Accepted mongodb 1:3.2.11-2+deb9u2 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Aug 2020 14:21:40 -0400 Source: mongodb Binary: mongodb mongodb-server mongodb-clients Architecture: source Version: 1:3.2.11-2+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Debian MongoDB Maintainers Changed-By: Roberto C. Sanchez Description: mongodb- object/document-oriented database (metapackage) mongodb-clients - object/document-oriented database (client apps) mongodb-server - object/document-oriented database (server package) Changes: mongodb (1:3.2.11-2+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2020-7923: A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. Checksums-Sha1: 01e3c68a9229726a393b69b6a657c35c9f16dc9b 2697 mongodb_3.2.11-2+deb9u2.dsc 41309911fc18343ee8e8716d7b3f0f69c1f8983b 30179788 mongodb_3.2.11.orig.tar.gz 868cdb9ed01921717a89cbf901a7c23addb87d30 43424 mongodb_3.2.11-2+deb9u2.debian.tar.xz 45c1a9af35e260b74c0c13e2924f34d43cb01e79 9421 mongodb_3.2.11-2+deb9u2_amd64.buildinfo Checksums-Sha256: 219a5a14a1e3281d1560bca15094457109abe7e1eb1f1aa7b0f184bde5743cd1 2697 mongodb_3.2.11-2+deb9u2.dsc 61a2bb035e08124804efc70f959a894ab7910f663a4d3d8a7de1aecdf2062014 30179788 mongodb_3.2.11.orig.tar.gz 51f86852d96a627152b4cf025fb5c446f8cf2d0a74d33426318529403e1d1578 43424 mongodb_3.2.11-2+deb9u2.debian.tar.xz 0c5d80d4b6ff30830d229f1141b8a3e9e78fc3ef6c69214eb409f75809e27bbb 9421 mongodb_3.2.11-2+deb9u2_amd64.buildinfo Files: b4202d45740853a409e8cadf75e06cca 2697 database optional mongodb_3.2.11-2+deb9u2.dsc 7c06e856fa32e5461f9d88616bc6f36f 30179788 database optional mongodb_3.2.11.orig.tar.gz 9cedc98690b122e3528faa40168bc3bd 43424 database optional mongodb_3.2.11-2+deb9u2.debian.tar.xz 43b2b32e25630bd28aad66bbd1bbf3ab 9421 database optional mongodb_3.2.11-2+deb9u2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9EFBgACgkQLNd4Xt2n sg8TMw//Sj0bs2ODRvPRe3ClvkVGqXV669qxFSRIW/HJftQQox78pkpM64lVquwG N/X4qyhmAoJTnvo5z8kWADrxNh5/tjKNJX0/Sm5OJRkJ+0luA1JefD/WB2SIxdP3 x1eV+F2l88Jf2lUpnpKgecgyvHlGK6ZVNR/XTLj2GMBjfhq4gFKiXb8imi2YE0HB t2idnoDxn03FG9HZng7i+Ll8bRQYGGVTprdekiRviGWtTTLN9GvqOdR0+uFt4HnB dIOeU4rAzOYhN/VCPn2AYTzVZDpT8kZZjwOON733FjEaFS9E+BO9Pjajzt/vxyTm CFVuGv23BrmUmu+lTS4SAQMB9W5uy6ZRhzTzTvqgpsk56d09HWxi+TOxFCPtu+ce IiCUMsJfhKEKaQ24uapfC/EZ9BpvZA5+Ojjs2NWFWXkjCGhkuEv6mDCtzzCFw27d dQufsejPCIneQjc/BBCPrEQJBH7qYLjiMlVXJT9rxrBT/cXVLxvEY19Wj36LqFJu A4LE2JxEox2zQ6OneEj5Sli5Va+YUsxMoFIfKvOcGWt3iXqqdTpruslSO2o8X3FC dwO8vPrDd15qMow5Oc2fbZYjH31UTXFXhPdD/z3k4O1HTZjE27rTqGDj7JTdoHvw xMlvkdQsaHd9Zdk2piNPl9dYqOpPxt2pIWjikFgAcUzUfg9U1fY= =/BbI -END PGP SIGNATURE-
Accepted icingaweb2 2.4.1-1+deb9u1 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Aug 2020 14:43:20 -0400 Source: icingaweb2 Binary: icingaweb2 icingaweb2-common icingaweb2-module-monitoring icingaweb2-module-doc php-icinga icingacli Architecture: source Version: 2.4.1-1+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Nagios Maintainer Group Changed-By: Roberto C. Sanchez Description: icingacli - simple CLI tool for Icingaweb2 and its modules icingaweb2 - simple and responsive web interface for Icinga icingaweb2-common - simple and responsive web interface for Icinga - common files icingaweb2-module-doc - simple and responsive web interface for Icinga - documentation mo icingaweb2-module-monitoring - simple and responsive web interface for Icinga - monitoring modul php-icinga - PHP library to communicate with and use Icinga Closes: 968833 Changes: icingaweb2 (2.4.1-1+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2020-24368: a Directory Traversal vulnerability allows an attacker to access arbitrary files that are readable by the process running icingaweb2. (Closes: #968833) Checksums-Sha1: 00437a7e48ce815f224c912a2072eb8d4ed12c4c 2414 icingaweb2_2.4.1-1+deb9u1.dsc 4fd287c90ed793deddf8f70210d498a0159e41a4 7176640 icingaweb2_2.4.1.orig.tar.gz b99a8184a517c25222f597633f2aafafc6b7ef84 12312 icingaweb2_2.4.1-1+deb9u1.debian.tar.xz dd7d4acbc3f00d9aec2bb33f2d419a6a5d11f622 9785 icingaweb2_2.4.1-1+deb9u1_amd64.buildinfo Checksums-Sha256: 096020df5e3626a6be41dc17858e288de809b5316fb33053f5e9828d3a3eff08 2414 icingaweb2_2.4.1-1+deb9u1.dsc 27150d96a2172d0fa0c77389970052a1bf7aa6553494e80837f6699e96e24bc6 7176640 icingaweb2_2.4.1.orig.tar.gz d90d4ace697169e2de34cd6a7454e1f1b11c28c09e47cc7e9b37360b988e6575 12312 icingaweb2_2.4.1-1+deb9u1.debian.tar.xz 0d7d4ff557cc091f7e8b5bc453000dd0c4557fe1d1fd2295e651be19aa0051d0 9785 icingaweb2_2.4.1-1+deb9u1_amd64.buildinfo Files: 00e256604d68219b7ab98e5be57f40ef 2414 admin extra icingaweb2_2.4.1-1+deb9u1.dsc d603099f529c9c0e318767350ed93e76 7176640 admin extra icingaweb2_2.4.1.orig.tar.gz c663c34ae01ac246c10b6a091e62b9ac 12312 admin extra icingaweb2_2.4.1-1+deb9u1.debian.tar.xz af10d7bac84ddcdb1c69a7f4990c7e2c 9785 admin extra icingaweb2_2.4.1-1+deb9u1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9EEToACgkQLNd4Xt2n sg9t+A//Q+z+4cxUzbm5HcsdSU0NsQ5Jgc/Svv6Fed4L1LH04nT0HJjcljlEBm8s orpczu1+MDIaoM6eynENAHwiQGPLjJVw6ORrzNX6+Og0xuZE9NkGghTqsQ1OBufd vsdS2ioAXh+x6m0bRYxUUsnGFR8y9p2p75fjhFlejd4UW5CJkiSLyFwPE1UWBCBY 3LMftzwBrtdmXBY7rWUkhxM/xRvcWFdbmjPM5Eied3tD7V8KrafpOz/luj3wBbk9 kcBrehQdicbV45WiafVkMJSXZhdApnEXm8gqfi/0Mxv/vonb2mw76BD2LnBqMh7R wvsDWbGLJvbti2qrCEfG2xZnNVzAWprZ+eM41ba/7nXUqyXAVUUKHjwXFPY91gP6 dhNTt8kYunzqEtLrvyXIk+yiR3958c9CDE9/MKfn3ViyG/IbevDvsB7HmfhvOMOR as6l/hmJ80RBG4CO78ScHnNWhTanJDW+fSm5PDDjZHCFqyYZyNpY6qc12EDQMIoO uOMM79oCqpyDHcqRcRsP1Z+NpzYbcmbAOKyl598XxoTCOc8qoGklCpRLXEF+c1Yz /z4b87mJBg6yNQ9t9jwqB+x6L6Mlw6lnkd7LZRnQn0J7JYszrfd69zs3tDoKOJE3 jV8djRTrJcGWz+gdL/uA4a47MtsoZ3+hWs4OrKYf+UpyGJh/ZOo= =v4yr -END PGP SIGNATURE-
Accepted libjackson-json-java 1.9.2-8+deb9u1 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Aug 2020 11:22:38 +0300 Source: libjackson-json-java Binary: libjackson-json-java libjackson-json-java-doc Architecture: source Version: 1.9.2-8+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Java Maintainers Changed-By: Adrian Bunk Description: libjackson-json-java - streaming fast powerful standard conformant json processor in jav libjackson-json-java-doc - standard conformant json processor in java - API documentation Changes: libjackson-json-java (1.9.2-8+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * Backported security fixes including: - Jackson Deserializer security vulnerability. (CVE-2017-7525) - Block more JDK types from polymorphic deserialization. (CVE 2017-15095) - XXE vulnerability in XmlMapper. (CVE-2019-10172) Checksums-Sha1: 657cc209f0c70c9e10c1ddba0a69041a795c746d 2413 libjackson-json-java_1.9.2-8+deb9u1.dsc 21a0cc1fe25032d64d74031369e982c71dcb5657 1112971 libjackson-json-java_1.9.2.orig.tar.gz d79469623186a8f08138113b132999c109963137 8928 libjackson-json-java_1.9.2-8+deb9u1.debian.tar.xz Checksums-Sha256: 0dec2e97516d52d309c5f80f16807c5f42020482cd140f31f7c941b24aa6c9d9 2413 libjackson-json-java_1.9.2-8+deb9u1.dsc c384766381d06a8782cef33e8e9f3d296d62a68c6638d2080d1912842a1b9b16 1112971 libjackson-json-java_1.9.2.orig.tar.gz 3414567eb1cc193dbce1553cde3720de94ca841784e50c6a350a289f24f6bad5 8928 libjackson-json-java_1.9.2-8+deb9u1.debian.tar.xz Files: ad89ea226be996e2cb4a45b3accf16ae 2413 java optional libjackson-json-java_1.9.2-8+deb9u1.dsc 767a478ff56bd4e00640c8185abeff53 1112971 java optional libjackson-json-java_1.9.2.orig.tar.gz 3f107e778b30dd4edf28c74056f33536 8928 java optional libjackson-json-java_1.9.2-8+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9DfD4ACgkQiNJCh6LY mLHYDQ/+Pb2zMLCqCAi1+/cpwtVgVfq+JPtMn94brkQtXzPZUapi4etjlEpQKL5x 6hw4vMrz8XkaVQ2WmlaV5dILvJD/esoTFBrbYoNGKPBmPHMyZ45wR+ixR37BHSY8 g7B3pLzWEzc58qWpOx5zEFCMfA0hJcMpeFHOvoG4MPQglir/ogmgXmwIdss7mTN6 99DjvZu0cI5KCkm0V5TgM73gM+bYzMNlAlwOtO+9Mv/lLm4DBbq09h7DSxTSYith ZQ12gFXe4aD0zi46Cd5NVWDdE3x56EeT2Zc2MG7gRAj3HbWod+GZ4EOBqzYtuzTV PdpoVfwr50O5d42HtvuHCd5CA0w3/qyi/ftpLlfLWjW23UBbHSgwSjLhmeUrXpAK QQ/PDBQLgh3SCSpXk/Gp2ImTNhRVJA4BZEq71Cy58iWi3YuRw7CA3l9qxePUmo/A KT3N9BKudj2hXnJVhuC+9n/myONAQUQZYesclilfyKZqyaj8TTLJwoTFflf9V3+A oP9zvqLxpd/G/jJOkjmfCtgQ4XElozlaLsdvtVi4pBtDtMqV2KwyeheDB1OsmtBc k5JMLOg7cFdyW8k3bji0ALZUuxs57b62MNuD/QC1Oyani/u2vhwIf9dtw/dvqAKc MkaopBqECMCIfeDM1syK4eYI00N8lvhG47YsOoyfuj5+YeNS9MQ= =YXck -END PGP SIGNATURE-
Accepted inetutils 2:1.9.4-2+deb9u1 (source) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Mon, 24 Aug 2020 10:20:27 +0300 Source: inetutils Binary: inetutils-ftp inetutils-ftpd inetutils-inetd inetutils-ping inetutils-traceroute inetutils-syslogd inetutils-talk inetutils-talkd inetutils-telnet inetutils-telnetd inetutils-tools Architecture: source Version: 2:1.9.4-2+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Guillem Jover Changed-By: Adrian Bunk Description: inetutils-ftp - File Transfer Protocol client inetutils-ftpd - File Transfer Protocol server inetutils-inetd - internet super server inetutils-ping - ICMP echo tool inetutils-syslogd - system logging daemon inetutils-talk - talk to another user inetutils-talkd - remote user communication server inetutils-telnet - telnet client inetutils-telnetd - telnet server inetutils-tools - base networking utilities (experimental package) inetutils-traceroute - trace the IPv4 route to another host Changes: inetutils (2:1.9.4-2+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2020-10188: Arbitrary remote code execution in telnetd via short writes or urgent data. Checksums-Sha1: d76eab7135e94c1e0bc2119ea9810e594ded00d3 2954 inetutils_1.9.4-2+deb9u1.dsc 5e515cc9da142cb73bb1beda137b4c2dcf2b528c 1364408 inetutils_1.9.4.orig.tar.xz c6512c1974fad1f7b03eef8baf0ecc05c6379b70 163 inetutils_1.9.4.orig.tar.xz.asc f65aff6fbef4df2af284aa1d79f8c0e690afd02e 78288 inetutils_1.9.4-2+deb9u1.debian.tar.xz Checksums-Sha256: 257d6a28e5fbaa39abc4a18c0f87a4e8e82cb6aeb1648fd897aecaa4561f10eb 2954 inetutils_1.9.4-2+deb9u1.dsc 849d96f136effdef69548a940e3e0ec0624fc0c81265296987986a0dd36ded37 1364408 inetutils_1.9.4.orig.tar.xz d570ff2369cf42238bcfd63cc1faacbc440652d753f4f0b62bb770ba7a497609 163 inetutils_1.9.4.orig.tar.xz.asc fa84bae0115cceddf251737957cb9c9cd654d5142fdadb5954d40f5751d68067 78288 inetutils_1.9.4-2+deb9u1.debian.tar.xz Files: 78c57b4bab5567f3db65d32361c35815 2954 net extra inetutils_1.9.4-2+deb9u1.dsc 87fef1fa3f603aef11c41dcc097af75e 1364408 net extra inetutils_1.9.4.orig.tar.xz 094681dc589bc04f918febd601a38fca 163 net extra inetutils_1.9.4.orig.tar.xz.asc fce7bca770ffd3f8cb737ab3f74c88e2 78288 net extra inetutils_1.9.4-2+deb9u1.debian.tar.xz -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAl9DdXgACgkQiNJCh6LY mLEBzRAAu/Dk61YDt7BzLP7wibXaKnEdZOXD2cR+UZX9rnZf68r+vYnNnivpFkpY oyFyUhJ6Q1gH9nsq55j1mFDQQQrISb144uYz8KF2P8qgj0KtHAbg4N8ay91xodLh 2genWL2paUfbGSi0P0eXhfHdeIpjXGt4jGhk+fxrcMkwgEdchzG+zas2sN9JFZpC HDIVzOAN/mwC3uAb0M87V24M1usdC8vSoDDOG42rhz8LhyQVpDCKqnxxi3g/yaut kJFZv1StoeL63M05y33vQrGkzBZEkWZMEm0bo0/IOuce0hmjJIvLBteAr25kejfc JpvJVtJvz1JHfzzG6aAF7WT215MAf5gLHryKm8EepNWt8pODYxt6lM/uh78DoJ/+ zSrocLU/DFZnNtaIBsL6BlsBscdnKs7B78pg+Jcxc4PD1FWxVmnr1f94iU/PhlyS 11jRBHhHUI/tq3ZT8AQhHj/jAUtg+h4x2aM1nzUMLXdJYaD96l0cgZwBiN9ulLJt KPGsX27Enz2Ty+yWXdjkd2VCenFhWrcaXUcm8kmyxoF7c5uPxqUdsDcroztf6dHM 9PYqWMIu8t1/C7vfmHOt3o5n0+ttj/Tgr4ZB+NMAgZKUzN5he4+DEYgIYTvLNf0T 6imyS0SmpzyBTMYE3qKnAGvYqmkYn1p4p40EHEu5GNiHJnH0h0U= =dsCt -END PGP SIGNATURE-