14cea36932a8b18953bc4a247f40958dd599a78aa0e4767be794377cc 3465 poppler_0.26.5-2+deb8u11.dsc de7de5fa337431e5d1f372e8577b3707322f1dbc1dc28a70f2927476f134d1ee 1595232 poppler_0.26.5.orig.tar.xz e690a293978249f8c5dfe880605caca2b9a7e551679ef8a2221184f0305ae04e 47584 poppler_0.26.5-2+deb8u11.debian.tar.xz 42537ca68efb23fe56c71d19e6ce32a5f71292ade52a327979c557164b2b2959 1213966 libpoppler46_0.26.5-2+deb8u11_amd64.deb 8e23092eeebe020b5befd670ae1542a8e5619f7959a380b8fc58eccacdefba18 768402 libpoppler-dev_0.26.5-2+deb8u11_amd64.deb f22858cd358cb009795e6e40eaf1c3d4a6f158410a10a91e748f730e90e0d10b 181534 libpoppler-private-dev_0.26.5-2+deb8u11_amd64.deb 6ec9dc85b7fe944fe306b42637c79912d89e501231851bc284d9f519e8a28fe6 122676 libpoppler-glib8_0.26.5-2+deb8u11_amd64.deb 9751b3fbc4940dbeb952fc332016e1edae588483f1dd0773f3edcc09c340ff28 164584 libpoppler-glib-dev_0.26.5-2+deb8u11_amd64.deb db73bc41d4906a09e0604cc586c1630f269afd4b523211a84b6229208ec60eb6 86762 libpoppler-glib-doc_0.26.5-2+deb8u11_all.deb 24776b844965dca9bc76c1e559734cdc65e78357ca6ba7fa701fe37aa4df2205 35264 gir1.2-poppler-0.18_0.26.5-2+deb8u11_amd64.deb bb0d2f0859452e2092ec255d3bb2a859baea3e817edb6c4b98097c07ef549984 128756 libpoppler-qt4-4_0.26.5-2+deb8u11_amd64.deb