Accepted x2goclient 4.0.3.1-4+deb8u1 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 21 Dec 2019 18:22:22 +0100
Source: x2goclient
Binary: x2goclient x2goplugin x2goplugin-provider x2goclient-dbg x2goplugin-dbg
Architecture: source amd64 all
Version: 4.0.3.1-4+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: X2Go Packaging Team
Changed-By: Mike Gabriel
Description:
x2goclient - X2Go Client application (Qt4)
x2goclient-dbg - X2Go Client application (Qt4), debug symbols (client)
x2goplugin - X2Go Client (Qt4) as browser plugin
x2goplugin-dbg - X2Go Client application (Qt4), debug symbols (plugin)
x2goplugin-provider - Provide X2Go Plugin via Apache webserver
Closes: 947129
Changes:
x2goclient (4.0.3.1-4+deb8u1) jessie-security; urgency=medium
.
* debian/patches:
+ Add libssh-regression-fix-CVE-2019-14889.patch. In src/sshprocess.cpp:
strip ~/, ~user{,/}, ${HOME}{,/} and $HOME{,/} from destination paths
in scp mode. Fixes: #1428. This was already necessary for pascp (PuTTY-
based Windows solution for Kerberos support), but newer libssh versions
with the CVE-2019-14889 also interpret paths as literal strings.
(Closes: #947129).
Checksums-Sha1:
ed521ab5757b24c92b8a3ce5bd16174bc8ca38bf 2417 x2goclient_4.0.3.1-4+deb8u1.dsc
3f9e8932fa211fac725ef0b77d32b1a66f83bc3d 1539521 x2goclient_4.0.3.1.orig.tar.gz
3be6f7308a9e020942adf45607c0758c4fca1c1f 314756
x2goclient_4.0.3.1-4+deb8u1.debian.tar.xz
7f6272cd6aa69483d94a0228752d95503dae30b3 1191206
x2goclient_4.0.3.1-4+deb8u1_amd64.deb
f996e4d15cd2565a141b18634b9f80032679ed8d 1207394
x2goplugin_4.0.3.1-4+deb8u1_amd64.deb
94ed121b95c486b105320bf60f756bb8e439dec4 26554
x2goplugin-provider_4.0.3.1-4+deb8u1_all.deb
0dcf42e12021971fefa08f7222e1d562bbf2e381 2890892
x2goclient-dbg_4.0.3.1-4+deb8u1_amd64.deb
2ccb9c2ccf06609d164c881b171d974968263ef3 3192872
x2goplugin-dbg_4.0.3.1-4+deb8u1_amd64.deb
Checksums-Sha256:
48d71f1bd221a9c0beaaeaf60e1a398e9263ac4427587c5e8e38be18bcc9f7a7 2417
x2goclient_4.0.3.1-4+deb8u1.dsc
8a5a0d8112250ecc598a9811253081d16f87c17d0707e8f09671c7cb31942bad 1539521
x2goclient_4.0.3.1.orig.tar.gz
a7cf87a9d77997f1852a2f115ed0d84a81f2a95e0b451ebf8a23bfefd52c8b4e 314756
x2goclient_4.0.3.1-4+deb8u1.debian.tar.xz
4ee0e3ffbb24e488fdf0663403a0defd62ea660157a28f0328272aaf435db0d8 1191206
x2goclient_4.0.3.1-4+deb8u1_amd64.deb
c4eb42ba99f78a89a437ec0321079e43735b52b59d0c656afef76a3924dd1b62 1207394
x2goplugin_4.0.3.1-4+deb8u1_amd64.deb
883777847ee121092ea903a2d74fdefd91846a4557609217715e96fa855ce7a3 26554
x2goplugin-provider_4.0.3.1-4+deb8u1_all.deb
e0f489a52d6f83320250d64e94344c11035ae20b1c64a6b20d44f4516b4dd21f 2890892
x2goclient-dbg_4.0.3.1-4+deb8u1_amd64.deb
9ae88cd4d1a957ebffa5599935e9657b75296ac2ae2b42e2c284f16d4882ae94 3192872
x2goplugin-dbg_4.0.3.1-4+deb8u1_amd64.deb
Files:
6d659ebab8a0d700edf37b75cfa489ce 2417 x11 extra x2goclient_4.0.3.1-4+deb8u1.dsc
ef9a20ef96f7c31cc20ece9ebbf1e007 1539521 x11 extra
x2goclient_4.0.3.1.orig.tar.gz
3958c95a0e0ab651dcd814847b21f3e5 314756 x11 extra
x2goclient_4.0.3.1-4+deb8u1.debian.tar.xz
57644268808797e2376e615960660479 1191206 x11 extra
x2goclient_4.0.3.1-4+deb8u1_amd64.deb
fc3e3cd03ea4ccddffc95f609ed13990 1207394 x11 extra
x2goplugin_4.0.3.1-4+deb8u1_amd64.deb
23540c73adbbfeff3c066aa921be8402 26554 x11 extra
x2goplugin-provider_4.0.3.1-4+deb8u1_all.deb
3b987ee4669455bccfb5ad05f53df480 2890892 debug extra
x2goclient-dbg_4.0.3.1-4+deb8u1_amd64.deb
bf364cfbf301a653171e85fd1cf8d276 3192872 debug extra
x2goplugin-dbg_4.0.3.1-4+deb8u1_amd64.deb
-BEGIN PGP SIGNATURE-
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+WDwVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxYy4P/0KA4UwaqEttWG2OlTLjzCHBsUCX
4ZvY8MLNbNKOfd8SEVsfn4QNot5BOJz81IBp+wf503XUUZVjZimg3r/FHbHVKmMc
zANT12/7vpwvDTMvLm5KW3RXiaPkT3nV0bmmrZs2vEuFiGUhVcfr+63DbpOYA8e/
miHUZLdsNP9ppbP9l6jQfCpOY86wkh6peH5vanTOmbtKyf6iGNyF65KeI3kbgNDo
ToRPDXyT1hfo3rIHDdu0c2aQT2fpm5B38mWey+VivB7wWCAxn2jZB2X1G85YZ2k6
5Xj+sNd8HDyGdfZ6hej7AoIXCGTZy1BPrUnELgaHEIj5A9IH5TR6CWEqPWv4GUEw
b+EPju28n2eeJy9lKXt3XM6A+fPWiMFADaE4ozBaMqZBPINHgxyRoAc6ilWsNCSE
g9b6tWDRs6289ydS4mbO2Kj8VWxshdtyptOg1EZDIPjblXq3WAajDtTerunwdx7F
Rds31HMk4Rk0SpwOVbpdeYhZWDY0Qu7lTcHvGfTY8rdlYIM4oyAQ1tiTPHH4T9Hz
iS4E+dS35byLiA7aJK46vTP4lDr2eiK2rqHxaw/EWIL5432+ITaxbY3/s0WUmOy8
dU+9O6fXg4kqCls9+gNXtgEcNlElxjn8TVX33sYDsxXVnMwcto6hNyeBSoSVJ4ss
1K33bxmHYGXcv0zM
=AzR+
-END PGP SIGNATURE-
Accepted tightvnc 1.3.9-6.5+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Dec 2019 16:04:53 +0100 Source: tightvnc Binary: tightvncserver xtightvncviewer Architecture: source amd64 Version: 1.3.9-6.5+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Ola Lundqvist Changed-By: Mike Gabriel Description: tightvncserver - virtual network computing server software xtightvncviewer - virtual network computing client software for X Changes: tightvnc (1.3.9-6.5+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. * CVE-2018-20020: Fix heap out-of-bound write vulnerability inside structure in VNC client code. * CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. * CVE-2018-20022: CWE-665: Improper Initialization vulnerability. * CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. * CVE-2019-15678: LibVNCClient: ignore server-sent cut text longer than 1MB. * Extra patch similar to the fix for CVE-2019-15678: LibVNCClient: ignore server-sent reason strings longer than 1MB (see CVE-2018-20748/libvncserver). * CVE-2019-15679: rfbproto.c/InitialiseRFBConnection: Check desktop name length received before allocating memory for it. * CVE-2019-15680: Fix null-pointer-deref issue in vncviewer/zlib.c. * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. * Cherry-pick 782620-crashfix.patch from newer tightvnc src:pkg. Fixes segfault on amd64 systems when e.g. KDEPIM is being used inside an Xvnc session. Checksums-Sha1: d2bcf9b9a7294547f8d67e2b20f009d1de93c7c3 2037 tightvnc_1.3.9-6.5+deb8u1.dsc 0b21a60e060602e225b176695c1ddd787f007ed2 2246697 tightvnc_1.3.9.orig.tar.gz d53fd4dce5140b75258a176782b1c8339446fa11 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz 8f23492f13b0eda65242e08e75181199f1c7767d 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb 154443c99984afa21337b7255a8aa5e392b3814e 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb Checksums-Sha256: 233b0d228df753aba61fea571e7ec44d7f9a4b517c9ee05952236fc623ffbfce 2037 tightvnc_1.3.9-6.5+deb8u1.dsc 56062708bb547425f8e8f0f9c571d4fa06fcc89a11146a5b15c608fd8debdb80 2246697 tightvnc_1.3.9.orig.tar.gz 94de3481d6a3db67571e9883229a91b875bb7c40b60a992c325b63abf8563f1f 55568 tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz 22480ce862b66d0f8db540b6a0a90570f621f39e828cab3c4510a01b4627d4b5 661368 tightvncserver_1.3.9-6.5+deb8u1_amd64.deb 0aa98dcaec9712e41b898a4a04257413d8a8babf27fe47ba9f890361d66d8c77 88346 xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb Files: 59f805137181dbc42d860f42a4fbc6f8 2037 x11 optional tightvnc_1.3.9-6.5+deb8u1.dsc 80b904d4a10fccee9045d0feeaa65df8 2246697 x11 optional tightvnc_1.3.9.orig.tar.gz c8c4cf5d11e1d1aaa106867d2457c923 55568 x11 optional tightvnc_1.3.9-6.5+deb8u1.debian.tar.xz 9a28986b026246a1d2b86412fe603acc 661368 x11 optional tightvncserver_1.3.9-6.5+deb8u1_amd64.deb a06f5a3d6efa6fc80c4dc1f6e76d9960 88346 x11 optional xtightvncviewer_1.3.9-6.5+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3+OUEVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxXuUP/1vsy6X/C5mk/kABqJ6AhZYAkHo4 idz3TgkHYWJRmIWQ0eNXvLRmUhlZ7jX4YL9QpkruYuZTAEIjRmrJEfjAzRK6EruQ Lnu2UIrC0mXQNvZdZVfS7yChh573OTkIcc6ud9/S4g+6lYEXoi8wSrxrjlzwshPi tA5oz1jP29r1ND0x1jU2SIFGSpEeqnE0nfxqLMsZTEz8133wsWkN8iLXheFuNSAS EeSvDiG7hZQuebDNXx9nBxNSF5yOXw70LSb/IodZ1ZPMINrHtxunn5RgURbJd+F0 uCX1cDs9VD/yrkuGK5aLBmbMqU6ZDBd/1JJurBjnnKDSpzAXov5AqvtyHb/V6bBD dsVB41J01Jt+kNbcQIMVQih0LoWWg+P+wZLEN2T0iBdtDLCnlH2F0JA08zA8sSvQ oiRNceaw6lZr/U0RJpNalojfeHdGZnFBwaMAMtHgjOUV2kaLTQxC83jRKv3dqy9n UX1H9rsga7JaV/u2hSFirVFde48mrPtsTvCdksNs/54E+3ZICJkPBgG/XlYdAS1+ U36QsL9obsMY1a0zOrHEudMSDbQeSNjGkCamjnqZl9emOF/+OZynXWiPzX6bDkNA HBnkZ3/6MEIsj5UvpG0+0UpT3T6nwW5asromxvszkbMISnDEeYkD8tFdfFCTJsOS cEfKDUPdJrXK7fDE =eERf -END PGP SIGNATURE-
Accepted cyrus-sasl2 2.1.26.dfsg1-13+deb8u2 (source amd64 all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Dec 2019 15:26:43 +0100 Source: cyrus-sasl2 Binary: sasl2-bin cyrus-sasl2-doc libsasl2-2 libsasl2-modules libsasl2-modules-db libsasl2-modules-ldap libsasl2-modules-otp libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-dev libsasl2-modules-gssapi-heimdal cyrus-sasl2-dbg cyrus-sasl2-mit-dbg cyrus-sasl2-heimdal-dbg Architecture: source amd64 all Version: 2.1.26.dfsg1-13+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Cyrus SASL Team Changed-By: Mike Gabriel Description: cyrus-sasl2-dbg - Cyrus SASL - debugging symbols cyrus-sasl2-doc - Cyrus SASL - documentation cyrus-sasl2-heimdal-dbg - Cyrus SASL - debugging symbols for Heimdal modules cyrus-sasl2-mit-dbg - Cyrus SASL - debugging symbols for MIT modules libsasl2-2 - Cyrus SASL - authentication abstraction library libsasl2-dev - Cyrus SASL - development files for authentication abstraction lib libsasl2-modules - Cyrus SASL - pluggable authentication modules libsasl2-modules-db - Cyrus SASL - pluggable authentication modules (DB) libsasl2-modules-gssapi-heimdal - Pluggable Authentication Modules for SASL (GSSAPI) libsasl2-modules-gssapi-mit - Cyrus SASL - pluggable authentication modules (GSSAPI) libsasl2-modules-ldap - Cyrus SASL - pluggable authentication modules (LDAP) libsasl2-modules-otp - Cyrus SASL - pluggable authentication modules (OTP) libsasl2-modules-sql - Cyrus SASL - pluggable authentication modules (SQL) sasl2-bin - Cyrus SASL - administration programs for SASL users database Changes: cyrus-sasl2 (2.1.26.dfsg1-13+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-19906: Fix off-by-one issue in _sasl_add_string function. Checksums-Sha1: 5c795dc75507246bd9c9d54530eff30b1286b456 3374 cyrus-sasl2_2.1.26.dfsg1-13+deb8u2.dsc 2e2e96dfb788974d7ab335f39bde526bc71815e5 1494337 cyrus-sasl2_2.1.26.dfsg1.orig.tar.gz e33aa62eeb888ba712e83969edcf19cf66b5a7fc 94624 cyrus-sasl2_2.1.26.dfsg1-13+deb8u2.debian.tar.xz 67d2ea65df3b22204a5b230c20ef896c18a76e8d 166318 sasl2-bin_2.1.26.dfsg1-13+deb8u2_amd64.deb 34091a7821df65605f2adf6d9ec629ffc1b0f4c7 107456 cyrus-sasl2-doc_2.1.26.dfsg1-13+deb8u2_all.deb ab2dcf7c5f7e1b8ad575f7fb3fa753b02776eb73 104732 libsasl2-2_2.1.26.dfsg1-13+deb8u2_amd64.deb f7401089730675b0f3f35f111cbad65a2e459015 101508 libsasl2-modules_2.1.26.dfsg1-13+deb8u2_amd64.deb 6349a30e34efb0fa07b260cbe4450dbd5cb940aa 67264 libsasl2-modules-db_2.1.26.dfsg1-13+deb8u2_amd64.deb 39d365c107374f11e17743ac121d06301fb93bc0 66114 libsasl2-modules-ldap_2.1.26.dfsg1-13+deb8u2_amd64.deb a5aee8c57a23b63c0287266827289a59b5671bee 78960 libsasl2-modules-otp_2.1.26.dfsg1-13+deb8u2_amd64.deb 440f0a1565b3587e99013af9302d54a7e3ae00f1 68714 libsasl2-modules-sql_2.1.26.dfsg1-13+deb8u2_amd64.deb db9284cf3301ded6c7ca44720110b70b47042d33 90140 libsasl2-modules-gssapi-mit_2.1.26.dfsg1-13+deb8u2_amd64.deb 2bf9af2548c7dbb7c5849e573fc5b3554d1f01ce 310072 libsasl2-dev_2.1.26.dfsg1-13+deb8u2_amd64.deb 56bf9132b610ee7e52722e4b796a7bf808096e58 70776 libsasl2-modules-gssapi-heimdal_2.1.26.dfsg1-13+deb8u2_amd64.deb 8eb357bf1779c216ad8270d7309e64a28254805b 767506 cyrus-sasl2-dbg_2.1.26.dfsg1-13+deb8u2_amd64.deb 607f6a7d8431d0bc83d68f5e2d91caad91bb0249 86708 cyrus-sasl2-mit-dbg_2.1.26.dfsg1-13+deb8u2_amd64.deb bada73f70b6b0aae84af3b37f44f12106095224c 87302 cyrus-sasl2-heimdal-dbg_2.1.26.dfsg1-13+deb8u2_amd64.deb Checksums-Sha256: fbffac72f4f1a2a89a7efe5c140a2c462d24461bdc86f520ba1f2f8d3e706dee 3374 cyrus-sasl2_2.1.26.dfsg1-13+deb8u2.dsc 172c39555012f479543ce7305949db75df708771fe8f8b34248027f09e53bb85 1494337 cyrus-sasl2_2.1.26.dfsg1.orig.tar.gz 65ae9250eb6f49bbec2fdc64390f016d4e3b00e51a6b9a90d85604cb805d4cf3 94624 cyrus-sasl2_2.1.26.dfsg1-13+deb8u2.debian.tar.xz 2cf614ffa52fcd860dc7d7c458d57a1d23e9745cbeec2888bc034ad1779b9900 166318 sasl2-bin_2.1.26.dfsg1-13+deb8u2_amd64.deb 7c0a578e89837046a577f3d4eda8d4e1ddbfa94f01ceb461185e212baa3fbd8e 107456 cyrus-sasl2-doc_2.1.26.dfsg1-13+deb8u2_all.deb 0c5a5d37894aa433d8eb3d43832bac5eee70bc29509f8c2467f466e09c27967b 104732 libsasl2-2_2.1.26.dfsg1-13+deb8u2_amd64.deb 9ab06db3590c5cfb6b98621d2429a2c18a6f14bd7d7e963a7e55355b4486f763 101508 libsasl2-modules_2.1.26.dfsg1-13+deb8u2_amd64.deb dd1061899a039e410dca3f492d7351ee0f82245afe9de1074e6eb91a7f2e8c08 67264 libsasl2-modules-db_2.1.26.dfsg1-13+deb8u2_amd64.deb d7cec64f8f2dbe969afc6b6f2d1f64f792a324f73c65356caf1a0d4ff43b5412 66114 libsasl2-modules-ldap_2.1.26.dfsg1-13+deb8u2_amd64.deb 23318e43dcc21c0fc46525fbd6c7977c863c6273048a1270d2ee8f4bc18cb3b2 78960 libsasl2-modules-otp_2.1.26.dfsg1-13+deb8u2_amd64.deb 85939722694bb248398d0863db3b5f1f61f18e494e1f7482c83a65c8c2dd1525 68714 libsasl2-modules-sql_2.1.26.dfsg1-13+deb8u2_amd64.deb 0034821eb85ca591f6dc59a1ed727e0e279bbd271881c49943af05ee10ae4d9c 90140 libsasl2-modules-gssapi-mit_2.1.26.dfsg1-13+deb8u2_amd64.deb
Accepted nss 2:3.26-1+debu8u9 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 29 Nov 2019 20:49:00 +0100 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu8u9 Distribution: jessie-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Mike Gabriel Description: libnss3- Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.26-1+debu8u9) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * debian/changelog: + Add missing CVE-2019-17007 description text in previous changelog stanza. Checksums-Sha1: 3d5f0056599e3858b52d5286b611bfeb1d47fd7f 2281 nss_3.26-1+debu8u9.dsc 028656b80e448e135d2295bc1eed4a790acd008c 42896 nss_3.26-1+debu8u9.debian.tar.xz 716d330ce8902452c21dfc77026df0423ceef168 1173102 libnss3_3.26-1+debu8u9_amd64.deb 7491b043339fc2b04e00056c3260d4c77f23d4da 19082 libnss3-1d_3.26-1+debu8u9_amd64.deb 2184151cd4a9a5b310a8aeed427203788ee87472 784576 libnss3-tools_3.26-1+debu8u9_amd64.deb 37350778ba5e617c5936a4ddd7e3751bd948c681 242256 libnss3-dev_3.26-1+debu8u9_amd64.deb d034e4916ba669dc732853bfff4ac73169f78fac 8205288 libnss3-dbg_3.26-1+debu8u9_amd64.deb Checksums-Sha256: 238a6820244f8698d011db11707f5f4288947f6551421f9d2ace8970455fa262 2281 nss_3.26-1+debu8u9.dsc afe9b6793743e803fefdbf6c4e009021b3da3bf12d5aa3e7a879be956ccfcc09 42896 nss_3.26-1+debu8u9.debian.tar.xz 1abf18133131036b0bef6d53baaaee6e26233f94c7423c33d07dfc58a982c837 1173102 libnss3_3.26-1+debu8u9_amd64.deb 4d564ad3ee18550c946ac2b617aa40b485e4375c08cbcd3b21ff9a267111b03b 19082 libnss3-1d_3.26-1+debu8u9_amd64.deb 782e8c053550e7925f222661cfbf92cb7b8bdba36f30d6f3dd8012d6ddec9dc6 784576 libnss3-tools_3.26-1+debu8u9_amd64.deb 4f18cab9478c22e2ff94417543146b75328a70f02d8f181e326bede4b4f1602a 242256 libnss3-dev_3.26-1+debu8u9_amd64.deb db0c2d2f509d73649304598c8719fdaab11e0ee3dbc0d04c2684a5326c185465 8205288 libnss3-dbg_3.26-1+debu8u9_amd64.deb Files: 5d31bcefa78b316ff6767f8d054b743d 2281 libs optional nss_3.26-1+debu8u9.dsc 5202ab359a6283649d65974c7431b0ab 42896 libs optional nss_3.26-1+debu8u9.debian.tar.xz 8cad95c2f5da7ed53e2bebb8636df471 1173102 libs optional libnss3_3.26-1+debu8u9_amd64.deb 160f0826657ab05568cea7c8fdc9f4ee 19082 oldlibs extra libnss3-1d_3.26-1+debu8u9_amd64.deb 90766dcae598fba82927214541a91a6d 784576 admin optional libnss3-tools_3.26-1+debu8u9_amd64.deb 31e06020a06a5b4090453dc5a4a826c9 242256 libdevel optional libnss3-dev_3.26-1+debu8u9_amd64.deb 0ef8c77aeee03bf6d2012051a05739a8 8205288 debug extra libnss3-dbg_3.26-1+debu8u9_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3hf/8VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxzIYP/1l/6MskRkpB/d+8Wj3aofBmSjVl ww41RuvxRAoRJbD8X8/HexqEHgSdnYgGBNdrtYirgI6hgXxTu4f3hgcYtEG+u0mC ifCelBojVJwboDm3o+4dRsL4D26SmQfgHDuRTScJDF6JGtWL5vTxdA0WCNXxTbQF QCkjgmpe2l4ozHFmZIspmmPfg1jqmf0cIe9QEJzVx36qGx7gAdSqyPqJ7yz19ZBN aKa5CZnNa0Z7OjreXHTr8wGf9KmdMChmPCfsavWxaWSigOjSH6w7mWSD9+6VWAKU fsQKUyocVxQWL3zGqjegywJr6AcyJXPleEfLNSjLrtYxD/D5WythS5goK27vh5m5 0xAU/eYY+ywIQQeob0RYyf3JdYpUdxaUraWzR77FZL2bUMyFgss8OuaoRiTO1tTB eryb0v3dmM+XYxSZr/2PMuqN+cic/Knctmhy7mM2dtM8jtPbizWd6dWJGMau1Oa5 g7PPGLTfwu2dX5aLEurDTJhrJ6ozMtzCO+qCPXT17T5Ss7PsP8DTtFG3q2U1YBnI Cxh/3dKcN3OitrVuHlHaUGh82xHvdVno4koA88CeNWU+pSe0av+KtRIZaqEazK/2 cTVHC7rzZSqRSdCrlfgOaNUVf81bOgwBYmS/CgwyiGxygDxcB/sF8i0urCZNnSj3 SaSFPUNXB1XfW7oh =ifKF -END PGP SIGNATURE-
Accepted nss 2:3.26-1+debu8u8 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 29 Nov 2019 16:04:11 +0100 Source: nss Binary: libnss3 libnss3-1d libnss3-tools libnss3-dev libnss3-dbg Architecture: source amd64 Version: 2:3.26-1+debu8u8 Distribution: jessie-security Urgency: medium Maintainer: Maintainers of Mozilla-related packages Changed-By: Mike Gabriel Description: libnss3- Network Security Service libraries libnss3-1d - Network Security Service libraries - transitional package libnss3-dbg - Debugging symbols for the Network Security Service libraries libnss3-dev - Development files for the Network Security Service libraries libnss3-tools - Network Security Service tools Changes: nss (2:3.26-1+debu8u8) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-17007: Checksums-Sha1: 7f5a5a11f64939d4bedf6d30574f72339b4e9e84 2281 nss_3.26-1+debu8u8.dsc 4668aa2307b252b4e72876db0c260c9174e6258c 42848 nss_3.26-1+debu8u8.debian.tar.xz c26117744985932465dc4abb81023464bbedac9b 1173180 libnss3_3.26-1+debu8u8_amd64.deb cf56ddb2756c4ef4bc6829e57537212b6931f70e 19012 libnss3-1d_3.26-1+debu8u8_amd64.deb 9be8a3ec322f8bb149e24037e03fa39339f94eb2 784142 libnss3-tools_3.26-1+debu8u8_amd64.deb 05dabdf7f0871b5a68bf5dc7d42135ca0fca62cc 242130 libnss3-dev_3.26-1+debu8u8_amd64.deb dbf3029dbab1cecc84552d6ca7d0ba70b8a5d53e 8205688 libnss3-dbg_3.26-1+debu8u8_amd64.deb Checksums-Sha256: 90193fe6060ed154584c55e3ccc48ded625249e1e6eaa36397b2c3eb430e2bd8 2281 nss_3.26-1+debu8u8.dsc 72a2baf46a5ca57290ef13087f4f49ed158ff907396280a3147f9c9f58da 42848 nss_3.26-1+debu8u8.debian.tar.xz 95af27e96042e9087c4eca981900689a844de3451f56e2aa7aeb61b712f85e7e 1173180 libnss3_3.26-1+debu8u8_amd64.deb c7afdf709564983052210099fbbd1c1cc24d66d5b8d832ba7d0cddafd657ce43 19012 libnss3-1d_3.26-1+debu8u8_amd64.deb 7d4853d4e7cc50e32896ecb8aff1858b96e2a866792347803aa79a32292a6f5d 784142 libnss3-tools_3.26-1+debu8u8_amd64.deb 0165808416d07f0bb69dac389c83e8a096bb7e295708461d9e4b0f0c46e2ce63 242130 libnss3-dev_3.26-1+debu8u8_amd64.deb 9b26bfd3eeccd3b7b3c4847bdfe69fbf5ee441948b201ceec59540274e86be51 8205688 libnss3-dbg_3.26-1+debu8u8_amd64.deb Files: d0f79ae6f5f4d9f31b7d97f526cc3000 2281 libs optional nss_3.26-1+debu8u8.dsc 9731d74bd10f14f8ce4ce8b9b3c0b3c5 42848 libs optional nss_3.26-1+debu8u8.debian.tar.xz 17fd38a2cbc352fb6d7eee7318076b0d 1173180 libs optional libnss3_3.26-1+debu8u8_amd64.deb 7f23d581e968fa226fa02d0b76a8c6e1 19012 oldlibs extra libnss3-1d_3.26-1+debu8u8_amd64.deb 16d2f5fac277314956d49c9ac9f5f377 784142 admin optional libnss3-tools_3.26-1+debu8u8_amd64.deb 20bc146f5694cfee6534f2deddd41993 242130 libdevel optional libnss3-dev_3.26-1+debu8u8_amd64.deb fce52a426c77ecff7bbdf4f0ec4e3c21 8205688 debug extra libnss3-dbg_3.26-1+debu8u8_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3hPRcVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxThAP/jTFb61lYiN9xnm8trv7eJKg7uNx hDBg/Pak8LY4IKONZuXbuCL16QwPHBZclLnaSUUGZx4aQe/1UrgnnyDOh8yp77oJ NGiL4XrxU5jajoORZSf1UDUy/4AkvHb0V8nOX0+GbaGchmDmAQxbYDkM6c1grkQD k2Go10tKwNzVywWsSQJhm99XG7yPBRJUKkIc4RY4Wm34nhztDkFinOVj0iou0mjM vIsBKRaUMNSjhoe3kfm5PjjFb/b55nMm4jzb/zOWLs5Dg+WGVJSyDC6FdFq25VEc Yxn9CmIbhEzaFBfvcCdF9xqFOU7MvhYsYU1q4mAhuMv13rhUiCLDTrQGwbEMxblw +ix1aP5mu4kLBcrvdln+K21pbQCLcfv1HWRVa2GWngOGLKNzxhVwNETPOrtZSAdV mLx0I0i3M062ysIRePS0F4wKjbvZngjg3ftvgaKar08/FYu/b6JIY30s/lU7nAdD SyGH3PIylQdXFKbJk6jMO0e8Lw1Fynt0b59eTP+Lr8f33PXeOX0mNz2ah3aw+3j/ 77+sGyVYAEmtit6uZn2kLh5uVGre0IoBmcHHEWdxGQjT+OFQS4A0611fn3WGSeYB 7p4MRq9EKY/rbZSzhYaBGnf+552TFGQbjf8ENpHJUyhZB70SdBpQKB2tuLKF/GVH OPGJ2uQ9gLKgKzE+ =abN9 -END PGP SIGNATURE-
Accepted ssvnc 1.0.29-2+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 29 Nov 2019 12:15:33 +0100 Source: ssvnc Binary: ssvnc Architecture: source amd64 Version: 1.0.29-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Magnus Holmgren Changed-By: Mike Gabriel Description: ssvnc - Enhanced TightVNC viewer with SSL/SSH tunnel helper Closes: 945827 Changes: ssvnc (1.0.29-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * Porting of libvncclient security patches: (Closes: #945827). - CVE-2018-20020: heap out-of-bound write vulnerability inside structure in VNC client code. - CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. - CVE-2018-20022: CWE-665: Improper Initialization vulnerability. - CVE-2018-20024: null pointer dereference that can result DoS. Checksums-Sha1: f9282e40102a8f6d0ec312ae1b3c47689e50ee82 1918 ssvnc_1.0.29-2+deb8u1.dsc 135d212eab4d63609a94ce441e80e233a6d80261 552796 ssvnc_1.0.29.orig.tar.gz 19dae6704f86759824e59a8c26a3ca3cad3da158 8492 ssvnc_1.0.29-2+deb8u1.debian.tar.xz a53bc6e1ca5cfce80a1d6a9a74df818c30ebaf1c 431390 ssvnc_1.0.29-2+deb8u1_amd64.deb Checksums-Sha256: 413198decc3f7669c627362f9fb5fffb3d12e8e257eb67f8dead0858682a8f13 1918 ssvnc_1.0.29-2+deb8u1.dsc 74df32eb8eaa68b07c9693a232ebe42154617c7f3cbe1d4e68d3fe7c557d618d 552796 ssvnc_1.0.29.orig.tar.gz d012e92be93912b48e53fdf98dfa32dd583e5b0e2cb3d8626e67c6aea384bbb6 8492 ssvnc_1.0.29-2+deb8u1.debian.tar.xz 3251d1475cb86686eaaf7e87e7aabed337dd600132415fc04abc910b4079a1cd 431390 ssvnc_1.0.29-2+deb8u1_amd64.deb Files: 8be418437099440a06ac9d77b206ff68 1918 net extra ssvnc_1.0.29-2+deb8u1.dsc 52201aeb0417c2a0fe83639e52da6ae5 552796 net extra ssvnc_1.0.29.orig.tar.gz 83f347e575bec2bffc8fded9de94824b 8492 net extra ssvnc_1.0.29-2+deb8u1.debian.tar.xz 297b22f5438b86920e7bb8be08bc7717 431390 net extra ssvnc_1.0.29-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3hPYsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxoM0QAJJ7CFB76N4AMZSCXIV9f4r+cKMi iYSoME3AFXwoB8YjvvJPLGSmRBE3MkJPJf6W15oe6k62x4WwGC8LoY96ucRETwqr 7pnj3Sul2Jj65LdFYp5KHEJJlWCkBdqDHkANU7f6GjqdwtLVvmj19d2Dr6uioMsn PwP/2y7ifoPO9fIL+KRtt+1G1FjwoFU+qg2zZqDLTLI1qerj3trAXo3R+14SQndf fAhwOqbnhQcGa7EQ5J0r/PZX0D561R1mSvoiRv1+8Kami+35UQ+FqDu4OTk3PPWw VbmAkYMcK5baYb9uEps/6Qq6QCx7p3WjFE0hb1ZlaNsc1yd5qV4ZHWEXnrG8GnMo Lv+8E/FP7hIK/wcKFjYPqBSibaQSy2TEypTIBE9klCGVNjD1cwmCS4aPxUtIY4XP 8eB+5FNwLFHoU3yqqcjsGTIGL2X8lWGGr4PHkV0/cf7f/6uZJMiHtAwdmxTGTV/y zOpf500+PcBUvai8h/UdCx2NG013JyBwFbKL+lis4he176ARtwu4DX0Je9A1ksao yy/85rww4NuLgLjXrxE/IMG6JMMTVcpGE4tJ8HURV/OExh7k/2dkJgkduWyjSCzU VZlVaov2MFhiCdcS7hfujwOvjYsVO2ntyJ/w12JUURrgYeWj4OdmAwyyNu3J2HbN 7Di3mhqdVVGTrXv5 =T8/X -END PGP SIGNATURE-
Accepted vino 3.14.0-2+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 28 Nov 2019 16:50:38 +0100 Source: vino Binary: vino Architecture: source amd64 Version: 3.14.0-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Mike Gabriel Description: vino - VNC server for GNOME Closes: 945784 Changes: vino (3.14.0-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * Porting of libvncserver security patches: (Closes: #945784) - CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. - CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. - CVE-2019-15681: rfbserver: don't leak stack memory to the remote. Checksums-Sha1: f9cee0857909bef1d60ba71ef74669fde964a9bc 2465 vino_3.14.0-2+deb8u1.dsc c26168b0a6dfa6f646dcc131a09aaca2789623f1 749784 vino_3.14.0.orig.tar.xz 017586e98f4cbe84319c99d3be56db8468ff07b9 12992 vino_3.14.0-2+deb8u1.debian.tar.xz ee14ec7bf9e07bfd8f6d6fe098fabe6e1020a2c5 406796 vino_3.14.0-2+deb8u1_amd64.deb Checksums-Sha256: b1160d80107d43104084fdf65362c4e29bb80a1f60930f05946e1ce3ce376239 2465 vino_3.14.0-2+deb8u1.dsc 8faf864009e697e8652e4833150eaaba3da6c5a85f9f95886a5b76b00e5a9c1b 749784 vino_3.14.0.orig.tar.xz dc1324d253fd2954548a5cddc3a541ebd3b0b8b4e66c9fee1dfa1b18526fa63c 12992 vino_3.14.0-2+deb8u1.debian.tar.xz 2de19ef08ad9efee7baaf3098c062d0765eb31bf5cbf13d1f1b48f38b74db10e 406796 vino_3.14.0-2+deb8u1_amd64.deb Files: a65c0b39ca5560518abad9858e098f8e 2465 gnome optional vino_3.14.0-2+deb8u1.dsc 3564333509f9554fe8047cc34748cec1 749784 gnome optional vino_3.14.0.orig.tar.xz efab54f7d2e173bf21dba41fa5cbf776 12992 gnome optional vino_3.14.0-2+deb8u1.debian.tar.xz 23426d17da6a8fd3964fcd310aaee15c 406796 gnome optional vino_3.14.0-2+deb8u1_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl3gzp8VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxgJwQAKa2zyct+L257togGVgKMyCNBqLf i3JiF8vW0EDSCrFP6bLPOy1X1dy8YxEj4O9Zcza9PetShnpLwROlLPxbUVwonnMZ +/Rc8kWODpvKXUPArboVtQzhnExpsUfQPMcwd6RBVp3QNw8IAfGzucJpo33yk5BU GALJlLbfhYgK3P9TcB7CcQW7Af355SpNTj4AlbCfGVEEWf8newS4Nrxksbg2mQj+ p7fi2ts88Yk5gi8DHIGrWkOtLsKc84jAsTfp+O9siILUUMukn/i+OmLPl5h/WVYN VtTIV3XxfroH4cP+5SqsFUegYGixUhUktfTIj6wNwumO7r3qOzIDft04vGI2Qk/m sK/5/y4kWYQ0DO4N7XWkwnrdApHYmKxfn2MzdnmsvPGwnM6uhLa5awuYCMTf8Aod BdXF/Hq1D3INEfIE08BHId9RGro1iFF3xNT1SCMRXcpDNqQHifcfYPjxmS7RXJjR Be2I2shQ7+3DfnWtQcg3N+D86EsdiaVBT2ngBK5fEqAl2PXYnUYDBC0gvQSDvKr1 uCGK+i+lylkVAHVTxazmWmL0nvZl7YhdVG59yDlZuxjx1ySxGXfEABevYjIWxAZq bMAo+e3DpO9Ivy2WSg/2IQtaeqNuWk441rL8zdXLxWsyZzJ+7dLdmMt00GyvpUGL Ub9NrESbt9UjQfYc =ecdp -END PGP SIGNATURE-
Accepted italc 1:2.0.2+dfsg1-2+deb8u1 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Oct 2019 21:41:30 +0100 Source: italc Binary: italc-master italc-master-dbg italc-client italc-client-dbg italc-management-console italc-management-console-dbg libitalccore libitalccore-dbg Architecture: source amd64 Version: 1:2.0.2+dfsg1-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Debian Edu Packaging Team Changed-By: Mike Gabriel Description: italc-client - intelligent Teaching And Learning with Computers - client italc-client-dbg - intelligent Teaching And Learning with Computers - client debug s italc-management-console - intelligent Teaching And Learning with Computers - management con italc-management-console-dbg - intelligent Teaching And Learning with Computers - imc debug symb italc-master - intelligent Teaching And Learning with Computers - master italc-master-dbg - intelligent Teaching And Learning with Computers - master debug s libitalccore - intelligent Teaching And Learning with Computers - libraries libitalccore-dbg - intelligent Teaching And Learning with Computers - library debug Changes: italc (1:2.0.2+dfsg1-2+deb8u1) jessie-security; urgency=medium . * Porting of libvncserver+libvncclient security patches: - CVE-2014-6051: Fix integer overflow in MallocFrameBuffer(). - CVE-2014-6052: Check for MallocFrameBuffer() return value. - CVE-2014-6053: Check malloc() return value on client->server ClientCutText message. - CVE-2014-6054: Do not accept a scaling factor of zero on PalmVNCSetScaleFactor and SetScale client->server messages - CVE-2014-6055: Fix multiple stack-based buffer overflows in file transfer feature. - CVE-2016-9941: Fix heap overflows in the various rectangle fill functions. - CVE-2016-9942: Fix heap overflow in the ultra.c decoder. - CVE-2018-7225: Uninitialized and potentially sensitive data could be accessed by remote attackers because the msg.cct.length in rfbserver.c was not sanitized. - CVE-2018-15127: heap out-of-bound write vulnerability. - CVE-2018-20019: multiple heap out-of-bound write vulnerabilities. - CVE-2018-20020: heap out-of-bound write vulnerability inside structure in VNC client code. - CVE-2018-20021: CWE-835: Infinite loop vulnerability in VNC client code. - CVE-2018-20022: CWE-665: Improper Initialization vulnerability. - CVE-2018-20023: Improper Initialization vulnerability in VNC Repeater client code. - CVE-2018-20024: null pointer dereference that can result DoS. - CVE-2018-6307: heap use-after-free vulnerability in server code of file transfer extension. - CVE-2018-20748: incomplete fix for CVE-2018-20019 oob heap writes. - CVE-2018-20749: incomplete fix for CVE-2018-15127 oob heap writes. - CVE-2018-20750: incomplete fix for CVE-2018-15127 oob heap writes. - CVE-2018-15126: heap use-after-free resulting in possible RCE. - CVE-2019-15681: rfbserver: don't leak stack memory to the remote. Checksums-Sha1: e27dd098ee97cc96a65234ec30198c0a835f7395 2854 italc_2.0.2+dfsg1-2+deb8u1.dsc b0688a5b5ac082a42a2fe42226da2a11b7ecce6e 2315812 italc_2.0.2+dfsg1.orig.tar.xz bf25cc0f1456a4f5a6432b528114e684cda903a2 59720 italc_2.0.2+dfsg1-2+deb8u1.debian.tar.xz 1fcd047b65e6d88c62091e0b46f98d309421d716 651630 italc-master_2.0.2+dfsg1-2+deb8u1_amd64.deb 9f0bd024fe3ed30bc15bebcd5e820aea709597e8 1096786 italc-master-dbg_2.0.2+dfsg1-2+deb8u1_amd64.deb 745e33e119586a201bae037da34a67834344c24c 641434 italc-client_2.0.2+dfsg1-2+deb8u1_amd64.deb 98a880aef9fef2947f60e96a7a47eb44e5129570 1256918 italc-client-dbg_2.0.2+dfsg1-2+deb8u1_amd64.deb efc2b2cae87ca8a4f7f9a1e5b8169360e808424e 142528 italc-management-console_2.0.2+dfsg1-2+deb8u1_amd64.deb 583efc2f9bfdb9394ce15095e95b7f3f5ac9f609 449924 italc-management-console-dbg_2.0.2+dfsg1-2+deb8u1_amd64.deb 2b238c60275b47c5578ae387e6196916532bd753 620098 libitalccore_2.0.2+dfsg1-2+deb8u1_amd64.deb f3910eea6548006ac3ecc5a9586a9392fdb3d108 1263692 libitalccore-dbg_2.0.2+dfsg1-2+deb8u1_amd64.deb Checksums-Sha256: 743e0a722a96061e42324a7104dc843cce983273124e8788731ed4e5eaa7972e 2854 italc_2.0.2+dfsg1-2+deb8u1.dsc 559212f84980120640db9742677c2dd7b3ee9f6663ccfe73ee8dbc2d417cc6d4 2315812 italc_2.0.2+dfsg1.orig.tar.xz e18ff645c9c4a66c4ec05fc49f2484e01b077b601047498f91581efa462d337b 59720 italc_2.0.2+dfsg1-2+deb8u1.debian.tar.xz 1747662b51bbc100a5c4d98be5f4faaa63f31cf3927b16fb0aff808bb90d36ee 651630 italc-master_2.0.2+dfsg1-2+deb8u1_amd64.deb 67030b3b6dfecb09139bb38dc69e2bac4dd53b72cde10155f22332b0a2087098 1096786 italc-master-dbg_2.0.2+dfsg1-2+deb8u1_amd64.deb 78a5f2068110ce06e54b1bf78cf4a02a2cd05542a6325ecd107def31059e1f1d 641434 italc-client_2.0.2+dfsg1-2+deb8u1_amd64.deb 956c619cb09d4edbfdf253fd5734cad48f1582196ccc6f37f547c45747c7128d 1256918 italc-client-dbg_2.0.2+dfsg1-2+deb8u1_amd
Accepted libvncserver 0.9.9+dfsg2-6.1+deb8u6 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Oct 2019 13:46:34 +0100 Source: libvncserver Binary: libvncclient0 libvncserver0 libvncserver-dev libvncserver-config libvncclient0-dbg libvncserver0-dbg linuxvnc Architecture: source amd64 Version: 0.9.9+dfsg2-6.1+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Peter Spiess-Knafl Changed-By: Mike Gabriel Description: libvncclient0 - API to write one's own vnc server - client library libvncclient0-dbg - debugging symbols for libvncclient libvncserver-config - API to write one's own vnc server - library utility libvncserver-dev - API to write one's own vnc server - development files libvncserver0 - API to write one's own vnc server libvncserver0-dbg - debugging symbols for libvncserver linuxvnc - VNC server to allow remote access to a tty Closes: 943793 Changes: libvncserver (0.9.9+dfsg2-6.1+deb8u6) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * CVE-2019-15681: rfbserver: don't leak stack memory to the remote. (Closes: #943793). Checksums-Sha1: 503fc1224b6da92ed05006cd2e64da20c38d2204 2486 libvncserver_0.9.9+dfsg2-6.1+deb8u6.dsc 8d50e2cb9988c8d77fd44321aa59bec433ff608c 36020 libvncserver_0.9.9+dfsg2-6.1+deb8u6.debian.tar.xz 6798c1b9090d9b93781d80563a9e4e502eadda1c 125754 libvncclient0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb abd0d6cd2aa944e69aa6cd7f6d88cd21c99d10ef 192620 libvncserver0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 1786a605b5134b1e5219519fd9ba840bbf454deb 276356 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 7a97dd368b99d33d9b92cc817a9af998bf8dfba5 90982 libvncserver-config_0.9.9+dfsg2-6.1+deb8u6_amd64.deb a2c39f4795a165d33e2d9b32aa8cc53f83c1683d 183680 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 8d615a51e40c25524ba5a48840432549e0dc9e70 383842 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 0c9ee3f81ed9327a4ec32d372a9218f88ef8d9f6 86950 linuxvnc_0.9.9+dfsg2-6.1+deb8u6_amd64.deb Checksums-Sha256: 3dee5d735c28c59a066105b6102109f6c228eaf2b9af016af0cc88ca939d3bd2 2486 libvncserver_0.9.9+dfsg2-6.1+deb8u6.dsc 3530ad12cdd78546a1b182dda0178282ebb6e5724859d985547ff743d4f798e5 36020 libvncserver_0.9.9+dfsg2-6.1+deb8u6.debian.tar.xz ad9e619572912cac131a64d57d71f52c1d3d6c891bda4687474b4975c1ad8844 125754 libvncclient0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 8ec3f159e1827b0dc49870ce137bd74f9fa162ee25da27bfb3de3afcd22198c5 192620 libvncserver0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 029c9f151da975f88520f54bc9573143b18689909bf5812a0ec2d139a24ce380 276356 libvncserver-dev_0.9.9+dfsg2-6.1+deb8u6_amd64.deb f5a82313485963dcda296b615d92475e18af4daae495ccd604ba12db3c94092b 90982 libvncserver-config_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 35117b9ca143503b4610e14840f282690d06f283ba193a16b7698f2c9fdcdab8 183680 libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 82fc5d8d958ba1bc0ed31392b24eda85b59aedc9ca63bf7666fb054a0157cf0b 383842 libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb a877d4501156fb95fd2f9bfc486b778bbcf3a1a705f55af5628a7c2b3955c36f 86950 linuxvnc_0.9.9+dfsg2-6.1+deb8u6_amd64.deb Files: 82b4784f25f5e3b68a62438c35b0ac95 2486 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u6.dsc 74f9111d71e51491e57dca24ae5e3e9d 36020 libs optional libvncserver_0.9.9+dfsg2-6.1+deb8u6.debian.tar.xz 66d1d159adbfb0debc3f677d42ca51f5 125754 libs optional libvncclient0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 3705f78c2f9e064876b3420a18ec8e8e 192620 libs optional libvncserver0_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 91f5869c0c9724d269b256065d96 276356 libdevel optional libvncserver-dev_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 4986032e50cc64466d4021a937a5fd7f 90982 libdevel optional libvncserver-config_0.9.9+dfsg2-6.1+deb8u6_amd64.deb bfba6b71dac480d6eace2212ad020851 183680 debug extra libvncclient0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 267fae4a01cf2ea7b7d1ba1310868216 383842 debug extra libvncserver0-dbg_0.9.9+dfsg2-6.1+deb8u6_amd64.deb 401f3a0a0164161b323109efe4cefa0a 86950 net optional linuxvnc_0.9.9+dfsg2-6.1+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl25h5gVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx6qIQAIyKyMRC2D3RNvoBUfkz+SX8moCc VvysEGR1RFzR19iYKx9849Ah5rkpuwCT6CmWBLSZtnKeWKEfr4cEPVmtAB7yiGdH cBc5UyhFcrPeaLfyCiYlpGyPJxtRjTkHsmCW/e9rcfAcLV9ue3F3Ws7f2sse5PH5 HaeYMh6up2BKI2Mom91G7rQ309qOY7g2J4efYuNdqHn81SOq84L1zSFMTflyDLNj +Kc/ENNYZQoUByxdLbSO28p67smp7UJC68fFOOkzdfN4tQfKbikDU6z8m9MwAo0h xP1cFuZaE+MJjFcc0g+QyOSOCkMadmAzDrk24Ey7ryniOPzsVij7kc8e6kp9V++G 1h2KCIUSmYSGif7qBc/EyE3EVbApdmKRHuNQXo2ccorrKx+keODrXb1arx2Bmxr7 amKKUHfexflqYZk4a/CU08rblb5EfynlekAW3Jc/PgF01OBXQ8AUjZWqwMocDt7P 0VFmgo92FeT43TsaZxuxwXk3Vc4bVA0zLe/n0barkVb668XDEHuBcsUBaMHfvmJ9 FwVNooWGvcaXkIUR3b3UU3eczfXnUgP2MXfZEnG1qrxURJwF4DV53G7sfCbe8EXq QejvrJuyiEvcYE42YpetRK/JtHxH5Zsu/vgBgrwStGV+XV+0Mkop/j8ey0jsNYhI jcxJShm1cuAAUqKs =NMVB -END PGP SIGNATURE-
Accepted phpbb3 3.0.12-5+deb8u4 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 01 Oct 2019 00:58:32 +0200 Source: phpbb3 Binary: phpbb3 phpbb3-l10n Architecture: source all Version: 3.0.12-5+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: phpBB packaging team Changed-By: Mike Gabriel Description: phpbb3 - full-featured, skinnable non-threaded web forum phpbb3-l10n - additional language files for phpBB Changes: phpbb3 (3.0.12-5+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-13376, CVE-2019-16993: includes/acp/acp_bbcodes.php: Check form key in acp_bbcodes, and check form key no matter if submit is set. CVE-2019-13376 has been a regression of the fix for CVE-2019-16993. Checksums-Sha1: 6d6d9affe388f4d8510eaeacee4cab9a8975cf5e 15438 phpbb3_3.0.12-5+deb8u4.dsc afbacef7b089b24a718f06a84a7f437747f80889 99052 phpbb3_3.0.12-5+deb8u4.debian.tar.xz 459eef08644bda4ed4ea0f3022f36710980cffeb 1484840 phpbb3_3.0.12-5+deb8u4_all.deb 8c9a24e851be7bcbd2cf5a9d1cd14b3bd1c2bc9d 5731834 phpbb3-l10n_3.0.12-5+deb8u4_all.deb Checksums-Sha256: 9c05add1960763674d5e56eb453525f9c7389cc7e1ca7cb030a495b81e009440 15438 phpbb3_3.0.12-5+deb8u4.dsc bb5752e45f148bf77b36151c2f951845b504c0510f7b909cb94a718186e7bd5a 99052 phpbb3_3.0.12-5+deb8u4.debian.tar.xz 61d04be8d0925a2d6f589fc843c85c3b1260ef645eede899edfbacd369603d49 1484840 phpbb3_3.0.12-5+deb8u4_all.deb c2843bb96ea06b487bb118ae3cfb8055308c04b5c1220b360f40be91040cec1c 5731834 phpbb3-l10n_3.0.12-5+deb8u4_all.deb Files: 967f06cb7ca3439989e9ba9d5e308d46 15438 web optional phpbb3_3.0.12-5+deb8u4.dsc fd97298982c26125b9009b225b0df4e9 99052 web optional phpbb3_3.0.12-5+deb8u4.debian.tar.xz 02a4f62f077642a74737e6c49451266f 1484840 web optional phpbb3_3.0.12-5+deb8u4_all.deb c3d35ae8ecf02f4ab3c8895bc7d0f3b7 5731834 localization optional phpbb3-l10n_3.0.12-5+deb8u4_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl2Si1cVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxroUP/AhZFBvugq12tb3/S6l2g40YSe42 mrhjgf6VkNfrfJYw92uvGMgtIJOcxVtWnAqhpwd8KrD/WasTDwHV1xtJEBsZv0G/ 1jC4ItJy9NrIvBdUTQRFyHPZ6EbV451bynXnCoOjTCMLHFUSOTHrRxg/sm3lFoX4 jtPgxqOcQAV8rl5UdU7Wcvj1+3L6FdpBSeyZ0PZDsyipR5YaCahiC4szYAbIaGSv GYKW0G4q/DHiqLwmJiBLOY7bjVUdGRFXf+8HTnQ0+ERMYsfDZVQco8e/jPF12gfZ QAy7jpW3XFduJ9Ff2cb9zsfPDPje5imAKvzW2jYyW9seU3CJVPheAjNSoZZmZmSD RlNust9sWFjt7CjLIPe6ATflOzzFgvGrKigV0dtWv0FklTtCcvWwEvsD4N/oDl8c M6mc1k67O3jE5BsnXs+4KXpwqTnaGb1EOTPcH4yyYR/9fysfwXIfid7McdtfEwo6 MtyvhpkDM+viZ89rWUmxi8DVnyHjWzsDxUDprZFo3l+FnoOc6nqs52t3+Ji0AtgY yZP8J1/1s/y5cidt2MIosRUDcjuAlPYqiw5rAiRnb4aVdqBA44yU+8ws1bRasRHn l6hCR7+/KNqWYjZGK82VSCNmzmWuGsCKr1fQW6nliETVxKPiPXZq8suSOWrtV9vH 10XRyXFNfg/ApBbJ =/g1M -END PGP SIGNATURE-
Accepted netty 1:3.2.6.Final-2+deb8u1 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 27 Sep 2019 15:13:36 +0200 Source: netty Binary: libnetty-java Architecture: source all Version: 1:3.2.6.Final-2+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Chris Grzegorczyk Changed-By: Mike Gabriel Description: libnetty-java - Java NIO client/server socket framework Changes: netty (1:3.2.6.Final-2+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-16869: Correctly handle whitespaces in HTTP header names as defined by RFC7230#section-3.2.4. * debian/control: + Drop 'DM-Upload-Allowed: yes' field. Not supported in jessie anymore. (The netty src:pkg never got updated during the jessie release cycle). * debian/build.xml: + Enable deprecations. Fixes FTBFS against OpenJDK in Debian jessie LTS. Checksums-Sha1: 3b1e928d0b9f1aebfccae2866cfe9b41cee8699b 2256 netty_3.2.6.Final-2+deb8u1.dsc 7f827bef533e48d7de9cc8d4f8d77e4f9fef3668 616765 netty_3.2.6.Final.orig.tar.gz 39e0f837a4d708c9e87716628920ec812843c604 6728 netty_3.2.6.Final-2+deb8u1.debian.tar.xz ae5834dad673a8943c6649701731da5bed0c374b 662648 libnetty-java_3.2.6.Final-2+deb8u1_all.deb Checksums-Sha256: 47784bf99b746fed7eb08e0b0c5a3855a9f94cee860ef5e0758423d00f6cf7c0 2256 netty_3.2.6.Final-2+deb8u1.dsc 49a4097ea1575934521c375acfe7aa1f497a4d450df33c6f5273f63c951d9726 616765 netty_3.2.6.Final.orig.tar.gz ca3de4bff95ecefbf0d1bcbf3340e091431da3d9de2f0bbf0db1c97617f17cc0 6728 netty_3.2.6.Final-2+deb8u1.debian.tar.xz 1ce6d7a491a1aa878c6a79b3f9e2e630bacb8554140211c4be4312b6417943ee 662648 libnetty-java_3.2.6.Final-2+deb8u1_all.deb Files: 087f8d6dc2815ce4f528118257a3c44c 2256 java optional netty_3.2.6.Final-2+deb8u1.dsc 60090b47433147396031b28ee50de4cc 616765 java optional netty_3.2.6.Final.orig.tar.gz 641d92730fd122955260c32694d866a6 6728 java optional netty_3.2.6.Final-2+deb8u1.debian.tar.xz 1ffa8b36d5d9135df5d686c4a3fe84f7 662648 java optional libnetty-java_3.2.6.Final-2+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl2SbwsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxJKAP/RM97yz4jxFDxEgAO0WGtDp4LVaS QkZ6w6Q8YrAaWup4oP/a4e0lJazhi4MYXziE3GzGNoCn2Nyu7PGCg9/XcH+Kd+vT 5QGmyILSqLhDtgPHl23BJ01wt7k8q53gf6k5xGS1c69IFeduSOXwTEsTHopMGwPT dHaFdeX8Job2RNs07qjaQSxQ2lH26gWXQDyg08hy3ZF4wt6VWFMIrVdQg+xL4mPa /cRsFBuVOhYRdAwbTeY4jISxeSvMTpsSxJXNefTnumTbCCcdkCgXwKN/IbgLLBnp P1E/FyiUFANx2pZ6p/P60VP1/x2t29sU2JVKXIdcwleDehyGEzsSpnbcKqRGZywg i+nLTbBG8Ar04dssIPQwWye/IV8LY4UeuUSzm/3OcD6BbC5g6FYYhL3YKh+9EDAC EVIot0uVTtiYvBXd/+dObsskl6WSlV3S2O5eqDanXeLY0tV5Uhs1d2Pos+a10TDX Xx430x9A/q0WS/4UMJh26pqIg4Qy2B0ZIiMRBZL/4dq5FPbfENgezm4pUNFQKVef vnVp1wDJG5FDao0tgOWPGP88eFxqkEk0Rj3L1qbZYGgg1+64T7YoFrZyA99zxOyw q5LUNLsOvEREvMMCXTyOUwbHUi4dho7MU0f5luT47J0jwDc/TVqMGPrkPvknI+2u n3gjPEuP4TrXstBP =xJrL -END PGP SIGNATURE-
Accepted libav 6:11.12-1~deb8u8 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 31 Aug 2019 17:36:55 +0200 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u8) jessie-security; urgency=medium . * CVE-2019-14442: avformat/mpc8: fix hang with fuzzed file. * CVE-2018-5766: lavc/avpacket: Fix undefined behaviour, do not pass a null pointer to memcpy(). * CVE-2019-14372: wvdec: check for eof in wv_read_block_header(). * CVE-2017-9987: avcodec/mpegvideo_motion: Fix off by 1 error in MV bounds checking. * CVE-2018-11102: - mov_probe: fix integer overflows. - mov.c: Check for stsd + m1s tag indicating MOV-wrapped MPEG-PS, and force continued probing if found. Checksums-Sha1: 9c8f859f2f2f8fc39a7cab266208afc5bd0176f8 4023 libav_11.12-1~deb8u8.dsc 8afee23ed95809831208bb721228c8ad04bd2a8e 77184 libav_11.12-1~deb8u8.debian.tar.xz eaf4df3c04e673f7dc9cb3c2a6b63c3982debc30 18451734 libav-doc_11.12-1~deb8u8_all.deb e345230e328e1122dab4f8ef180b3058c01f516e 67106 libavcodec-extra_11.12-1~deb8u8_all.deb 5a2eadbea6305746dc4415b856506940133d7a7d 474584 libav-tools_11.12-1~deb8u8_amd64.deb ef814b94a670a78ff2477dc6c1843caa88c1925f 21598212 libav-dbg_11.12-1~deb8u8_amd64.deb 51427e8305dd9d72b90ebbbc51d618e6609955de 132016 libavutil54_11.12-1~deb8u8_amd64.deb ce65a2f52fcc06c015be13dcbf97e536f3ca0d49 3110478 libavcodec56_11.12-1~deb8u8_amd64.deb 9724c21244e137010bfdd742d63af88e71d557f6 91962 libavdevice55_11.12-1~deb8u8_amd64.deb a2aba929a2bbcf8c73be80ef79270ad3e037bc6d 587038 libavformat56_11.12-1~deb8u8_amd64.deb c816f6352c9b8f4e264f80d0c5b70b1b5fa2bf1b 173194 libavfilter5_11.12-1~deb8u8_amd64.deb ecb162768ad7efddb67d20626f370c2a353bbb9c 145562 libswscale3_11.12-1~deb8u8_amd64.deb 78f81e17a85bf5d388416d852aae0aca0296b24f 194290 libavutil-dev_11.12-1~deb8u8_amd64.deb 371e350e49ea159f3294e80d292ddac57ab4a9fb 3434346 libavcodec-dev_11.12-1~deb8u8_amd64.deb 6d1071aaebce3cf83837c47f586b61fbb4063382 95012 libavdevice-dev_11.12-1~deb8u8_amd64.deb aa6cf5149a8ab531dfc3178e72a2ae0b25ed0c00 692936 libavformat-dev_11.12-1~deb8u8_amd64.deb 15043384cabec3b1796e96d3b88c24a07f6c7d2a 204424 libavfilter-dev_11.12-1~deb8u8_amd64.deb e140fb2e8a403a056d54353bab4066018db5ba7f 158448 libswscale-dev_11.12-1~deb8u8_amd64.deb 7ff8450b4bc920bb49241b2e680840dd0399b78e 113466 libavresample-dev_11.12-1~deb8u8_amd64.deb 3bf7cb0507b6432290e25f1be3c543fbb57aa9b6 104476 libavresample2_11.12-1~deb8u8_amd64.deb 31e835a22497bb5d73f9196c89b5d42bb90f0a5a 3114510 libavcodec-extra-56_11.12-1~deb8u8_amd64.deb Checksums-Sha256: 9e73600e703bd583b6591235e0d54cfa5d3d55cc67d8db8a2f484691282e142a 4023 libav_11.12-1~deb8u8.dsc 0af563999abf4d91b61a36a823d7114c733fa535de100d665bb8a5b717f1c40b 77184 libav_11.12-1~deb8u8.debian.tar.xz 73a9b843042f0271ffd915a20c71280cfd52f7c4a8f3a7bafd731bdab1c992c8 18451734 libav-doc_11.12-1~deb8u8_all.deb d119d4bd378f8dd6eb09dc561e98bcdd1f00dd203369fe8eafae838358ab43e3 67106 libavcodec-extra_11.12-1~deb8u8_all.deb 2e338d4f1f67cb8a043874e7783464c9463d9688aec88e85f86e43958289598f 474584 libav-tools_11.12-1~deb8u8_amd64.deb c4dc0f45e5720649cf4107c9f66858501d4c3d367f39703e048c421a7582efb0 21598212 libav-dbg_11.12-1~deb8u8_amd64.deb b99a1c2035860abc852c950635d2028a447b97642123620dd34906a5ed3837ab 132016 libavutil54_11.12-1~deb8u8_amd64.deb acfc4b48f4681329b039913863c9dc2ef8a13d122f41eef318ee3cae882c6fe8 3110478 libavcodec56_11.12-1~deb8u8_amd64.deb ee0c0f9e6568972c3b7b5d5f22799ca0e09ed562ac7a8ac9e575b8a2fdb0a2bf 91962 libavdevice55_11.12-1~deb8u8_amd64.deb
Accepted gosa 2.7.4+reloaded2-1+deb8u5 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sat, 31 Aug 2019 13:37:45 +0200
Source: gosa
Binary: gosa gosa-dev gosa-desktop gosa-schema gosa-help-en gosa-help-de
gosa-help-fr gosa-help-nl gosa-plugin-connectivity gosa-plugin-dhcp
gosa-plugin-dhcp-schema gosa-plugin-dns gosa-plugin-dns-schema gosa-plugin-fai
gosa-plugin-fai-schema gosa-plugin-gofax gosa-plugin-gofon gosa-plugin-goto
gosa-plugin-kolab gosa-plugin-kolab-schema gosa-plugin-ldapmanager
gosa-plugin-mail gosa-plugin-mit-krb5 gosa-plugin-mit-krb5-schema
gosa-plugin-nagios gosa-plugin-nagios-schema gosa-plugin-netatalk
gosa-plugin-opengroupware gosa-plugin-openxchange
gosa-plugin-openxchange-schema gosa-plugin-opsi gosa-plugin-phpgw
gosa-plugin-phpgw-schema gosa-plugin-phpscheduleit
gosa-plugin-phpscheduleit-schema gosa-plugin-pptp gosa-plugin-pptp-schema
gosa-plugin-pureftpd gosa-plugin-pureftpd-schema gosa-plugin-rolemanagement
gosa-plugin-rsyslog gosa-plugin-samba gosa-plugin-scalix gosa-plugin-squid
gosa-plugin-ssh gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema
gosa-plugin-systems
gosa-plugin-uw-imap
gosa-plugin-webdav
Architecture: source all
Version: 2.7.4+reloaded2-1+deb8u5
Distribution: jessie-security
Urgency: medium
Maintainer: Debian Edu Packaging Team
Changed-By: Mike Gabriel
Description:
gosa - Web Based LDAP Administration Program
gosa-desktop - Desktop integration for GOsa²
gosa-dev - GOsa² development utilities
gosa-help-de - German online help for GOsa²
gosa-help-en - English online help for GOsa
gosa-help-fr - French online help for GOsa²
gosa-help-nl - Dutch online help for GOsa
gosa-plugin-connectivity - connectivity plugin for GOsa²
gosa-plugin-dhcp - dhcp plugin for GOsa²
gosa-plugin-dhcp-schema - LDAP schema for GOsa² dhcp plugin
gosa-plugin-dns - dns plugin for GOsa²
gosa-plugin-dns-schema - LDAP schema for GOsa² dns plugin
gosa-plugin-fai - fai plugin for GOsa²
gosa-plugin-fai-schema - LDAP schema for GOsa² fai plugin
gosa-plugin-gofax - gofax plugin for GOsa²
gosa-plugin-gofon - gofon plugin for GOsa²
gosa-plugin-goto - goto plugin for GOsa²
gosa-plugin-kolab - kolab plugin for GOsa²
gosa-plugin-kolab-schema - LDAP schema for GOsa² kolab plugin
gosa-plugin-ldapmanager - ldapmanager plugin for GOsa²
gosa-plugin-mail - base mail plugin for GOsa²
gosa-plugin-mit-krb5 - mit-krb5 plugin for GOsa²
gosa-plugin-mit-krb5-schema - LDAP schema for GOsa² mit-krb5 plugin
gosa-plugin-nagios - nagios plugin for GOsa²
gosa-plugin-nagios-schema - LDAP schema for GOsa² nagios plugin
gosa-plugin-netatalk - netatalk plugin for GOsa²
gosa-plugin-opengroupware - opengroupware plugin for GOsa²
gosa-plugin-openxchange - openxchange plugin for GOsa²
gosa-plugin-openxchange-schema - LDAP schema for GOsa² openxchange plugin
gosa-plugin-opsi - opsi plugin for GOsa²
gosa-plugin-phpgw - phpgw plugin for GOsa²
gosa-plugin-phpgw-schema - LDAP schema for GOsa² phpgw plugin
gosa-plugin-phpscheduleit - phpscheduleit plugin for GOsa²
gosa-plugin-phpscheduleit-schema - LDAP schema for GOsa² phpscheduleit plugin
gosa-plugin-pptp - pptp plugin for GOsa²
gosa-plugin-pptp-schema - LDAP schema for GOsa² pptp plugin
gosa-plugin-pureftpd - pureftpd plugin for GOsa²
gosa-plugin-pureftpd-schema - LDAP schema for GOsa² pureftpd plugin
gosa-plugin-rolemanagement - rolemanagement plugin for GOsa²
gosa-plugin-rsyslog - rsyslog plugin for GOsa²
gosa-plugin-samba - samba3 plugin for GOsa²
gosa-plugin-scalix - scalix plugin for GOsa²
gosa-plugin-squid - squid plugin for GOsa²
gosa-plugin-ssh - ssh plugin for GOsa²
gosa-plugin-ssh-schema - LDAP schema for GOsa² ssh plugin
gosa-plugin-sudo - sudo plugin for GOsa²
gosa-plugin-sudo-schema - LDAP schema for GOsa² sudo plugin
gosa-plugin-systems - systems plugin for GOsa²
gosa-plugin-uw-imap - uw-imap plugin for GOsa²
gosa-plugin-webdav - webdav plugin for GOsa²
gosa-schema - LDAP schema for GOsa
Changes:
gosa (2.7.4+reloaded2-1+deb8u5) jessie-security; urgency=medium
.
* debian/patches:
+ Add 1047_CVE-2019-14466-{1,2}_replace_unserialize_with_json_encode+json_
decode.patch. Replace (un)serialize with json_encode/json_decode to
mitigate PHP object injection.
Checksums-Sha1:
315382a37ac5565a73ea9b6aa1be0f62e32b3967 15371
gosa_2.7.4+reloaded2-1+deb8u5.dsc
bc3749f1ed763d5bab6a6558d76a803931867ac9 14245
gosa_2.7.4+reloaded2.orig-apache2.tar.gz
4cb26a0bc7e9b19b642503718f52eb070bec0f3a 13239
gosa_2.7.4+reloaded2.orig-connectivity.tar.gz
964df02a742168a9d892b4a6d947b11b8bf210f0 53759
gosa_2.7.4+reloaded2.orig-dhcp.tar.gz
b3436e1147cf10c86352885f9a85ad936bc2ed58 42732
gosa_2.7.4+reloaded2.orig-dns.tar.gz
d32cb8123d9b756b64ae8dfd5291eb732f6aea2f 254412
gosa_2.7.4+reloaded2.orig-fai.tar.gz
37025022b3b1e1782b386f07c9131ea1078aa5f4 71639
gosa_2.7.4+reloaded2.orig-gofax.tar.gz
bfbaacd307d42ebdb4bac9106a6cc343c0cf3530 189055
gosa_2.7.4+reloaded2.orig-gofon.tar.gz
Accepted fusiondirectory 1.0.8.2-5+deb8u2 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 10 Aug 2019 03:55:29 +0200 Source: fusiondirectory Binary: fusiondirectory fusiondirectory-schema fusiondirectory-smarty3-acl-render fusiondirectory-plugin-addressbook fusiondirectory-plugin-alias fusiondirectory-plugin-alias-schema fusiondirectory-plugin-apache2 fusiondirectory-plugin-apache2-schema fusiondirectory-plugin-argonaut fusiondirectory-plugin-argonaut-schema fusiondirectory-plugin-autofs fusiondirectory-plugin-autofs-schema fusiondirectory-plugin-asterisk fusiondirectory-plugin-asterisk-schema fusiondirectory-plugin-dashboard fusiondirectory-plugin-dashboard-schema fusiondirectory-plugin-cyrus fusiondirectory-plugin-cyrus-schema fusiondirectory-plugin-database-connector fusiondirectory-plugin-debconf fusiondirectory-plugin-debconf-schema fusiondirectory-plugin-desktop-management fusiondirectory-plugin-desktop-management-schema fusiondirectory-plugin-developers fusiondirectory-plugin-dhcp fusiondirectory-plugin-dhcp-schema fusiondirectory-plugin-dns fusiondirectory-plugin-dns-schema fusiondirectory-plugin-dovecot fusiondirectory-plugin-dovecot-schema fusiondirectory-plugin-dsa fusiondirectory-plugin-dsa-schema fusiondirectory-plugin-fai fusiondirectory-plugin-fai-schema fusiondirectory-plugin-fax fusiondirectory-plugin-fax-schema fusiondirectory-plugin-freeradius fusiondirectory-plugin-freeradius-schema fusiondirectory-plugin-game fusiondirectory-plugin-gpg fusiondirectory-plugin-gpg-schema fusiondirectory-plugin-fusioninventory fusiondirectory-plugin-fusioninventory-schema fusiondirectory-plugin-ipmi fusiondirectory-plugin-ipmi-schema fusiondirectory-plugin-kolab fusiondirectory-plugin-kolab-schema fusiondirectory-plugin-ldapdump fusiondirectory-plugin-ldapmanager fusiondirectory-plugin-mail fusiondirectory-plugin-mail-schema fusiondirectory-plugin-nagios fusiondirectory-plugin-nagios-schema fusiondirectory-plugin-netgroups fusiondirectory-plugin-netgroups-schema fusiondirectory-plugin-openstack-compute fusiondirectory-plugin-openstack-compute-schema fusiondirectory-plugin-puppet fusiondirectory-plugin-puppet-schema fusiondirectory-plugin-opsi fusiondirectory-plugin-opsi-schema fusiondirectory-plugin-pureftpd fusiondirectory-plugin-pureftpd-schema fusiondirectory-plugin-quota fusiondirectory-plugin-quota-schema fusiondirectory-plugin-repository fusiondirectory-plugin-repository-schema fusiondirectory-plugin-rsyslog fusiondirectory-plugin-samba fusiondirectory-plugin-samba-schema fusiondirectory-plugin-sogo fusiondirectory-plugin-sogo-schema fusiondirectory-plugin-squid fusiondirectory-plugin-squid-schema fusiondirectory-plugin-ssh fusiondirectory-plugin-ssh-schema fusiondirectory-plugin-sudo fusiondirectory-plugin-sudo-schema fusiondirectory-plugin-supann fusiondirectory-plugin-supann-schema fusiondirectory-plugin-sympa fusiondirectory-plugin-sympa-schema fusiondirectory-plugin-systems fusiondirectory-plugin-systems-schema fusiondirectory-plugin-uw-imap fusiondirectory-plugin-weblink fusiondirectory-plugin-weblink-schema fusiondirectory-plugin-webservice fusiondirectory-plugin-webservice-schema fusiondirectory-webservice-shell fusiondirectory-theme-oxygen Architecture: source all Version: 1.0.8.2-5+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: FusionDirectory packages maintainers group Changed-By: Mike Gabriel Description: fusiondirectory - Web Based LDAP Administration Program fusiondirectory-plugin-addressbook - addressbook plugin for FusionDirectory fusiondirectory-plugin-alias - alias plugin for FusionDirectory fusiondirectory-plugin-alias-schema - LDAP schema for FusionDirectory alias plugin fusiondirectory-plugin-apache2 - Apache virtualhost plugin for FusionDirectory fusiondirectory-plugin-apache2-schema - LDAP schema for FusionDirectory apache2 plugin fusiondirectory-plugin-argonaut - Argonaut plugin for FusionDirectory fusiondirectory-plugin-argonaut-schema - LDAP schema for FusionDirectory Argonaut plugin fusiondirectory-plugin-asterisk - gofon plugin for FusionDirectory fusiondirectory-plugin-asterisk-schema - LDAP schema for FusionDirectory asterisk plugin fusiondirectory-plugin-autofs - autofs plugin for FusionDirectory fusiondirectory-plugin-autofs-schema - LDAP schema for FusionDirectory autofs plugin fusiondirectory-plugin-cyrus - cyrus plugin for FusionDirectory fusiondirectory-plugin-cyrus-schema - LDAP schema for FusionDirectory cyrus plugin fusiondirectory-plugin-dashboard - board plugin for FusionDirectory fusiondirectory-plugin-dashboard-schema - LDAP schema for FusionDirectory board plugin fusiondirectory-plugin-database-connector - database plugin for FusionDirectory fusiondirectory-plugin-debconf - Debconf plugin for FusionDirectory fusiondirectory-plugin-debconf-schema - LDAP schema for FusionDirectory Debconf Plugin fusiondirectory-plugin-desktop-management - desktop management plugin
Accepted gosa 2.7.4+reloaded2-1+deb8u4 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 10 Aug 2019 04:20:39 +0200 Source: gosa Binary: gosa gosa-dev gosa-desktop gosa-schema gosa-help-en gosa-help-de gosa-help-fr gosa-help-nl gosa-plugin-connectivity gosa-plugin-dhcp gosa-plugin-dhcp-schema gosa-plugin-dns gosa-plugin-dns-schema gosa-plugin-fai gosa-plugin-fai-schema gosa-plugin-gofax gosa-plugin-gofon gosa-plugin-goto gosa-plugin-kolab gosa-plugin-kolab-schema gosa-plugin-ldapmanager gosa-plugin-mail gosa-plugin-mit-krb5 gosa-plugin-mit-krb5-schema gosa-plugin-nagios gosa-plugin-nagios-schema gosa-plugin-netatalk gosa-plugin-opengroupware gosa-plugin-openxchange gosa-plugin-openxchange-schema gosa-plugin-opsi gosa-plugin-phpgw gosa-plugin-phpgw-schema gosa-plugin-phpscheduleit gosa-plugin-phpscheduleit-schema gosa-plugin-pptp gosa-plugin-pptp-schema gosa-plugin-pureftpd gosa-plugin-pureftpd-schema gosa-plugin-rolemanagement gosa-plugin-rsyslog gosa-plugin-samba gosa-plugin-scalix gosa-plugin-squid gosa-plugin-ssh gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema gosa-plugin-systems gosa-plugin-uw-imap gosa-plugin-webdav Architecture: source all Version: 2.7.4+reloaded2-1+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Debian Edu Packaging Team Changed-By: Mike Gabriel Description: gosa - Web Based LDAP Administration Program gosa-desktop - Desktop integration for GOsa² gosa-dev - GOsa² development utilities gosa-help-de - German online help for GOsa² gosa-help-en - English online help for GOsa gosa-help-fr - French online help for GOsa² gosa-help-nl - Dutch online help for GOsa gosa-plugin-connectivity - connectivity plugin for GOsa² gosa-plugin-dhcp - dhcp plugin for GOsa² gosa-plugin-dhcp-schema - LDAP schema for GOsa² dhcp plugin gosa-plugin-dns - dns plugin for GOsa² gosa-plugin-dns-schema - LDAP schema for GOsa² dns plugin gosa-plugin-fai - fai plugin for GOsa² gosa-plugin-fai-schema - LDAP schema for GOsa² fai plugin gosa-plugin-gofax - gofax plugin for GOsa² gosa-plugin-gofon - gofon plugin for GOsa² gosa-plugin-goto - goto plugin for GOsa² gosa-plugin-kolab - kolab plugin for GOsa² gosa-plugin-kolab-schema - LDAP schema for GOsa² kolab plugin gosa-plugin-ldapmanager - ldapmanager plugin for GOsa² gosa-plugin-mail - base mail plugin for GOsa² gosa-plugin-mit-krb5 - mit-krb5 plugin for GOsa² gosa-plugin-mit-krb5-schema - LDAP schema for GOsa² mit-krb5 plugin gosa-plugin-nagios - nagios plugin for GOsa² gosa-plugin-nagios-schema - LDAP schema for GOsa² nagios plugin gosa-plugin-netatalk - netatalk plugin for GOsa² gosa-plugin-opengroupware - opengroupware plugin for GOsa² gosa-plugin-openxchange - openxchange plugin for GOsa² gosa-plugin-openxchange-schema - LDAP schema for GOsa² openxchange plugin gosa-plugin-opsi - opsi plugin for GOsa² gosa-plugin-phpgw - phpgw plugin for GOsa² gosa-plugin-phpgw-schema - LDAP schema for GOsa² phpgw plugin gosa-plugin-phpscheduleit - phpscheduleit plugin for GOsa² gosa-plugin-phpscheduleit-schema - LDAP schema for GOsa² phpscheduleit plugin gosa-plugin-pptp - pptp plugin for GOsa² gosa-plugin-pptp-schema - LDAP schema for GOsa² pptp plugin gosa-plugin-pureftpd - pureftpd plugin for GOsa² gosa-plugin-pureftpd-schema - LDAP schema for GOsa² pureftpd plugin gosa-plugin-rolemanagement - rolemanagement plugin for GOsa² gosa-plugin-rsyslog - rsyslog plugin for GOsa² gosa-plugin-samba - samba3 plugin for GOsa² gosa-plugin-scalix - scalix plugin for GOsa² gosa-plugin-squid - squid plugin for GOsa² gosa-plugin-ssh - ssh plugin for GOsa² gosa-plugin-ssh-schema - LDAP schema for GOsa² ssh plugin gosa-plugin-sudo - sudo plugin for GOsa² gosa-plugin-sudo-schema - LDAP schema for GOsa² sudo plugin gosa-plugin-systems - systems plugin for GOsa² gosa-plugin-uw-imap - uw-imap plugin for GOsa² gosa-plugin-webdav - webdav plugin for GOsa² gosa-schema - LDAP schema for GOsa Changes: gosa (2.7.4+reloaded2-1+deb8u4) jessie-security; urgency=medium . * debian/patches: + Add 1046_CVE-2019-11187_stricter-ldap-error-check.patch. Perform stricter check on LDAP success/failure (CVE-2019-11187). Checksums-Sha1: 99a1c9f5061fe060395009ca50b14cf7f397912d 15371 gosa_2.7.4+reloaded2-1+deb8u4.dsc 09172e1a887573cb36fa8380cdcde3fcd8012464 40524 gosa_2.7.4+reloaded2-1+deb8u4.debian.tar.xz 1ec160ed5257fe0f45a0162674f6589a18af5c0e 1152966 gosa_2.7.4+reloaded2-1+deb8u4_all.deb 1022a1e7415120da15b3567620333f95ad5902e3 39838 gosa-dev_2.7.4+reloaded2-1+deb8u4_all.deb abb500753ab8175421b5571de22501b060facedb 35108 gosa-desktop_2.7.4+reloaded2-1+deb8u4_all.deb 4846f817f0c9b6a1682507e6b4e9454c0f7b 46082 gosa-schema_2.7.4+reloaded2-1+deb8u4_all.deb e082c6621e2b198da5192ee09472fe3a3ed7b24a 57752 gosa-help-en_2.7.4+reloaded2-1+deb8u4_all.deb 72110ec7950711e7888d32a3f560780fe437ccc4 80268 gosa-help-de_2.7.4+reloaded2-1+deb8u4_all.deb 32b017c4ec08ebe162016814622546bfeab9a079 63298
Accepted glib2.0 2.42.1-1+deb8u3 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 05 Aug 2019 20:58:34 +0200 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam libglib2.0-0-refdbg Architecture: source all amd64 Version: 2.42.1-1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Mike Gabriel Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-0-refdbg - GLib library of C routines - refdbg library libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 933877 Changes: glib2.0 (2.42.1-1+deb8u3) jessie-security; urgency=medium . * CVE-2019-13012: Update CVE-2019-13012-1.patch. Fix memleak regression spotted by Simon McVittie. (Closes: #933877). Checksums-Sha1: a871cd4ad1891c43be9f0fd52ba57fb565255620 3190 glib2.0_2.42.1-1+deb8u3.dsc 1a89dc6b5ad140e2d8bc6f5f84f7f6dc39c76964 71104 glib2.0_2.42.1-1+deb8u3.debian.tar.xz 5eb88779ab59dcecbe68948657b06b036152eca0 2172340 libglib2.0-data_2.42.1-1+deb8u3_all.deb 13bbc9b121875ed1b718d7c855162393bd85c3a6 2658882 libglib2.0-doc_2.42.1-1+deb8u3_all.deb 64c9c38da3ae8b3a012f705771e60721a2bf3785 2400238 libglib2.0-0_2.42.1-1+deb8u3_amd64.deb 0df5ccff94b3ee7d18dceae98fcef585d8ae26e7 2248874 libglib2.0-tests_2.42.1-1+deb8u3_amd64.deb 0b3a37adc082ca2e110af51cd42e40bb977eac39 1849232 libglib2.0-udeb_2.42.1-1+deb8u3_amd64.udeb cc565414c63a539e7291dfb388cd49d56cee150e 1335428 libglib2.0-bin_2.42.1-1+deb8u3_amd64.deb 7c00610f399ad5de7ed5a4038445d49d7dd1862f 2641822 libglib2.0-dev_2.42.1-1+deb8u3_amd64.deb b6d07b8a370bfa14c72fa6b7deda0e62632335c8 6807594 libglib2.0-0-dbg_2.42.1-1+deb8u3_amd64.deb d7cbd3844e628058865e21e017fe61f0dd3d15ba 1675044 libglib2.0-0-refdbg_2.42.1-1+deb8u3_amd64.deb Checksums-Sha256: 264c7a3c38289154d104d5f1a8bb1fc7b527ed55801db871b18d5f1d0ce78617 3190 glib2.0_2.42.1-1+deb8u3.dsc c1f4e14d8c5640838203e680ff9f2a547464a42e927a9525fabea0ae722b2113 71104 glib2.0_2.42.1-1+deb8u3.debian.tar.xz ca30af4265ccbc91ca6ecdd994ccb633f2e3d2231bc4074178cedc0a1244fcc3 2172340 libglib2.0-data_2.42.1-1+deb8u3_all.deb c13d8213aa4f57b799627d64babe30c1e0436e3368be4b702576172f1d092eac 2658882 libglib2.0-doc_2.42.1-1+deb8u3_all.deb 2ee4b774e086a19cd242ba3ee9ba856585f0fa3c99de0ac3600ae0fc1457a7af 2400238 libglib2.0-0_2.42.1-1+deb8u3_amd64.deb 5f9f61b6af699ed37b93f48c54f2a1204b2b42981df38f62f48d36b963329191 2248874 libglib2.0-tests_2.42.1-1+deb8u3_amd64.deb 85201c75153f7f43ff4d281c05cd8a747b806f282f4afb14b0f571f03701882f 1849232 libglib2.0-udeb_2.42.1-1+deb8u3_amd64.udeb 51d4ffc395271dc9bfc7ca2b193f5ee83122569af0c08e5299826bd45da60932 1335428 libglib2.0-bin_2.42.1-1+deb8u3_amd64.deb 5beaeb6f870e7a803bb95b028c1c64189998e280c75971c61f468e8eb42d42b2 2641822 libglib2.0-dev_2.42.1-1+deb8u3_amd64.deb a7ed2bfc2a059e669f5e23d74f3611c7816f645e96796571414f057a2843bf0b 6807594 libglib2.0-0-dbg_2.42.1-1+deb8u3_amd64.deb 93b8020f8f416777cd5e8d03d5f05edfac9c9d3a53a2cd9c0d9ef138a059ab96 1675044 libglib2.0-0-refdbg_2.42.1-1+deb8u3_amd64.deb Files: eacabcab29e976793174d6b9756a726d 3190 libs optional glib2.0_2.42.1-1+deb8u3.dsc 9c3a63187f81878be777e8779550137e 71104 libs optional glib2.0_2.42.1-1+deb8u3.debian.tar.xz 494a23f752cf3b57f6c1d63b7becd7e7 2172340 libs optional libglib2.0-data_2.42.1-1+deb8u3_all.deb 4289242936e1a042babde8f513992d4e 2658882 doc optional libglib2.0-doc_2.42.1-1+deb8u3_all.deb 2369938abda51686ecea7f37061d7a0b 2400238 libs optional libglib2.0-0_2.42.1-1+deb8u3_amd64.deb 7884eee9d3f7e91515705f6d93be6d3d 2248874 libs optional libglib2.0-tests_2.42.1-1+deb8u3_amd64.deb 338b63287a8757297e6cc3e533c9ea6c 1849232 debian-installer optional libglib2.0-udeb_2.42.1-1+deb8u3_amd64.udeb 887ab358d348236b6fb9aa91c535d875 1335428 misc optional libglib2.0-bin_2.42.1-1+deb8u3_amd64.deb 2762b1254574b9d07e55065f66a39b7e 2641822 libdevel optional libglib2.0-dev_2.42.1-1+deb8u3_amd64.deb 72c9ef3ed7482fa3970c906215df9fd0 6807594 debug extra libglib2.0-0-dbg_2.42.1-1+deb8u3_amd64.deb 6598c1ed414d31cb47f600dfe810418f 1675044 debug extra libglib2.0-0-refdbg_2.42.1-1+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1IkAQVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxOAkP/i2ZugmR8unlHtaCxkLDZLDlFKgz 5kDH3Fg04NppuZ/gR+pCx9eDK20wcnMoN/hICuotSIho6lNu4CN0IvFqUchVvCSa WXaLPgl94UCKh7C9f2/wJjrww7jRhe9NYW+l+tc+Acf4T4xCWfVKmQ82V8XYZRg6 BE0x/CGBSR3Lw83mJyV4gD0Xt1fPcbjPuo/elv5J545e2JjeN+5RHUIcDmY1siEl
Accepted wpa 2.3-1+deb8u8 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 31 Jul 2019 22:44:37 +0200 Source: wpa Binary: hostapd wpagui wpasupplicant wpasupplicant-udeb Architecture: source amd64 Version: 2.3-1+deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian wpasupplicant Maintainers Changed-By: Mike Gabriel Description: hostapd- IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator wpagui - graphical user interface for wpa_supplicant wpasupplicant - client support for WPA and WPA2 (IEEE 802.11i) wpasupplicant-udeb - Client support for WPA and WPA2 (IEEE 802.11i) (udeb) Closes: 927463 Changes: wpa (2.3-1+deb8u8) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. . * CVE-2019-9495: only partial mitigation feasible for this wpa version + 2019-2/0001-OpenSSL-Use-constant-time-operations-for-private-big.patch + FIXME: too invasive to backport (or for someone with more time+expertise): [2019-2/0002-Add-helper-functions-for-constant-time-operations.patch] [2019-2/0003-OpenSSL-Use-constant-time-selection-for-crypto_bignu.patch] [2019-2/0004-EAP-pwd-Use-constant-time-and-memory-access-for-find.patch] + For more details, see https://w1.fi/security/2019-2/. . * Upstream cherry-picks: + Pick 2019-4/0001-Add-crypto_ec_point_cmp.patch, required for applying 2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch [2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch] . * CVE-2019-9498 (partial): + 2019-4/0011-EAP-pwd-server-Verify-received-scalar-and-element.patch * CVE-2019-9497: + 2019-4/0012-EAP-pwd-server-Detect-reflection-attacks.patch * CVE-2019-9499 (partial): + 2019-4/0013-EAP-pwd-client-Verify-received-scalar-and-element.patch * CVE-2019-9498 + CVE-2019-9499 (FIXME): + too invasive to backport (or for someone with more time+expertise): [2019-4/0014-EAP-pwd-Check-element-x-y-coordinates-explicitly.patch] . * CVE-2019-11555 (Closes: #927463): + 2019-5/0001-EAP-pwd-server-Fix-reassembly-buffer-handling.patch + 2019-5/0003-EAP-pwd-peer-Fix-reassembly-buffer-handling.patch . * debian/rules: Forcefully enable compilation of the ECC code (NEED_ECC=y). Checksums-Sha1: 25a0c7541997367a59fa894ad6dc59666e0f47b8 2542 wpa_2.3-1+deb8u8.dsc f6fe1be17cabb673214554bce484210475ef1e9b 106176 wpa_2.3-1+deb8u8.debian.tar.xz 1f8a7e23d56849fe1883719ab5e90b6eef410c42 542120 hostapd_2.3-1+deb8u8_amd64.deb 2fd732a2d21b90ff2d5f6e5adc17012f09a1d5ee 346400 wpagui_2.3-1+deb8u8_amd64.deb 09bf8e319616cdc42d49c1d683a4a9d2f3b2cf8d 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb 46103186388df9e4d213f0fa89bde048ee4469e9 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb Checksums-Sha256: 97681591351f0202fef995ea99c8539005eef798af2800f020bae48020fb4c9b 2542 wpa_2.3-1+deb8u8.dsc 1b704d1b66bc0afbc557424f07da94e9933cbd5be86af3c44179d5be570ee956 106176 wpa_2.3-1+deb8u8.debian.tar.xz eb4cf6f99d14205c902d55f3aa85fa861a9020e11f0fc08b2eff68512066140b 542120 hostapd_2.3-1+deb8u8_amd64.deb b27cae3918e00b67bad81573808b2c95fce468956fb9f49edec69eacaea51733 346400 wpagui_2.3-1+deb8u8_amd64.deb ef607cedeeac2814473f7cc056776c4caa3e85c5e84b5af74289a0b566e4ffe2 919484 wpasupplicant_2.3-1+deb8u8_amd64.deb 6b57333a77dd1a1c6ede53529959a7d3522f87fc8f13b54f632757eaae358535 223632 wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb Files: 1ca7cbac88e8eca578c5a3a87f1e309b 2542 net optional wpa_2.3-1+deb8u8.dsc 049d1770d947c77c0d982ae7cf8abaf7 106176 net optional wpa_2.3-1+deb8u8.debian.tar.xz 7d0d222090fc77e10a018a1e236446c0 542120 net optional hostapd_2.3-1+deb8u8_amd64.deb 455eed6db71e5798e538ef8efffb6fe9 346400 net optional wpagui_2.3-1+deb8u8_amd64.deb 1b6cfc7ff176f703de94ce419d56edf3 919484 net optional wpasupplicant_2.3-1+deb8u8_amd64.deb 0c8144990550efc5c1d44553c213c9b9 223632 debian-installer standard wpasupplicant-udeb_2.3-1+deb8u8_amd64.udeb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1CCncVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxgLoP/RjogEy+y022iSrQuJ965qP+SqQW GURQILqmHEbPNoqJXbvghg88tmwOUK4Kod9e3vQnYd5xuYlIKQr33S6Kt+0wQI0b kRPdZX7q7YOCJwW9UkeQxoF6+F9p5vFqwnoq+p9W2aBtqfJL5i+xURpY2By1lZ4Z 2ch4j7ajPLUXLouTtKLfjYXwcOq3FOoDB0pZtpvcSbp9Q84xRPyRqwXSIWJrMn9g Aqijx7000bqKamHETYi490O1QI7yWbPCGYDxjArsdj8y2F+jK3AFlET8zNsBFQEu aq7XSIOuh6pTW8RPdfWfAOpKZp++bc6t98vX3wmr7KNeGmbcyBy/btK9HvjO0BWz 1gOcWmieTWF2P4SDbImv4tWyQ10nZ5BDxeJCTMuBFq3GYV1mkLotE+tWrFQah/LD Xf0IupPkjHP5QpiIlfhayWTbwMBr60vGK4bKRYY5k4zjoy/bLhrtm8XzWvPqBrxH aEzuKVzpZvAcFxEZgBEYc4ldsWwICccwft5Z9eJ0WlnPqNuT2PPUL4QYnw1ylJrc dbQBb8ajXEsfVQECqjuBMcxVSGGvHkJ57msbmnJ7xnOeKXkWWQZKXqzvX6t+eH/d 4f66mg5zmk8iHgmQq/tkUIZNhiXaMZqtJRUh2Q/UWf9h+cpfUAj1XhA5IQJvchml Si/vjXoYbwHdTKJ3 =jY7m -END PGP SIGNATURE-
Accepted glib2.0 2.42.1-1+deb8u2 (source all amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jul 2019 21:33:27 +0200 Source: glib2.0 Binary: libglib2.0-0 libglib2.0-tests libglib2.0-udeb libglib2.0-bin libglib2.0-dev libglib2.0-0-dbg libglib2.0-data libglib2.0-doc libgio-fam libglib2.0-0-refdbg Architecture: source all amd64 Version: 2.42.1-1+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian GNOME Maintainers Changed-By: Mike Gabriel Description: libgio-fam - GLib Input, Output and Streaming Library (fam module) libglib2.0-0 - GLib library of C routines libglib2.0-0-dbg - Debugging symbols for the GLib libraries libglib2.0-0-refdbg - GLib library of C routines - refdbg library libglib2.0-bin - Programs for the GLib library libglib2.0-data - Common files for GLib library libglib2.0-dev - Development files for the GLib library libglib2.0-doc - Documentation files for the GLib library libglib2.0-tests - GLib library of C routines - installed tests libglib2.0-udeb - GLib library of C routines - minimal runtime (udeb) Closes: 931234 Changes: glib2.0 (2.42.1-1+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-16428: gmarkup: Fix crash in error handling path for closing elements. * CVE-2018-16429: gmarkup: Fix unvalidated UTF-8 read in markup parsing error paths. * CVE-2019-13012: keyfile settings: Use tighter permissions. (Closes: #931234). Checksums-Sha1: af6a8f193794ecd9314a366b88a71629b058ffcf 3190 glib2.0_2.42.1-1+deb8u2.dsc 67f245dda369046c9830d58f8758e1c3f4453db2 70972 glib2.0_2.42.1-1+deb8u2.debian.tar.xz b3cc655624c5d44b5cd7028af9c5e6250c383571 2172070 libglib2.0-data_2.42.1-1+deb8u2_all.deb ed2d29e4c6da51b05c834ebdb47ac7f1a8cc3623 2658912 libglib2.0-doc_2.42.1-1+deb8u2_all.deb 8ed3fcb32e59b820de03538d1034d690b8854dc8 2399588 libglib2.0-0_2.42.1-1+deb8u2_amd64.deb 07d353538d852c15d0c4290b3cd208325671fd10 2248674 libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb f1022b994097b44312b26197607a3ecfd03f2c43 1846094 libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 1d050e589fa72eca304dca0fecec653b014a997c 1335314 libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb c8b091b1d27ad29768a28342c6ff0506f87ce0af 2642332 libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 176ac52f4ea4fb4d54cfaafd96cebd2b8f9d5a0c 6805606 libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb c6390fb8121e565fe9c6d6a14257e0031b6eb0fc 1674796 libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb Checksums-Sha256: eba7e0b10c9e4d40446a3def3099c070e939dd3fc05050503b163e075612e6e3 3190 glib2.0_2.42.1-1+deb8u2.dsc 8047bf3c7b701a873ec773cef551f44ccfc473aea7eae3004d09cd2bd1e4c09e 70972 glib2.0_2.42.1-1+deb8u2.debian.tar.xz 82f594a69a6407cc7682aabb4c4f882430e71d6a719739cbf2b65dcc002f60ef 2172070 libglib2.0-data_2.42.1-1+deb8u2_all.deb 6a8c59fdf5af021b78234acf71bc1ce690a7551c44341269cfe5f70eacf479ee 2658912 libglib2.0-doc_2.42.1-1+deb8u2_all.deb a220e615d5d59150444c4ee10d267f025b3561d3ae52619123c34232b97fd033 2399588 libglib2.0-0_2.42.1-1+deb8u2_amd64.deb c91c068c90c11a3cebd9c04b73d7409bb1481cfc9b5e5db2d6de65c35b305651 2248674 libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb 5a197f8b7460ebcd09b17dcc5630dc42edbbd0c477ab4d1d83a4e52225d0aeb2 1846094 libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 0f3f088e2a66ee7aaa38cb6fdf7709d8afe488c8ede963eb59bb031d5738f6ed 1335314 libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb 2af4533899482c826ba3d64ca5bdb5c4db03959cdcce3ec22146594cae8d99f5 2642332 libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 5570968f288b6ada75733252198bf49b4c5e7eb29e66115bfbec0b6bf00041e3 6805606 libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb bd3b1f096d4c52f37e7643580dd0d385143ab78093afb8f9269e17dc6d28dbe4 1674796 libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb Files: ea49ef7f98d5f20c0ae870eddd02ad63 3190 libs optional glib2.0_2.42.1-1+deb8u2.dsc 9a5ad4264ead70409426f31e99e95978 70972 libs optional glib2.0_2.42.1-1+deb8u2.debian.tar.xz aec1ce037f5435ab7329778f44047b01 2172070 libs optional libglib2.0-data_2.42.1-1+deb8u2_all.deb dc5bd9ccbba3f7baf10a42818be55dfe 2658912 doc optional libglib2.0-doc_2.42.1-1+deb8u2_all.deb 688cd5aaf7bc6d754d253a00b7e9769a 2399588 libs optional libglib2.0-0_2.42.1-1+deb8u2_amd64.deb 51bcc4d54cd5e4a2b8f828730a3d2e67 2248674 libs optional libglib2.0-tests_2.42.1-1+deb8u2_amd64.deb aa898ba5869c2720828a8fa3187e4cad 1846094 debian-installer optional libglib2.0-udeb_2.42.1-1+deb8u2_amd64.udeb 35b3aa3fe85c9e1346947d1cd7417fdf 1335314 misc optional libglib2.0-bin_2.42.1-1+deb8u2_amd64.deb 57c7bad5e856d2adeb52fa02194dfcba 2642332 libdevel optional libglib2.0-dev_2.42.1-1+deb8u2_amd64.deb 0e8582282735c862c151023bffebaa59 6805606 debug extra libglib2.0-0-dbg_2.42.1-1+deb8u2_amd64.deb d9f58734cfa2f90fa6c7ea9f1357eb1f 1674796 debug extra libglib2.0-0-refdbg_2.42.1-1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1BsTIVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxvhgP/ikSsvVvJPSREGmaV0Ry/YP40/mM
Accepted libssh2 1.4.3-4.1+deb8u5 (source) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jul 2019 15:38:25 +0200 Source: libssh2 Architecture: source Version: 1.4.3-4.1+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Mikhail Gusarov Changed-By: Mike Gabriel Changes: libssh2 (1.4.3-4.1+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-3860: - Drop functionally duplicate if-clause. Backporting artifact. - Add CVE-2019-3860-2, CVE-2019-3860-3 and CVE-2019-3860-4 patches: Backporting more boundary checks, fixing error result code (LIBSSH2_ERROR_BUFFER_TOO_SMALL instead of LIBSSH2_ERROR_OUT_OF_BOUNDARY). Checksums-Sha1: 672b0fd74006dd7276be5e6f74512f0a35a93e5b 1928 libssh2_1.4.3-4.1+deb8u5.dsc 0cb27c2acef11af3bb8ec4f4a093fe11b8753a3b 21604 libssh2_1.4.3-4.1+deb8u5.debian.tar.xz a1728828ceb25821cffa4cdc9a08242fed75660b 6060 libssh2_1.4.3-4.1+deb8u5_source.buildinfo Checksums-Sha256: 868c726083fa684919aacf88a4384a0457ba6a931d2582db9f32c320b6c0a1ba 1928 libssh2_1.4.3-4.1+deb8u5.dsc 8c0347bf417e8008792eaaf9eb2ce9e0c6bce88c97de0c47c04c8dea1176fa7a 21604 libssh2_1.4.3-4.1+deb8u5.debian.tar.xz 012a0f89e9e973f82c1dc02dd071dada82d28868a1da5e22a9f5df8e51675de5 6060 libssh2_1.4.3-4.1+deb8u5_source.buildinfo Files: 4c112f5aee1d6da81160e8c63d237dda 1928 libs optional libssh2_1.4.3-4.1+deb8u5.dsc fbff80c239f62a31f2399b3ecb507688 21604 libs optional libssh2_1.4.3-4.1+deb8u5.debian.tar.xz 4295838b6f4c9868420ce019c0415133 6060 libs optional libssh2_1.4.3-4.1+deb8u5_source.buildinfo -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1AnCEVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx0RYQAKicV90k9UvYjdCseEo1pDn4mAxm +5LdUMEzjg6HwGrKAQ8Er7OO2gBKhHFXbixtrZXjuV86E9YACih8IMFtbO5Ada+E w2XnSZFyuXlHoPm5Apb94MpkIC/Bk5WzWamgXnY5rFp6nw9FO7BIVPImf4cvdKgM Flz5Uxnfp5r4nWJv5UNiyb0NQdX/oKd3YfaYON74MIV2xTlUxPH/aa7P6bZlhqxW x3tG63jRS1X7Xq6bO6JpDWwESDaCv+n159SbhPTDlI1O8yPVxQ+zMdVDlr4fQGDu FYGe/KrwcOth2SNQItUGY0b/XG634Lh5/Sb8VohcfheUzIxyuDOtWBb0Pfr42Aph LFHe9+9pdJzz86fPcvKtnNyOVjoANHjK4KRQIwzC6i7cVaXCi1z7Xhmu0acWE0r9 7+EwMt05zi9R+nc2oWKRIHTv7p6audI9HLWH+WtXgNQ89VHxEhZHDkfwsRpAb846 KNy3oDOMkF1L3d8AwUj9bdopTnJY0wlWPRSGHKMKUnjtKOqpMHGypOVyh20MUWD8 oylwtrn/pGyTV7D1MBAjkF9l2abPP43m+kUga7+Zked9dJn4fO4VBU+kfSP+KDfx e4f5mCWOdZ8QGTBQMNSoj2gmsGz7b4UWw1AGqiwvnvmzFL7uGx90A34eNW/OsVK0 egmVM1k9wghgynFU =yiZG -END PGP SIGNATURE-
Accepted libssh2 1.4.3-4.1+deb8u4 (source amd64) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 24 Jul 2019 23:52:01 +0200 Source: libssh2 Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg Architecture: source amd64 Version: 1.4.3-4.1+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Mikhail Gusarov Changed-By: Mike Gabriel Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Changes: libssh2 (1.4.3-4.1+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-3859: - CVE-2019-3859 (+ CVE-2019-13115): Correctly check key_state data length in kex_method_diffie_hellman_group_exchange_sha1_key_exchange() in kex.c. Avoid various signedness flaws introduced by the initial fix(es) around CVE-2019-3859 (regression CVE registered as CVE-2019-13115). - Add CVE-2019-3859-4_channel-c.patch and CVE-2019-3859-5_userauth-c.patch. Derived by manually comparing upstream security fix commit dc109a7f518757741590bb993c0c8412928ccec2 against what we had in Debian jessie LTS's versions of libssh2, so far. - This completes a series of fixes unfortunately only partially provided in earlier security uploads of libssh2 to Debian jessie LTS. Due to non-optimal CVE documentation and the manifold of upstream security changes before libssh2 1.9, it hasn't been easy to identify all necessary changes to fix the recent CVEs (2019-3855 - 2019-3863). Furthermore, for a non-upstream dev it has neither been easy to identify which upstream fix was for which CVE. * Add additional-bounds-checks-in-diffie_hellman_sha1.patch. Additional bound checks in diffie_hellman_sha1. Checksums-Sha1: 8d641aeee99e8b794f55e1687cb66e3f7e35911e 1928 libssh2_1.4.3-4.1+deb8u4.dsc b99bd9b745257afff48c4d57ffd6a84be817 20156 libssh2_1.4.3-4.1+deb8u4.debian.tar.xz de3d5ec45b0e3d3e84d4b4f1471715c053bd4b30 128178 libssh2-1_1.4.3-4.1+deb8u4_amd64.deb 0dea0a00985e1b34de5b3a959d5921616b01f7e5 292814 libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb 88b785b3b63ea72d5aa8f84076064a71ef11cb4f 234494 libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb Checksums-Sha256: d1a376b374716428beacaea56183aa5e266dcb62541b4b92017315eecf379478 1928 libssh2_1.4.3-4.1+deb8u4.dsc e56f275f519e4dd268684c9b64954913858768c1aeed490dd201638ef1e57c42 20156 libssh2_1.4.3-4.1+deb8u4.debian.tar.xz cf343318fb491b04efc7fc02e545c477c03a5ae524fd117e150736db394ad46b 128178 libssh2-1_1.4.3-4.1+deb8u4_amd64.deb 820e93fd3f120ad794be81626482e2cc531c3d80aaeb75dfb0d95d0c70dd17e1 292814 libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb 10a77e1c552a65089aef2f5648bd1c167681b51390629e670896483d59b973c4 234494 libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb Files: 95886648f8f3bb10dffaee8697e2a596 1928 libs optional libssh2_1.4.3-4.1+deb8u4.dsc 3e640ffb7928640320fccaab24869715 20156 libs optional libssh2_1.4.3-4.1+deb8u4.debian.tar.xz 188105456864a29804481c65a97a0ca1 128178 libs optional libssh2-1_1.4.3-4.1+deb8u4_amd64.deb dd779d89c0c7bf03b219c58ec4e7b321 292814 libdevel optional libssh2-1-dev_1.4.3-4.1+deb8u4_amd64.deb 3c9c2c9c9d0088fe9a482fbe83b4be3e 234494 debug extra libssh2-1-dbg_1.4.3-4.1+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl058/sVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxyIQQAJHYrpCejc0FxeFLAKqG9wq8M2hw 2pFhG7OzTDXNHPsInOkJe1usgwoEuylI1dDwGcLIRK+T2UseWGwuEay1Nng4kMdW xX5wP3VFt5AVgVgmOshZXJ0VK1lFdgMoyeJrUwiwS3a0QLUsabb/NosbT1yKS2de N/jE3f7uc5qDjUmjvrlSBfAEDz9U3/S5B80F0T0SE472oApgdV37ft+wH8sTajDf +XP9uQdxmkcwmyzjelKzsY3sAVt5v56R448ZAc+StdBsauogyMfvRTXiTKR2OMIJ Jh4KnjvympgeA3QezRnN9GQ/z3dcPj1YV1LlB97V019uU6GUN1U1FSnDJTHVyRLH 2kqpZXgRXncYbBvROqUAUQkgwEcZb1pJ9jajPV5g3qzu5yP6TkoI1a0fxVAByJLp bHSk9/r54rH56sHZelrsUHietkcKRV49bq/GPyQrwFcj1drO40LtvOwOFfQnqUNP 7LnAavCyXpSWBbyAU9tJKQSMHH8jvxG2dP5FvwH6bXLYEas1MoXZtruXfROmtX1V JhY8wtXa3iKVbtuJFhVpWVYz+OimEn4AEDxB6DuviCkaySbtqX6fobsadJb1Z9ev pCUx4oHixqtndcNZc1dKyfKh1Q5QecQ5pNSdv/FuPsZvj/T4cDa1maVOHNzfCwjj RiwTc6XvfTL98nmw =F2cE -END PGP SIGNATURE-
Accepted mupdf 1.5-1+deb8u5 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 29 May 2019 12:38:57 +0200 Source: mupdf Binary: libmupdf-dev mupdf mupdf-tools Architecture: source amd64 Version: 1.5-1+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Kan-Ru Chen (陳侃如) Changed-By: Mike Gabriel Description: libmupdf-dev - development files for the MuPDF viewer mupdf - lightweight PDF viewer mupdf-tools - commmand line tools for the MuPDF viewer Closes: 887130 888487 918971 Changes: mupdf (1.5-1+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-6130: Throw error when page number is out of range. (Closes: #918971). * CVE-2019-6192: Indirect object numbers must be in range. (Closes: #888487). * CVE-2018-5686: Don't allow reading from a 'dead' fz_stream. (Closes: #887130). Checksums-Sha1: 4319704fccd2285ee37dc41ea046f664482a17b2 2155 mupdf_1.5-1+deb8u5.dsc 9b451774d628d2953df7591f0fcdb465f7da4fa5 7528994 mupdf_1.5.orig.tar.gz a5648e31d8dd0b69d9f2aecf6154fcbcbe6fd734 31704 mupdf_1.5-1+deb8u5.debian.tar.xz c359c9ba844b99ddf3d16bbea97d22d51a6e33b4 3464570 libmupdf-dev_1.5-1+deb8u5_amd64.deb f98f0623a2963dc07998a6833f779dac23648467 3410204 mupdf_1.5-1+deb8u5_amd64.deb 52d0f1e3e45417b101a07e990d47d736f5ee1f50 3419950 mupdf-tools_1.5-1+deb8u5_amd64.deb Checksums-Sha256: d216cb947c1039a40fe52c80d3d774e8529139e48f3174953e4d694eb4e7e57c 2155 mupdf_1.5-1+deb8u5.dsc 9ef2a457c119031cbf84cf89bfe9bf01d3fbb4b739bb4707bb58bfe141102ff2 7528994 mupdf_1.5.orig.tar.gz 2056922969cf18acf20e217596c873f078fb187abb0cd9d0ee8b62ddfd947607 31704 mupdf_1.5-1+deb8u5.debian.tar.xz da70885fcfa48a3faed99e4d8c5c9aad792fb0664bd46b6c19e92d53a8a2aa3b 3464570 libmupdf-dev_1.5-1+deb8u5_amd64.deb 7b4984e6b17014123df8d1147ba18e9a957b539125f35130f7a4918bbbea822a 3410204 mupdf_1.5-1+deb8u5_amd64.deb 28ed1dc7eafa5fcfc307b8d165fe0740f08222d589d70f0ed0f808f0c91402f9 3419950 mupdf-tools_1.5-1+deb8u5_amd64.deb Files: 173b1045305e809044298ad0a16b8a70 2155 text optional mupdf_1.5-1+deb8u5.dsc 89dd2ad96a3679035b89007d7dcbd847 7528994 text optional mupdf_1.5.orig.tar.gz a7a3820d27673a62ebbed2c32a26431b 31704 text optional mupdf_1.5-1+deb8u5.debian.tar.xz 4f60748c3a6ca894e570330918375d4f 3464570 libdevel optional libmupdf-dev_1.5-1+deb8u5_amd64.deb e3629a5fd51fead796c0f80e9318b6a9 3410204 text optional mupdf_1.5-1+deb8u5_amd64.deb ca685952a749d9c9788ca5245ce3793f 3419950 text optional mupdf-tools_1.5-1+deb8u5_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl0V2/0VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxndYP/0BHWCcEb4SYhl1OgYZ/M3FKKXYl /jN76uUFQghG2v4mqCGCIs9D44ZPdznADSTm8II/CT4Xw/ToFoUk6RMWyJ7Zvb1Q tSsM4JFKBWVWT8ludI/HNH4KCHb9U4Uf4JWm4nGcN77XOWFBbC7RNPZ/bn/eeuA0 HKIP1LhBJtUljpgcczfNP6WAkDpdiQIelGJ6HyDh2/WBvzd5nYOQ8jXAMAtGpm91 LazFvG3xzCkqXfGkPpxRLmcZi4gdMgxrILAyuLfZPLlZbMfAnladO9EPXgjWea3J fVK2tt2/Rml5Gy1A1EX/BUq3m/KzFsgXJoHMtrIHND4tCgbH27Z/7thlP66C9W8n HPMOPhEG8ociyR4aL4QaNCkYJ69MhjZheAvmAC9QGF3xeZ+wYKS6UU5n1dUChYaI AafVMYusB4Z4OV3bReC5VOqLBsBPS06Mfn2BSliwhSWH7DaRrMPw195GaUxhvkyx XZqEZv7ekV4OY1ihW93+84Lp41znKLLrsG/B1KOKLAE1LyOG464x/ktD9cGLp5Zr SAxH7eRLemIHgMSXhkfIG6FhjgOTYwg3CNtm7GCysM2risNtPzf05qKZ0BXHMySi J2mbrkep5JY9kAtKrTmlyG1Xl/l5mbJ+/URxHcBRZz3TxT+g88ZHaJEJxuf9Gvxj VhSNNlZKAqCp6nYM =QHYZ -END PGP SIGNATURE-
Accepted doxygen 1.8.8-5+deb8u1 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 01 Jun 2019 00:52:03 +0200 Source: doxygen Binary: doxygen doxygen-latex doxygen-doc doxygen-gui doxygen-dbg Architecture: source amd64 all Version: 1.8.8-5+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Matthias Klose Changed-By: Mike Gabriel Description: doxygen- Documentation system for C, C++, Java, Python and other languages doxygen-dbg - Debug symbols for doxygen doxygen-doc - Documentation for doxygen doxygen-gui - GUI configuration tool for doxygen doxygen-latex - Documentation system for C, C++, Java, Python and other languages Changes: doxygen (1.8.8-5+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2016-10245: External search does not properly escape user supplied data, resulting in vulnerability. Checksums-Sha1: 1cddff572f436ed5ab3b6fa10d2bdd485da89112 2511 doxygen_1.8.8-5+deb8u1.dsc 2f2d028254d804c3b04e78ba2183de5a7637143c 4971577 doxygen_1.8.8.orig.tar.gz 66afdb501fa537223e7f444dbc4f77c2116c8819 24772 doxygen_1.8.8-5+deb8u1.debian.tar.xz 5a0c4ba9b16377ade843932da4bdbe1b9ccad25c 2775012 doxygen_1.8.8-5+deb8u1_amd64.deb 070bb5fc43762afa239cbcb62aee3ce5495439d9 355468 doxygen-gui_1.8.8-5+deb8u1_amd64.deb 35449df94bc9389b7e943d852281a8a84986d4a9 8966250 doxygen-dbg_1.8.8-5+deb8u1_amd64.deb aa95005736cc51dec01045a804518d41ad9be4f3 74542 doxygen-latex_1.8.8-5+deb8u1_all.deb fa7d137def850ae30a82ca8063aeb2fcffaaf8fc 2150340 doxygen-doc_1.8.8-5+deb8u1_all.deb Checksums-Sha256: 49c7126a26de207f131327a600bccb73ec2bea56edbba4a88b66dcf9d6a658ed 2511 doxygen_1.8.8-5+deb8u1.dsc d1f978350527a2338199c9abb78f76f10746520de5dc4ae4cdd27fc9df9b19b8 4971577 doxygen_1.8.8.orig.tar.gz 655916537c1c57fc8b7f43996e87f222c4bc33e172930504909184eab0f28ea1 24772 doxygen_1.8.8-5+deb8u1.debian.tar.xz 0814ba6e1c446338f5ec46b4f9ca5894a509e1560a739d452944c5f067bb136f 2775012 doxygen_1.8.8-5+deb8u1_amd64.deb 161d82a518ebc53e68c9d5bfb81eaab4faa966166fee6b740970a6c6df64a57c 355468 doxygen-gui_1.8.8-5+deb8u1_amd64.deb 468037db926df846f65b74060e59c0232cc089979e9376a8c3232e5ea796f383 8966250 doxygen-dbg_1.8.8-5+deb8u1_amd64.deb fa382fccca9e9e8a1be3c76b20f62a11e2e725458071745cc6a452c4578ca824 74542 doxygen-latex_1.8.8-5+deb8u1_all.deb 48befe14e76a4835489b6bb049e4f2f87f35f731d8e53374bf7db2189994e4c8 2150340 doxygen-doc_1.8.8-5+deb8u1_all.deb Files: c0bab14b3acd9c5bf0e8a67b7306b58c 2511 devel optional doxygen_1.8.8-5+deb8u1.dsc 453892def7b378df387585a9358c23d4 4971577 devel optional doxygen_1.8.8.orig.tar.gz ad09fc611776259f85772ed5ef783f51 24772 devel optional doxygen_1.8.8-5+deb8u1.debian.tar.xz 78f9a336f147068ffd95bc80d7070e8b 2775012 devel optional doxygen_1.8.8-5+deb8u1_amd64.deb becbbfbf4d69f2004b55ddf37b0771ba 355468 devel optional doxygen-gui_1.8.8-5+deb8u1_amd64.deb f39b97e6b964dd26c719b6f2eaf20e81 8966250 debug extra doxygen-dbg_1.8.8-5+deb8u1_amd64.deb 2d566dd9a89593b61ba1067bdf17cffb 74542 devel optional doxygen-latex_1.8.8-5+deb8u1_all.deb bf3f02ff60860489cc832a94debaeb1c 2150340 doc optional doxygen-doc_1.8.8-5+deb8u1_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlzxsr4VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxdzkP/AvUke6ZbvIkagnrcCoygehl0ips Q/LubnYVcW8NRVtLpPx7s3MQcwvXQJZ/1WvY4AWHn8Hca3rmjz712DQBA9FhhIcM /oJh4tHGV4lcvSagm/A0W+fAYZCP/tC4DlJ11k/ScNFFpkxzeHfWVD84CvW5d9LN oxRUawiKwgrPrd+5wQEZ1ztrrM6kcJSrMDNINzEzc5wAuEmnA65gNfr2hXlqUvz4 USFqoWu0ScSacZkpVU+9R5+j+grR1ZS3wSSGpWfBjXEg5RJ3zOpYzIW00+kmjpjd YvIGOPZKh3vd4TNFmDdTU08YVi7ztEgMp3BMIPkf58FzBwvDvPPxN+NmU+dubjyd K5xq/lhXAAxR8qZn0+X5fZxxu8k7S/LAvx6TBVE+4iF41KlGBeuZTLaEyKw6AaYz S19BEeRTsXroFYJyPAHgAKXEzM4iCcFV+2VVXuE7cCDcSSlLdtxjOb4uNB1h3DIj 8CrNwyqVh0sdyLX9OkrFIvPSzx+D2fv5j8BzJ9dLT5p3j87Z8MnbvpxApjQHuu2/ 5r7/muaY1Q9KcRNazmYkHoRM3lXeR1cRSOWwdcUp+B305+VpsYcNXzyuzc2PUOvp kIzpP8oqLvjz6hyozH87PgPENb9xm96pY7KheJ3linjmw7ijX9arDgUcfZ40hSNk tsHHWg67tguiQatr =6KqX -END PGP SIGNATURE-
Accepted libav 6:11.12-1~deb8u7 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 28 May 2019 14:14:01 +0200 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u7) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-11338: avcodec/hevc: Avoid only partly skiping duplicate first slices. * CVE-2018-15822: avformat/flvenc: Check audio packet size. Checksums-Sha1: 3856f9c57057cbe79e62783181284270b191bf18 4023 libav_11.12-1~deb8u7.dsc b634d9879aab16113d35cc6385d1ccc7a4c8f64f 74504 libav_11.12-1~deb8u7.debian.tar.xz e4bd00012e9171a0166a1386c75343570e054bf7 18445522 libav-doc_11.12-1~deb8u7_all.deb 0439438a2aee8a8e1ed7e30eaea936910d1a8af5 66870 libavcodec-extra_11.12-1~deb8u7_all.deb 8e061878a3a6d40e39b3948cfed71aadfca69bb9 474048 libav-tools_11.12-1~deb8u7_amd64.deb de29331bb3fd2528b18ef80905e74dfd54cd9824 21594084 libav-dbg_11.12-1~deb8u7_amd64.deb 020c4709b6f40cc777d113997ed26bd7ed7bade3 131858 libavutil54_11.12-1~deb8u7_amd64.deb 39682b2453233d630b46e4f8002349f31cd7a75d 3109824 libavcodec56_11.12-1~deb8u7_amd64.deb 089490d9f8a004727220b089e55d37c5d5bf2875 91916 libavdevice55_11.12-1~deb8u7_amd64.deb 23a400de8ae213dbc42064971c9f87a47c3470aa 586900 libavformat56_11.12-1~deb8u7_amd64.deb 9274ce3cc198ed82ab6cdc87cf2fbc11c399e2a4 173060 libavfilter5_11.12-1~deb8u7_amd64.deb a2df07073955bce9d2eb19234b45a2f873194a8c 145320 libswscale3_11.12-1~deb8u7_amd64.deb 629498a2e968dae76f8a988824e9a51f986a4171 193946 libavutil-dev_11.12-1~deb8u7_amd64.deb 1c4f03cf0df2f97c169ea140fc719e511c9af0f5 3432120 libavcodec-dev_11.12-1~deb8u7_amd64.deb 8ad402cf57a63920313d05ab56d69f16e2fb6ae9 94784 libavdevice-dev_11.12-1~deb8u7_amd64.deb bcef3f36c1df637d7209deded2744ca2df2e77f8 692358 libavformat-dev_11.12-1~deb8u7_amd64.deb 114485aab897693b4c5565d823c6248157661a85 204174 libavfilter-dev_11.12-1~deb8u7_amd64.deb 61303a4480f42f49249dca3b36c0e339852e11b8 158228 libswscale-dev_11.12-1~deb8u7_amd64.deb 03604a4c75737da67382744f1834695ed02c2f98 113182 libavresample-dev_11.12-1~deb8u7_amd64.deb 81459046377f1eb25a6ac5ab71f08f1f7d171564 104268 libavresample2_11.12-1~deb8u7_amd64.deb 2f83db1f5c44f405ae155e36a644d1fbe755831a 3113676 libavcodec-extra-56_11.12-1~deb8u7_amd64.deb Checksums-Sha256: 777dd27fbb1a5a72b0bb46dab4952916c5dbc792648154f0f143dac4ddee8658 4023 libav_11.12-1~deb8u7.dsc 942c21a14298218f026ee1be053f3c399a0dea53cc9acb8651bdd812815ada63 74504 libav_11.12-1~deb8u7.debian.tar.xz d99632e10502c60a1c64166a973d1ddca33827431e551e11174947eff8517eef 18445522 libav-doc_11.12-1~deb8u7_all.deb c3c7ff20a7af2650f9c4e0deb29d092fd361867dc500a6880746b5895e09edbf 66870 libavcodec-extra_11.12-1~deb8u7_all.deb f5afba832b83118154df795e74eb4e921cc26856a8fb4cbad473cbf6e7958d6b 474048 libav-tools_11.12-1~deb8u7_amd64.deb 1f9e0f7faf8056bfc941a3c453fe4baaec4fb4eed70667e0d907443c44b901e9 21594084 libav-dbg_11.12-1~deb8u7_amd64.deb d6f5b5478cd2669a8604978dfc621817ab264374d8c72eb5724b90fa6d2ccce3 131858 libavutil54_11.12-1~deb8u7_amd64.deb ca72596c0e4d2c73984eaa71ba87c85f533c47a4ab26ad66fb2327b0b9cc41dd 3109824 libavcodec56_11.12-1~deb8u7_amd64.deb d144f113bed4b49c4571a4e6db32a5abcaa00666e7afaaeafec38b3385ed37b5 91916 libavdevice55_11.12-1~deb8u7_amd64.deb eebdb73ea0a519cb9c374db929b3785570921c102144357757e4d2e98537dbc8 586900 libavformat56_11.12-1~deb8u7_amd64.deb d5b595c78deb86fd5c7917322d4dd5d3c715a4e96c3f941bf7fcf8873ef5bce8 173060 libavfilter5_11.12-1~deb8u7_amd64.deb bcd2c3d07487f5aa997e888b317ef9606539ca5700b7d7024ef34b2799a3b923 145320 libswscale3_11.12
Accepted qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 07 May 2019 09:14:21 +0200 Source: qt4-x11 Binary: libqtcore4 qtcore4-l10n libqt4-core libqtgui4 libqt4-gui libqt4-network libqt4-opengl libqt4-script libqt4-scripttools libqt4-sql libqt4-sql-ibase libqt4-sql-mysql libqt4-sql-odbc libqt4-sql-psql libqt4-sql-sqlite libqt4-sql-sqlite2 libqt4-sql-tds libqt4-svg libqt4-webkit libqt4-xml libqt4-xmlpatterns libqt4-dbus libqtdbus4 libqt4-qt3support libqt4-designer libqt4-help libqt4-assistant libqt4-test libqt4-phonon libqt4-declarative libqt4-declarative-folderlistmodel libqt4-declarative-gestures libqt4-declarative-particles libqt4-declarative-shaders libqt4-dev libqt4-dev-bin libqt4-private-dev libqt4-opengl-dev libqt4-dbg libqt4-designer-dbg libqt4-qt3support-dbg libqt4-script-dbg libqt4-webkit-dbg libqt4-xmlpatterns-dbg qt4-bin-dbg qt4-demos-dbg qt4-designer qt4-dev-tools qt4-qmake qt4-qtconfig qt4-demos qt4-qmlviewer qt4-linguist-tools qdbus qt4-doc qt4-doc-html qt4-default Architecture: source amd64 all Version: 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Qt/KDE Maintainers Changed-By: Mike Gabriel Description: libqt4-assistant - transitional package for Qt 4 assistant module libqt4-core - transitional package for Qt 4 core non-GUI runtime libraries libqt4-dbg - Qt 4 library debugging symbols libqt4-dbus - Qt 4 D-Bus module libqt4-declarative - Qt 4 Declarative module libqt4-declarative-folderlistmodel - Qt 4 folderlistmodel QML plugin libqt4-declarative-gestures - Qt 4 gestures QML plugin libqt4-declarative-particles - Qt 4 particles QML plugin libqt4-declarative-shaders - Qt 4 shaders QML plugin libqt4-designer - Qt 4 designer module libqt4-designer-dbg - Qt 4 designer library debugging symbols libqt4-dev - Qt 4 development files libqt4-dev-bin - Qt 4 development programs libqt4-gui - transitional package for Qt 4 GUI runtime libraries libqt4-help - Qt 4 help module libqt4-network - Qt 4 network module libqt4-opengl - Qt 4 OpenGL module libqt4-opengl-dev - Qt 4 OpenGL library development files libqt4-phonon - Qt 4 Phonon module libqt4-private-dev - Qt 4 private development files libqt4-qt3support - Qt 3 compatibility library for Qt 4 libqt4-qt3support-dbg - Qt 3 compatibility library for Qt 4 debugging symbols libqt4-script - Qt 4 script module libqt4-script-dbg - Qt 4 script library debugging symbols libqt4-scripttools - Qt 4 script tools module libqt4-sql - Qt 4 SQL module libqt4-sql-ibase - Qt 4 InterBase/FireBird database driver libqt4-sql-mysql - Qt 4 MySQL database driver libqt4-sql-odbc - Qt 4 ODBC database driver libqt4-sql-psql - Qt 4 PostgreSQL database driver libqt4-sql-sqlite - Qt 4 SQLite 3 database driver libqt4-sql-sqlite2 - Qt 4 SQLite 2 database driver libqt4-sql-tds - Qt 4 FreeTDS database driver libqt4-svg - Qt 4 SVG module libqt4-test - Qt 4 test module libqt4-webkit - transitional package for Qt 4 WebKit module libqt4-webkit-dbg - transitional package for Qt 4 WebKit debugging symbols libqt4-xml - Qt 4 XML module libqt4-xmlpatterns - Qt 4 XML patterns module libqt4-xmlpatterns-dbg - Qt 4 XML patterns library debugging symbols libqtcore4 - Qt 4 core module libqtdbus4 - Qt 4 D-Bus module library libqtgui4 - Qt 4 GUI module qdbus - Qt 4 D-Bus tool qt4-bin-dbg - Qt 4 binaries debugging symbols qt4-default - Qt 4 development defaults package qt4-demos - Qt 4 examples and demos qt4-demos-dbg - Qt 4 examples and demos debugging symbols qt4-designer - graphical designer for Qt 4 applications qt4-dev-tools - Qt 4 development tools qt4-doc- Qt 4 API documentation qt4-doc-html - Qt 4 API documentation (HTML format) qt4-linguist-tools - Qt 4 Linguist tools qt4-qmake - Qt 4 qmake Makefile generator tool qt4-qmlviewer - Qt 4 QML viewer qt4-qtconfig - Qt 4 configuration tool qtcore4-l10n - Qt 4 core module translations Changes: qt4-x11 (4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-15518: Fix a double-free or corruption during parsing of a specially crafted illegal XML document. * CVE-2018-19870: A malformed GIF image might have caused a NULL pointer dereference in QGifHandler resulting in a segmentation fault. * CVE-2018-19873: QBmpHandler had a buffer overflow via BMP data. * CVE-2018-19871: TGA handler: check for out of range image size Make the decoder fail early to avoid spending time and memory on attempting to decode a corrupt image file. * CVE-2018-19869: Fix crash when parsing malformed url reference, The parsing did not check for end of input. Checksums-Sha1: 7003f25a49779b7a12f47fa29231352c20a0aae3 6575 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg-3+deb8u2.dsc e9020869ace0121e1120570889771e4699033556 134025240 qt4-x11_4.8.6+git64-g5dc8b2b+dfsg.orig.tar.xz 6962ff5c95850de43ea8a6a6b697250c3674a34e 317464 qt4
Accepted 389-ds-base 1.3.3.5-4+deb8u6 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 06 May 2019 18:42:39 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg Architecture: source all amd64 Version: 1.3.3.5-4+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Debian 389ds Team Changed-By: Mike Gabriel Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols Closes: 927939 Changes: 389-ds-base (1.3.3.5-4+deb8u6) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-3883: Before reading from a secure socket, the LDAP consumer now polls the socket for a read. The socket is polled (with a 0.1s timeout) until read is possible or sum of poll timeout is greater than ioblocktimeout. (Closes: #927939). Checksums-Sha1: 011767f02382d4e1a0b2cad6cfc39056ccec5840 2651 389-ds-base_1.3.3.5-4+deb8u6.dsc bb43dc34bde87175c169cccb9981999f263c0c03 3273753 389-ds-base_1.3.3.5.orig.tar.bz2 c00a4d1a7299256b034ee0cfe03244f75c9642b7 38716 389-ds-base_1.3.3.5-4+deb8u6.debian.tar.xz 9d4e252729aafc8e6d25f4ce94f6cf5a58290938 16676 389-ds_1.3.3.5-4+deb8u6_all.deb f1c2fd9d8930473ab61488211e5b2171947425be 387980 389-ds-base-libs_1.3.3.5-4+deb8u6_amd64.deb 270f8f9dee8116d5635c00f11de289902fc770e0 1283512 389-ds-base-libs-dbg_1.3.3.5-4+deb8u6_amd64.deb fc2ee3bead573910ae2949f9a7bbb464bbbca146 70026 389-ds-base-dev_1.3.3.5-4+deb8u6_amd64.deb 71966d1d8417415cc405839bec6bee1c5b58a18a 1458794 389-ds-base_1.3.3.5-4+deb8u6_amd64.deb 4ffb5bb4f4b3eec666d7ec4cf0ce05cc546b7637 4183064 389-ds-base-dbg_1.3.3.5-4+deb8u6_amd64.deb Checksums-Sha256: fcc106cf2267fcdf6a06d3d90a43c751fcca7384da42e8140899f7be46eb31b3 2651 389-ds-base_1.3.3.5-4+deb8u6.dsc 85f69e65909f7a8286717290f699e61be89c6534e926bcb5b4a6644f950e8827 3273753 389-ds-base_1.3.3.5.orig.tar.bz2 5560e2211e0170d5734c34ab0d2a7b02d1b03ebc5c718d8e270b7ba4145b9ee8 38716 389-ds-base_1.3.3.5-4+deb8u6.debian.tar.xz 861945d1eda1ca28c5d3167dd40388c41fbc6b5054e0387b54b07b53f4953069 16676 389-ds_1.3.3.5-4+deb8u6_all.deb b233d08cbe4bec53408f32ea4285c92b502f947a33dda79ffa9bccad62fdfb96 387980 389-ds-base-libs_1.3.3.5-4+deb8u6_amd64.deb 76b2f2ab3ba43e2d2e29e57ee58b30c29b9759beb92760d092c9a266d82f3da1 1283512 389-ds-base-libs-dbg_1.3.3.5-4+deb8u6_amd64.deb 3821f5f086d2a25a4176903ce2831c560741c33e47aa9e5fae25b048d5cb9230 70026 389-ds-base-dev_1.3.3.5-4+deb8u6_amd64.deb 4f1024603763ae7eeb3c2705a0dee0d54577b4cf847394cf82e3edb6d75c988e 1458794 389-ds-base_1.3.3.5-4+deb8u6_amd64.deb 6854aab6e7f74ea4ed050bd8bfec3705267017ed3ccd142d8b3e2e714209d862 4183064 389-ds-base-dbg_1.3.3.5-4+deb8u6_amd64.deb Files: 72a74eaad20fe776eeb2db123c264490 2651 net optional 389-ds-base_1.3.3.5-4+deb8u6.dsc 84869d46184039fce976b858e663232e 3273753 net optional 389-ds-base_1.3.3.5.orig.tar.bz2 ee64c7283148e558bcd6acb9750770ef 38716 net optional 389-ds-base_1.3.3.5-4+deb8u6.debian.tar.xz 9cc22916c35ce031845c96a17a2d2105 16676 net optional 389-ds_1.3.3.5-4+deb8u6_all.deb 85253669c742fa3d93766106eb2d015c 387980 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u6_amd64.deb 75acebdfd673ba60a9a9fba2caf5310e 1283512 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u6_amd64.deb aecb72feb45c801b1a754d61b8581ffe 70026 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u6_amd64.deb 52920e0f422ad39d8a53e9ecab3e3296 1458794 net optional 389-ds-base_1.3.3.5-4+deb8u6_amd64.deb 45ca90300d3a72f7dae3a139aea5d07c 4183064 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlzQc08VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxHWIQAIc34pStgID6EbPWJF7V8nrz2GMF IxlOaKxWXlV8Ay+dqYSvobwRDVtwvKyU+4/dBrStbTbdpjnqjJukg8Eao80wZVju fYwH0iJO7LHmI78NNCSjx9UOjUjprDLkqUYo7Cmz33uNCowMVGjhCx8fgBSnoZ7x RdXmPx9D7rnrD9dEqbVQqrp/3XRlOXyLH5nHkUQYW9VpNNCO8PGRkj4Uv6URH40r fNd/s8ygSgpwcCXZBLUgRc3VuPBWDBNERBDrSODJg34EA4tdlh4D1j4rwEr7oc8n m6w3R/1fPmeYvooEMRYcJwkiYWH6Bt1VyYu1jvk6P7e5OTEpKpRJXvq+npG+XtWs wqzv3TAEaZjUsf8KTGl0fSjKuXn0K58ENj8+BuqbIBS9nSJGtfOg/4B/iJrfj0VW xB+A1ZTm+39gWOAs67/heBi54LMQpKoc6hdtZQwKpd4b3BfwOe3ztcplo3KYdfDv ieZk47ropIoLPc3cBuHqYkqh6N7qhebKU+HkkAyYmdz6HDFR/f1JipVAaY96A8L3 6fMJSXvUOYLetLm8dYj9HRc4CYqStz7Yzv1glatCdcx3otclL2D56f7Phbs2ZKSD KsXVYgkWGpr6p6vETbzgdhihrOXbuHLtIhVuGm8HQcL73sZFNguqaKwuhnhl/vlb cwivlAMw1Vc5WcLZ =KfMh -END PGP SIGNATURE-
Accepted systemd 215-17+deb8u13 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 25 Apr 2019 12:10:54 +0200 Source: systemd Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python3-systemd systemd-dbg Architecture: source amd64 Version: 215-17+deb8u13 Distribution: jessie-security Urgency: medium Maintainer: Debian systemd Maintainers Changed-By: Mike Gabriel Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon-dev - systemd utility library (transitional package) libsystemd-daemon0 - systemd utility library (deprecated) libsystemd-dev - systemd utility library - development files libsystemd-id128-0 - systemd 128 bit ID utility library (deprecated) libsystemd-id128-dev - systemd 128 bit ID utility library (transitional package) libsystemd-journal-dev - systemd journal utility library (transitional package) libsystemd-journal0 - systemd journal utility library (deprecated) libsystemd-login-dev - systemd login utility library (transitional package) libsystemd-login0 - systemd login utility library (deprecated) libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) python3-systemd - Python 3 bindings for systemd systemd- system and service manager systemd-dbg - system and service manager (debug symbols) systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Changes: systemd (215-17+deb8u13) jessie-security; urgency=medium . * Regression fixes for CVE-2017-18078 in src/tmpfiles/tmpfiles.c: - Add missing pair of curly braces. - Return negative error code. Checksums-Sha1: 3df982d3eaa523cb97eaf618b6e1d029bc3df0b7 4182 systemd_215-17+deb8u13.dsc c8f8c61166e2a0905ece78de72750de5861d8d8d 248816 systemd_215-17+deb8u13.debian.tar.xz 18016718f2ed6d903ca9503602818cd6173eed23 2555452 systemd_215-17+deb8u13_amd64.deb 68a43e26ce2938a273c07425d9892cf0fdeb046e 37490 systemd-sysv_215-17+deb8u13_amd64.deb 401863dde3ce1eb4c7723ec529a0c5c1312a812c 127444 libpam-systemd_215-17+deb8u13_amd64.deb b718fe0f3981dd86e2724eeb2c8781a74091c491 90480 libsystemd0_215-17+deb8u13_amd64.deb 0968704673dd309d9510edf9fb5f58b60b10eef0 96456 libsystemd-dev_215-17+deb8u13_amd64.deb 57a07977725b94a6839590bcdc8dee37dcd83180 50698 libsystemd-login0_215-17+deb8u13_amd64.deb 618806b5b1afdf6bbdfec6602cdf572d088cd0ce 33178 libsystemd-login-dev_215-17+deb8u13_amd64.deb 9249d4f2d6c6af943e4822506d489c466750a412 39774 libsystemd-daemon0_215-17+deb8u13_amd64.deb 859c30520337e3c8dc05d98c9ba067dde9536efb 33162 libsystemd-daemon-dev_215-17+deb8u13_amd64.deb 2a4789c43e018465c6ca49d6ef177f4e1a5b0552 75900 libsystemd-journal0_215-17+deb8u13_amd64.deb fcc8046c08058668c6fc840e7911f6b724465407 33170 libsystemd-journal-dev_215-17+deb8u13_amd64.deb 3ad87357dec173134fcd5a02814165f922aafb03 38714 libsystemd-id128-0_215-17+deb8u13_amd64.deb ebc3ba413fb4eca4893726f63a2eb64711b5b118 33170 libsystemd-id128-dev_215-17+deb8u13_amd64.deb 1809e0de1390d9af8a7dd255adf9d11b730daac7 877740 udev_215-17+deb8u13_amd64.deb 3b2ab959711d70bfa03783790674733fce10c214 58802 libudev1_215-17+deb8u13_amd64.deb 962e4a6e04f1a753dda3f28be5ade2d80dc6e907 23380 libudev-dev_215-17+deb8u13_amd64.deb 40f0ccf0648d79a482a8fc667a81b8b0165ed543 195770 udev-udeb_215-17+deb8u13_amd64.udeb 4f8f4105d2d4a0ffe279f76b00bc67515d43af34 24750 libudev1-udeb_215-17+deb8u13_amd64.udeb 00ea3b68d5b01d8109ae56ca596b38a1bfb89dc9 43480 libgudev-1.0-0_215-17+deb8u13_amd64.deb da2a545cfbd72c1f4389548b7bf9ecd851283e16 2846 gir1.2-gudev-1.0_215-17+deb8u13_amd64.deb be50b29893acd9d619f180a6adcb8e34a3d527ce 24600 libgudev-1.0-dev_215-17+deb8u13_amd64.deb d61193809b5a6b37140bbd31e075ceaddc95ab33 63198 python3-systemd_215-17+deb8u13_amd64.deb 4d64f68801c2549c4b8a83af91ec6916771eda82 15998284 systemd-dbg_215-17+deb8u13_amd64.deb Checksums-Sha256: d8c3f700871e3962b7c16fbaf8e7c8aaa0fb95a4410dff04d54e229169451ec3 4182 systemd_215-17+deb8u13.dsc 7274d5e33a526b06d37558999325b15f8dd773ad9ddd61cc7f5e12f1bca839db 248816 systemd_215-17+deb8u13.debian.tar.xz 238f821eebc346b46f05c5eb75c138340fc78f53ae2ce9f73ef9fa65eb1034c4 2555452 systemd_215-17+deb8u13_amd64.deb cf9c777101fedbdf01c11b6ee52ccd02b685b232f8a08164f7d8e5bfe325e2f4 37490 systemd-sysv_215-17+deb8u13_amd64.deb 0e62008030cbacd1bbfe9c1b064772500a50222bb838cb34c2575068039b4e7e 127444 libpam-systemd_215-17
Accepted systemd 215-17+deb8u12 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 23 Apr 2019 10:55:22 +0200 Source: systemd Binary: systemd systemd-sysv libpam-systemd libsystemd0 libsystemd-dev libsystemd-login0 libsystemd-login-dev libsystemd-daemon0 libsystemd-daemon-dev libsystemd-journal0 libsystemd-journal-dev libsystemd-id128-0 libsystemd-id128-dev udev libudev1 libudev-dev udev-udeb libudev1-udeb libgudev-1.0-0 gir1.2-gudev-1.0 libgudev-1.0-dev python3-systemd systemd-dbg Architecture: source amd64 Version: 215-17+deb8u12 Distribution: jessie-security Urgency: medium Maintainer: Debian systemd Maintainers Changed-By: Mike Gabriel Description: gir1.2-gudev-1.0 - libgudev-1.0 introspection data libgudev-1.0-0 - GObject-based wrapper library for libudev libgudev-1.0-dev - libgudev-1.0 development files libpam-systemd - system and service manager - PAM module libsystemd-daemon-dev - systemd utility library (transitional package) libsystemd-daemon0 - systemd utility library (deprecated) libsystemd-dev - systemd utility library - development files libsystemd-id128-0 - systemd 128 bit ID utility library (deprecated) libsystemd-id128-dev - systemd 128 bit ID utility library (transitional package) libsystemd-journal-dev - systemd journal utility library (transitional package) libsystemd-journal0 - systemd journal utility library (deprecated) libsystemd-login-dev - systemd login utility library (transitional package) libsystemd-login0 - systemd login utility library (deprecated) libsystemd0 - systemd utility library libudev-dev - libudev development files libudev1 - libudev shared library libudev1-udeb - libudev shared library (udeb) python3-systemd - Python 3 bindings for systemd systemd- system and service manager systemd-dbg - system and service manager (debug symbols) systemd-sysv - system and service manager - SysV links udev - /dev/ and hotplug management daemon udev-udeb - /dev/ and hotplug management daemon (udeb) Changes: systemd (215-17+deb8u12) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2017-18078: tmpfiles: refuse to chown()/chmod() files which are hardlinked, unless protected_hardlinks sysctl is on. * CVE-2019-3842: pam-systemd: use secure_getenv() rather than getenv(). Checksums-Sha1: 0c9ac184a1544b082401653c32850d821255 4182 systemd_215-17+deb8u12.dsc 7a592f90c0c1ac05c43de45b8fde1f23b5268cb4 2888652 systemd_215.orig.tar.xz 330fb82dc2f69101bb681e23c21ec94ed6278a51 248692 systemd_215-17+deb8u12.debian.tar.xz ca98f6138cce25a8e33741fe455eea86a99613cf 2554300 systemd_215-17+deb8u12_amd64.deb a3317419d7d4e110d79a5a59d9f52623f6f24b82 37430 systemd-sysv_215-17+deb8u12_amd64.deb 163f4c3cf43c9f42a5cd32e9d5301a8c8ae9c170 127352 libpam-systemd_215-17+deb8u12_amd64.deb 46a8b937ef5b5146aa5d751475ff0927a4f45f4a 90368 libsystemd0_215-17+deb8u12_amd64.deb 8f9aae1a40c692f77495b319aa883a2bb7a6aa4c 96370 libsystemd-dev_215-17+deb8u12_amd64.deb e81233773649873e70c9f3ac552d3238f0f2f485 50634 libsystemd-login0_215-17+deb8u12_amd64.deb 37fe868393bb9db61132ed1d6b95cd106ab0ee6b 33122 libsystemd-login-dev_215-17+deb8u12_amd64.deb 3438138d683feaed1878037a114b0efb7c411b22 39702 libsystemd-daemon0_215-17+deb8u12_amd64.deb b086cd6b1b633e772002f7017197c7871dce4b55 33110 libsystemd-daemon-dev_215-17+deb8u12_amd64.deb 8568c92b929291916dcbc13b0e93efc9705006ff 75896 libsystemd-journal0_215-17+deb8u12_amd64.deb 33daeaa674fe0c87192056168634bdaa73ada42e 33116 libsystemd-journal-dev_215-17+deb8u12_amd64.deb 7f5d4c2a9de39a086796191bcd4cc13d48323b29 38632 libsystemd-id128-0_215-17+deb8u12_amd64.deb e7784505fa0f46e4898bedc65e35cabf0a798980 33112 libsystemd-id128-dev_215-17+deb8u12_amd64.deb cda0ed9ba436a3d08a74d9fbc4a411e4e7424433 877648 udev_215-17+deb8u12_amd64.deb b12c3ec0297f44b29025fe41c98c7b37d809eaed 58750 libudev1_215-17+deb8u12_amd64.deb 587beb37e3993734364f84bb9ba6a37f6ebf2201 23388 libudev-dev_215-17+deb8u12_amd64.deb b369fba0c42dc949754df46ae7b6a909085ad175 195540 udev-udeb_215-17+deb8u12_amd64.udeb 54e9087857bdb2ad8c540ac73976f4fa11e81dbf 24738 libudev1-udeb_215-17+deb8u12_amd64.udeb 6c8dc2dc206aad34da93afb7eca145d593f14a97 43400 libgudev-1.0-0_215-17+deb8u12_amd64.deb c5ad94618d04343dcc09a02c0d5f49bc2bce0d4a 2846 gir1.2-gudev-1.0_215-17+deb8u12_amd64.deb f12fbbf528e72a4e4aca95170d610e8d6096e424 24614 libgudev-1.0-dev_215-17+deb8u12_amd64.deb 652d0154bddc3b9970e0788c738e827e473f3f00 63274 python3-systemd_215-17+deb8u12_amd64.deb 0b8efa2b818d26c810d08dcc78391d6cbc76db26 15998212 systemd-dbg_215-17+deb8u12_amd64.deb Checksums-Sha256: c5ce984fe61dcda0e1ebd4ba9ac4d6931edd954882ebad73b05efba93c816507 4182 systemd_215-17+deb8u12.dsc ce76a3c05e7d4adc806a3446a5510c0c9b76a33f19adc32754b69a0945124505 2888652 systemd_215.orig.tar.xz 84df36aa8b8dc72ccb9f3e09eafb0535662aca876bb6fb26e1df6189c0899f00 248692 systemd_215-17+deb8u12.debian.tar.xz
Accepted samba 2:4.2.14+dfsg-0+deb8u12 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 08 Apr 2019 23:50:58 +0200 Source: samba Binary: samba samba-libs samba-common samba-common-bin smbclient samba-testsuite registry-tools libparse-pidl-perl samba-dev samba-doc python-samba samba-dsdb-modules samba-vfs-modules libpam-smbpass libsmbclient libsmbclient-dev winbind libpam-winbind libnss-winbind samba-dbg libwbclient0 libwbclient-dev ctdb Architecture: source amd64 all Version: 2:4.2.14+dfsg-0+deb8u12 Distribution: jessie-security Urgency: medium Maintainer: Debian Samba Maintainers Changed-By: Mike Gabriel Description: ctdb - clustered database to store temporary data libnss-winbind - Samba nameservice integration plugins libpam-smbpass - pluggable authentication module for Samba libpam-winbind - Windows domain authentication integration plugin libparse-pidl-perl - IDL compiler written in Perl libsmbclient - shared library for communication with SMB/CIFS servers libsmbclient-dev - development files for libsmbclient libwbclient-dev - Samba winbind client library - development files libwbclient0 - Samba winbind client library python-samba - Python bindings for Samba registry-tools - tools for viewing and manipulating the Windows registry samba - SMB/CIFS file, print, and login server for Unix samba-common - common files used by both the Samba server and client samba-common-bin - Samba common files used by both the server and the client samba-dbg - Samba debugging symbols samba-dev - tools for extending Samba samba-doc - Samba documentation samba-dsdb-modules - Samba Directory Services Database samba-libs - Samba core libraries samba-testsuite - test suite from Samba samba-vfs-modules - Samba Virtual FileSystem plugins smbclient - command-line SMB/CIFS clients for Unix winbind- service to resolve user and group information from Windows NT ser Changes: samba (2:4.2.14+dfsg-0+deb8u12) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-3880: s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey. * CVE-2018-1057: - s4:dsdb/tests: add a test for password change with empty delete - s4:dsdb/password_hash: add a helper variable for LDB_FLAG_MOD_TYPE - s4:dsdb/password_hash: add a helper variable for passwordAttr->num_values - s4:dsdb/acl: only call dsdb_acl_debug() if we checked the acl in acl_check_password_rights() - s4:dsdb/acl: remove unused else branches in acl_check_password_rights() - s4:dsdb/acl: check for internal controls before other checks - vulnerability: s4:dsdb/acl: add check for DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control - vulnerability: s4:dsdb/acl: add a NULL check for talloc_new() in acl_check_password_rights() - vulnerability: s4/dsdb: correctly detect password resets - vulnerability: s4:dsdb/acl: run password checking only once - vulnerability: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control - s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID - vulnerability: s4:dsdb/acl: changing dBCSPwd is only allowed with a control * CVE-2018-1050: s3: RPC: spoolss server. Protect against null pointer derefs. * CVE-2017-9461: s3: smbd: Don't loop infinitely on bad-symlink resolution. Checksums-Sha1: b72c5a1604b3e9187ffad01bc8d00610a1cd998e 4221 samba_4.2.14+dfsg-0+deb8u12.dsc 636584f1e88276a5dc1eed99845063660e493704 20862908 samba_4.2.14+dfsg.orig.tar.gz 51ebd2c437fa7e8a9eb0f93f6508167281fdf208 292636 samba_4.2.14+dfsg-0+deb8u12.debian.tar.xz a0b63709f15d0aef4cca5efc77e029acdfc5f2ec 1036448 samba_4.2.14+dfsg-0+deb8u12_amd64.deb 9927c511f965b3ca4539baf61c2dd1a0228496f6 5105974 samba-libs_4.2.14+dfsg-0+deb8u12_amd64.deb 43d2282165b7ed058f18ec45dd54ab9d7c754f82 271356 samba-common_4.2.14+dfsg-0+deb8u12_all.deb a57b367f2ff0ee4d953fd92b7cf58bb60179f30d 617282 samba-common-bin_4.2.14+dfsg-0+deb8u12_amd64.deb 4da0dde448136d4c45067cbc8342b8eb18966d52 345482 smbclient_4.2.14+dfsg-0+deb8u12_amd64.deb c38b969ea0ba4533704da801a6ccbc43ad8c00a3 1572400 samba-testsuite_4.2.14+dfsg-0+deb8u12_amd64.deb 0cefb4bd06b7e116137e415a0f242d96596f7df5 124700 registry-tools_4.2.14+dfsg-0+deb8u12_amd64.deb 2d59753cb2ba869525d9ee087372b879a54a71c3 186166 libparse-pidl-perl_4.2.14+dfsg-0+deb8u12_amd64.deb 0fd3ed71e554bbe200731a3ecea586b46ddf333b 337130 samba-dev_4.2.14+dfsg-0+deb8u12_amd64.deb 327b532fc3a7053fb4e737e343bd1964ba2cfdb8 322540 samba-doc_4.2.14+dfsg-0+deb8u12_all.deb a3aef0ea0d422fd481c57e618304cf4ef919f320 1018522 python-samba_4.2.14+dfsg-0+deb8u12_amd64.deb 19f0f0e571f4879cc21ac72f43cbbc135f48e0a9 310334 samba-dsdb-modules_4.2.14+dfsg-0+deb8u12_amd64.deb d0eb4f0dfbb6bd28ccbbbf1ea1f5cf0209f9accc 331678 samba-vfs-modules_4.2.14+dfsg-0+deb8u12_amd64.deb 8db6085a9d22449b20e34146312f5ed01384121c 112910 libpam-smbpass_4.2.14+dfsg-0+deb8u12_amd64.
Accepted poppler 0.26.5-2+deb8u9 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 08 Apr 2019 18:17:24 +0200 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u9 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u9) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-9631: cairo: Constrain number of cycles in rescale filter. Pass address of the first byte after end of the source buffer to downsample_row_box_filter() so that we can check that we don't run out of it. Checksums-Sha1: 96113c1018752a2b8820d4c6ec5d0affe42c42a8 3331 poppler_0.26.5-2+deb8u9.dsc 01eccb6409cccdae8f6493789400fcfd9bb046d5 44360 poppler_0.26.5-2+deb8u9.debian.tar.xz c87135acaf9e461641b94cb2edc6b6d36d83ad82 1213110 libpoppler46_0.26.5-2+deb8u9_amd64.deb 65087ebcff7029c5f35fced431fb7afe221e1c11 768780 libpoppler-dev_0.26.5-2+deb8u9_amd64.deb d9fe87266e24cf6ab2faf08ad2efd80762217c89 181016 libpoppler-private-dev_0.26.5-2+deb8u9_amd64.deb 3a229904ad114703a1604ef32e9bbb6500be5286 122824 libpoppler-glib8_0.26.5-2+deb8u9_amd64.deb 2da78e12002a55b724a29544e108c985728c15ea 164144 libpoppler-glib-dev_0.26.5-2+deb8u9_amd64.deb 2cced9a2602b9f0dafac03b5d293d0f6f5bb933a 86516 libpoppler-glib-doc_0.26.5-2+deb8u9_all.deb fb2691dc57c3e8baec2e32551142ce39464cb588 35002 gir1.2-poppler-0.18_0.26.5-2+deb8u9_amd64.deb 03ac0b631eedf8f493171db209de92b370f8c07c 128576 libpoppler-qt4-4_0.26.5-2+deb8u9_amd64.deb 8478424b86898b357cd426206ab9446a824aec74 159448 libpoppler-qt4-dev_0.26.5-2+deb8u9_amd64.deb 1b86d6cf71fd611ac10ea0d6336a64e78807c920 132734 libpoppler-qt5-1_0.26.5-2+deb8u9_amd64.deb c57c540a54f448377e09cf3888d5dd4906847fa6 166242 libpoppler-qt5-dev_0.26.5-2+deb8u9_amd64.deb f88ade7f70cbc95acf631c3bebcea9f963cfb0b9 45516 libpoppler-cpp0_0.26.5-2+deb8u9_amd64.deb c9350cfa9bab6a7dc06f1f78c647b54cbfad1a74 5 libpoppler-cpp-dev_0.26.5-2+deb8u9_amd64.deb a3459674dcc0101a957810770a76413eb6967f39 141936 poppler-utils_0.26.5-2+deb8u9_amd64.deb ffb9112ef3e0055ee6b6a7974d76d9a4897c4bd0 7684446 poppler-dbg_0.26.5-2+deb8u9_amd64.deb Checksums-Sha256: 2a4fd40e606744fdb23854cea1e61dfe3099812e6371211d1c0db00cdda093da 3331 poppler_0.26.5-2+deb8u9.dsc 1189b0f587f1051f0cd94d66bde43398e2bb45d463f08e00d4eca5184a5f7fb8 44360 poppler_0.26.5-2+deb8u9.debian.tar.xz 26bcae4f0f720c0c898059af6c01b319bf6ec829be55c3e6c3dac43d7af49183 1213110 libpoppler46_0.26.5-2+deb8u9_amd64.deb b4bbafc95876c690f179e32b74dd20cf53806678376b139d4948794e4434af47 768780 libpoppler-dev_0.26.5-2+deb8u9_amd64.deb 4d339d386ddcf991eeb7d6ee24b5142a383f3a142c576c5549cd48db20f9de9b 181016 libpoppler-private-dev_0.26.5-2+deb8u9_amd64.deb 3ab8f8bf9e295d6885da25afd61d5c3fcab20830ac06dcef62b4f6cbee1b82ec 122824 libpoppler-glib8_0.26.5-2+deb8u9_amd64.deb 035dd049bade90f117b4e52506676448e63587adf6abd1b232cc7a1d1cb90ab7 164144 libpoppler-glib-dev_0.26.5-2+deb8u9_amd64.deb e93fc344908fe8471c583276585d2325eeb2f06b9046744b21c9ab1a4cca6ab9 86516 libpoppler-glib-doc_0.26.5-2+deb8u9_all.deb 67509ec16b32908441a9f7b2ba3b15af7175965b525d88b34ea3ea1a1c118105 35002 gir1.2-poppler-0.18_0.26.5-2+deb8u9_amd64.deb d323bd36cbe73b4321c569c8fcc5104a93f20f4a360f8f63f06ee9a0ac0b42d4 128576 libpoppler-qt4-4_0.26.5-2+deb8u9_amd64.deb 162529c8fac093cd4a75a4c1bebee700d75071e6391b79cb3c5b945772e3f181 159448 libpoppler-qt4-dev_0.26.5-2+deb8u9_amd64.deb 52706b5fe4db2615e499d1d18b5518f3d71587fdba9d7a7be1fd0276bb7d5657 132734 libpoppler-qt5-1_0.26.5-2+deb8u9_amd64.deb 0f4547f16fa043a73ecbe02d085d9ced8df1f10c3e95cbda9efd2a911ea7430c 166242
Accepted libssh2 1.4.3-4.1+deb8u3 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 02 Apr 2019 10:31:13 +0200 Source: libssh2 Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg Architecture: source amd64 Version: 1.4.3-4.1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Mikhail Gusarov Changed-By: Mike Gabriel Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Changes: libssh2 (1.4.3-4.1+deb8u3) jessie-security; urgency=medium . * CVE-2019-3859: Regression fix. Fix user authentication. See https://github.com/libssh2/libssh2/pull/327 for details. Thanks to Salvatore Bonaccorso for noticing this. Checksums-Sha1: 8c905f36b2bd7518e72d90c0cc6bc12abd853c9e 1928 libssh2_1.4.3-4.1+deb8u3.dsc c136bf05bc08d6c01b1c56ee73c9e42149da981f 15632 libssh2_1.4.3-4.1+deb8u3.debian.tar.xz 8dbe49148822d8e8b99c2ae0fe0562da7716 127372 libssh2-1_1.4.3-4.1+deb8u3_amd64.deb 2d92706845a5a892e0eb3f9d90585ed343a0e9e9 291956 libssh2-1-dev_1.4.3-4.1+deb8u3_amd64.deb 34d664881f32d92c0d7ad5abff1bd96b4e4d530a 232636 libssh2-1-dbg_1.4.3-4.1+deb8u3_amd64.deb Checksums-Sha256: 31de099ac637f875c752833d449f2df7f555025e5535dea8bf622a15c22831ef 1928 libssh2_1.4.3-4.1+deb8u3.dsc b25cc7bc596134042c4df08e2b9cc188d83ffb112e501f45571eca698766c730 15632 libssh2_1.4.3-4.1+deb8u3.debian.tar.xz a7f43dba97eaac53bad54b2888b07f6821354178cd2cdaa95994b259c7d34fd8 127372 libssh2-1_1.4.3-4.1+deb8u3_amd64.deb 69caa6232588e63ce52d9f161d6e9184650d73f4843d45dbd5d250d91ad9f9e3 291956 libssh2-1-dev_1.4.3-4.1+deb8u3_amd64.deb 5881ad485e316b5666c793e1bf0f328df19adb40e9615c36b594ebc8dd464809 232636 libssh2-1-dbg_1.4.3-4.1+deb8u3_amd64.deb Files: df0d3591c97d0dd55cfed9aff421e05b 1928 libs optional libssh2_1.4.3-4.1+deb8u3.dsc 090b3a18530828f533782f7c102359b0 15632 libs optional libssh2_1.4.3-4.1+deb8u3.debian.tar.xz 71a7a46e548b8850014096cfa486ef68 127372 libs optional libssh2-1_1.4.3-4.1+deb8u3_amd64.deb ce050cd7389268fbaf781138f50993a4 291956 libdevel optional libssh2-1-dev_1.4.3-4.1+deb8u3_amd64.deb 5287612f1038a5b7c0188f253a4dc0c9 232636 debug extra libssh2-1-dbg_1.4.3-4.1+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyjIQ4VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxQIUP/2X2dhhGWp6sAzCX9u9owweGe0rt lM2H7d2TGYPwpYTsr49d/F7eBZ+HvJKOGpXj6FNp1a4DCAm8YLPJC0B4DW/ZPXnF Ujc2xMyIbwtpUuA0NnUNXrWZg8Xq/pw0xLQIgxHImTXNF3AsB8LrmpNv6DqgyaWv aDPlWhkwtXImpm65YusyXOvd059+yPdzOEGSIDs3b8UPvbEF2rvMU3FABvNTKxxp SoBtWCEI601XI3CKdo9U/WXJedK4yBumofuav4gUtEY4vAbKU8V2Xz/dHWHj+vPF OXRL/kFTAf2oLfYRgN8zpf7NXNWC0B8H7MMuvwiY/kNOD1xArf6cu2dZ4He2OBUs /AfCCHLIslps5CwPn+MctUODiYkWA1mAlsqNexZyUK7WluNiE1a2I3KXs4srYJG2 j8EetqV5CipWkhEQp3UBV+4nA3m0pz6pvnbDA8yTvqd2oxFT56PTUAjnxbKrrENN nwAv1Kd+i2Ly2P+VUIfHr4LeYKTKPWZ0cUoonnefcpa5otyd/wlXdjWXPJlN60Sx 6BJSlQ/mN7vub8AzXc/7rlmhIDphn+OGMTZP41JRskCIDT6fVub5X1li6jl/HmNe DUMNKV/T4Jf9yCBZ1OO+uMM5V71usQwCBcFBaAQVTWSksFdW7ry+B1qDxIS1JsO8 I6P+H1Al5y8ZCw8s =Emt8 -END PGP SIGNATURE-
Accepted libav 6:11.12-1~deb8u6 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Mar 2019 21:44:13 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u6) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-1999012: avformat/pva: Check for EOF before retrying in read_part_of_packet(). * CVE-2015-1872: avcodec/mjpegdec: Check number of components for JPEG-LS. * CVE-2018-6392: avfilter/vf_transpose: Fix out of array access (including later regression fix with packed pixel formats). * CVE-2017-14058: avformat/hls: Fix DoS due to infinite loop. * CVE-2017-1000460: h264dec: handle zero-sized NAL units in get_last_needed_nal(). Checksums-Sha1: e2754f13a8f99424278fdcb45057dd810c1b80ee 4023 libav_11.12-1~deb8u6.dsc 95bdcd2cf73cfe4fa1f6b748c0e9ff620f9b9381 73548 libav_11.12-1~deb8u6.debian.tar.xz 2438863b19aec976260b8f9e863e7cef35f8da16 18444200 libav-doc_11.12-1~deb8u6_all.deb 0271df5dccd8cd048ce67808d021a339e136bd0c 66790 libavcodec-extra_11.12-1~deb8u6_all.deb 419afc92c79e2a17f0b82de0607a5676f84d7399 474372 libav-tools_11.12-1~deb8u6_amd64.deb a73ecc4f43eaaaec4a5780e3ec55a2fb212b5f13 21597980 libav-dbg_11.12-1~deb8u6_amd64.deb b3e8bd83deab4cece17dc35646ef14a1cf4fd21c 131774 libavutil54_11.12-1~deb8u6_amd64.deb b8f2ded43af4e8f32556ea8713bfa7982d39efdd 3110668 libavcodec56_11.12-1~deb8u6_amd64.deb 3b91f952c0cd7390131f260a5d8071defc728ff6 91674 libavdevice55_11.12-1~deb8u6_amd64.deb 851c691e81eef70c8fd159f4b80269380212f1e2 586758 libavformat56_11.12-1~deb8u6_amd64.deb 7fcdce7fa979522250b1b07d7ec25dcddf5ee2ea 172912 libavfilter5_11.12-1~deb8u6_amd64.deb b8082879e442a08b4604eb034d6b932aa3af0f75 145258 libswscale3_11.12-1~deb8u6_amd64.deb 2bc4d75bc931ec0c4a912fb11d932e41a33163ed 193894 libavutil-dev_11.12-1~deb8u6_amd64.deb 5dfd3dfaf7f59cd611f08bba56141392797cf25c 3433186 libavcodec-dev_11.12-1~deb8u6_amd64.deb 8022656e2a6701f4b3da026dce1ec7d6fcb39d0b 94712 libavdevice-dev_11.12-1~deb8u6_amd64.deb 56061fa959bf5b6d9f361b0bbed45e769c0d20f5 692178 libavformat-dev_11.12-1~deb8u6_amd64.deb f832a4a7e8665bb172a9dd69fb51318ba6a22d3c 204076 libavfilter-dev_11.12-1~deb8u6_amd64.deb e00702d2ed9e15f0b8aa44ef87a9839ef2b3973a 158098 libswscale-dev_11.12-1~deb8u6_amd64.deb 2558206993add9e1a5fd14b336a287bd01619062 113112 libavresample-dev_11.12-1~deb8u6_amd64.deb ec1ec97ff31a06533effec7c4a2cc827b2292e4d 104194 libavresample2_11.12-1~deb8u6_amd64.deb 883ff18f729099420794f21a8e4d492f11335df7 3114012 libavcodec-extra-56_11.12-1~deb8u6_amd64.deb Checksums-Sha256: 56e54ef746521b91c6501390626161a0c31d63ec227753e7b09cc4960d7424f5 4023 libav_11.12-1~deb8u6.dsc a1b21bd8192b804141e0786e730e48388420672dda70db54db423f6e4cb7f978 73548 libav_11.12-1~deb8u6.debian.tar.xz 8a9561f798a34213754f5c45ffe9fa7a305d2f925d672e41090a7e48951faccf 18444200 libav-doc_11.12-1~deb8u6_all.deb 7df64c66ab5b17518374a5f7c593a945c0565479388de0a85df87fbabaa383ef 66790 libavcodec-extra_11.12-1~deb8u6_all.deb 4a32ad9aeb84bdeb0235fb490746a2788c90c7448ce07bee39d75d207ed2b5fa 474372 libav-tools_11.12-1~deb8u6_amd64.deb 5bdf438d2b328cbe6f182bef1bd2dac80f7b4153630315e6876a08749008c537 21597980 libav-dbg_11.12-1~deb8u6_amd64.deb 5884cdfd2498776292484a7af680e8cfd60ae952dfa7c1c3e9e74679e2a931c9 131774 libavutil54_11.12-1~deb8u6_amd64.deb 14acdfd56b3571aba5ab1bce4d0a8f949714fcecc6544517f7c5b1fcd7476152 3110668 libavcodec56_11.12-1~deb8u6_amd64.deb 59ccd4e2436ec12b36063ad6bc8bef727a65386f5219f3f6e5c610752bf9f96b 91674 libavdevice55_11.12-1~deb8u6_amd64.deb
Accepted libssh2 1.4.3-4.1+deb8u2 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 25 Mar 2019 15:10:21 +0100 Source: libssh2 Binary: libssh2-1 libssh2-1-dev libssh2-1-dbg Architecture: source amd64 Version: 1.4.3-4.1+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Mikhail Gusarov Changed-By: Mike Gabriel Description: libssh2-1 - SSH2 client-side library libssh2-1-dbg - SSH2 client-side library (debug package) libssh2-1-dev - SSH2 client-side library (development headers) Closes: 924965 Changes: libssh2 (1.4.3-4.1+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. (Closes: #924965). * CVE-2019-3855: Do packet length bounds check in _libssh2_transport_read() (src/transport.c). * CVE-2019-3856, CVE-2019-3863: Bounds checks in userauth_keyboard_interactive() (src/userauth.c). * CVE-2019-3857: Fix possible out zero byte/incorrect bounds allocation in _libssh2_packet_add() (src/packet.c). * CVE-2019-3858: Prevent zero-byte allocation in sftp_packet_read() which could lead to an out-of-bounds read. * CVE-2019-3859: Response length check in session_startup() (src/transport.c), and bounds checks in various functions (src/kex.c, src/channel.c). * CVE-2019-3860: Add a required_size parameter to sftp_packet_require et. al. to require callers of these functions to handle packets that are too short. * CVE-2019-3861: Sanitize padding_length - _libssh2_transport_read(). This prevents an underflow resulting in a potential out-of-bounds read if a server sends a too-large padding_length, possibly with malicious intent. * CVE-2019-3862: Additional length checks to prevent out-of-bounds reads and writes in _libssh2_packet_add(). Checksums-Sha1: b1c4fcb56ba49ccf418e05acfc85d4d92fabe35f 1928 libssh2_1.4.3-4.1+deb8u2.dsc d1975057ffd8baaab4ad8fa663942cf32794e278 15352 libssh2_1.4.3-4.1+deb8u2.debian.tar.xz 30f62d9308d91943f5cf3a75ab7b01b02b51db5b 127306 libssh2-1_1.4.3-4.1+deb8u2_amd64.deb a0615d5becf8eda87f8050304a100fa5d3e84401 291884 libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb a9750274bdd78f1b9366e00e43980b80d5ea25ef 232346 libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb Checksums-Sha256: 95da6c89b7bddca29753eef98cea1456071f2a6bacdce63522eb63ce698137e1 1928 libssh2_1.4.3-4.1+deb8u2.dsc b297c276f699c86da6e9190b5ece186f6712833034b2b5f5439f014338b42c77 15352 libssh2_1.4.3-4.1+deb8u2.debian.tar.xz ae7732bc4c922ee4b973cf124dc4e25be0f7c2a31ee2f2e3895fd83457abc180 127306 libssh2-1_1.4.3-4.1+deb8u2_amd64.deb e4ac22336122a18a8f9d3164180e88f0d2ef15367ec8abb01d8b98a572c639cc 291884 libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb 1b0ad2969d8d0edd06fd34630840f6313eda3c5fbf0bfda61604f51b0412987f 232346 libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb Files: 61426bba6c2406fe6d88737a1bc22700 1928 libs optional libssh2_1.4.3-4.1+deb8u2.dsc d28cc909be104e1be6590ec33e976018 15352 libs optional libssh2_1.4.3-4.1+deb8u2.debian.tar.xz c1ffb41738accf8c497486fb89b60349 127306 libs optional libssh2-1_1.4.3-4.1+deb8u2_amd64.deb 9053b1c38654779a37024bb7b01f693e 291884 libdevel optional libssh2-1-dev_1.4.3-4.1+deb8u2_amd64.deb 08ba2d2b77d32955fd81fed6ef5a0739 232346 debug extra libssh2-1-dbg_1.4.3-4.1+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyaJ/QVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxYxUP/1XZZri7jvL1u3nLpI/jXi5VF38Z kuz4Pvz419TZet3pYw+9jLsoUEo8LoOi/qrNRdc/+OZUyg3BBmtNGif5041NkW0h 1lBCDC1QLL7JqYf0+a5v5YGysYJ89yxcl8Meg+y7UytQIIhct0U6rYYyGurVM0U6 aNvHoiMkaYdvs0ddc5JMJdJ2fPLnBHumdKjwwYrb69EKBDeEhC5bTxrJRZiE1FHN hbimGHbVr7RzRms2LOUqlGq9j+QT5bwehCmZHWcn/SHeSjObrH7zf+U7pLmMkPhU Xj+YqVZ21JmD/kP0jSdEtjURi1ObsdLRgbXY6GiBR2SeN49IYoUz7YX/SpECtUU/ 7kTjdOQaNcjOnVakiNPRJvr7b/RpPl8QfGUOvoT3kyEHQuSY1/QuzymJBcDGDaSu FYeMVXnQZJME/Rma3kFO2eSzHhPtr7aA5zcY0GJv6fC5fT0pPqPF3CJ3jxZnku1B plAgrioMmXuBlOECNMgu+LQBCS6+sw8F4rbZWhIVXEQzfJ+GoGEDD2QuON4fCyvD FgyoovLM758Vw1K7OndF9s1eoVUA2cabjbo4H6jGX2aodPK6Jm0dslxI2j6I2pzf Q8fBrpipyqqMnK/eAio78nFHu+MMYT2oEexZdFYbqeMqzpAmAMH5QD1jS9lBqj9h 6cfWqCRaXGNVJEfA =V99n -END PGP SIGNATURE-
Accepted openssh 1:6.7p1-5+deb8u8 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 01 Feb 2019 00:45:09 +0100 Source: openssh Binary: openssh-client openssh-server openssh-sftp-server ssh ssh-krb5 ssh-askpass-gnome openssh-client-udeb openssh-server-udeb Architecture: source amd64 all Version: 1:6.7p1-5+deb8u8 Distribution: jessie-security Urgency: medium Maintainer: Debian OpenSSH Maintainers Changed-By: Mike Gabriel Description: openssh-client - secure shell (SSH) client, for secure access to remote machines openssh-client-udeb - secure shell client for the Debian installer (udeb) openssh-server - secure shell (SSH) server, for secure access from remote machines openssh-server-udeb - secure shell server for the Debian installer (udeb) openssh-sftp-server - secure shell (SSH) sftp server module, for SFTP access from remot ssh- secure shell client and server (metapackage) ssh-askpass-gnome - interactive X program to prompt users for a passphrase for ssh-ad ssh-krb5 - secure shell client and server (transitional package) Changes: openssh (1:6.7p1-5+deb8u8) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-20685: Disallow empty incoming filename or ones that refer to the current directory; based on report/patch from Harry Sintonen. * CVE-2019-6109: Sanitize scp filenames via snmprintf. To do this we move the progressmeter formatting outside of signal handler context and have the atomicio callback called for EINTR, too. * CVE-2019-6111: Check in scp client that filenames sent during remote->local directory copies satisfy the wildcard specified by the user. Checksums-Sha1: 936ab1d04a214e1d78bccc2f44c5cf430f80ceb2 2752 openssh_6.7p1-5+deb8u8.dsc e41871be91b667a8affdfe42dd482ad5ff1cb04a 177024 openssh_6.7p1-5+deb8u8.debian.tar.xz 62d90e7cf4549e2e75c6cbd3e13f9800aa0f7da6 695954 openssh-client_6.7p1-5+deb8u8_amd64.deb d417d9ec76403f2941c740ab72bf780938aadb30 328780 openssh-server_6.7p1-5+deb8u8_amd64.deb 284b8ca4541d40b224705786a88a8541fb131186 38062 openssh-sftp-server_6.7p1-5+deb8u8_amd64.deb b20b98321a39c92fbcc3c57966b4f6596a759004 121092 ssh_6.7p1-5+deb8u8_all.deb da6cdf00f757ef32f0f90da362e42c639bec6671 120628 ssh-krb5_6.7p1-5+deb8u8_all.deb f4865729ffe558001b1b3f1223fafb9f50c53e36 128654 ssh-askpass-gnome_6.7p1-5+deb8u8_amd64.deb 49b968beca3a6fdeb168247ec617a914f052b9ee 262036 openssh-client-udeb_6.7p1-5+deb8u8_amd64.udeb 8013734c5d4090c51b7e1387c4d8cd0905e0f4a1 282566 openssh-server-udeb_6.7p1-5+deb8u8_amd64.udeb Checksums-Sha256: c5f97a39da07b386f11cd0da09d6ca9915f6c33b62dab6b86abfa33499cd7f17 2752 openssh_6.7p1-5+deb8u8.dsc 64a4d6fb4dd402bc95a23c3e3422ba177e3d59b294249fd80009b7d28f9810b0 177024 openssh_6.7p1-5+deb8u8.debian.tar.xz 50bf902cc680fd1442556325e47d892f24621d7f0c4baf826f298d737a1e8030 695954 openssh-client_6.7p1-5+deb8u8_amd64.deb 985012d5c9957265f8ff7a798ded28108019fa6abf571fa4be140523fba6ffde 328780 openssh-server_6.7p1-5+deb8u8_amd64.deb 52c36b2492e6fbd8948340943064f58619572000ee93193a35bd547541f100e4 38062 openssh-sftp-server_6.7p1-5+deb8u8_amd64.deb 809fb28102aac5ded2cb6740cf36c5449c3f0c42f5c469265fc2ea8dc3ddc1bd 121092 ssh_6.7p1-5+deb8u8_all.deb 647245073a22c66f9e82e08e5cdcf8449357dabb312435633ff55f4652e3d921 120628 ssh-krb5_6.7p1-5+deb8u8_all.deb 41e459d51671ee94c45d4dc7094b627aa11cce197993d6fcb16368c63f2d87ae 128654 ssh-askpass-gnome_6.7p1-5+deb8u8_amd64.deb d33b40b679dcf36397e326e46566a1e4b7b3edf1d13d6634c6ef44bde652ad85 262036 openssh-client-udeb_6.7p1-5+deb8u8_amd64.udeb 8694b9ca999ee9f86768d43e71dd35741d62ccd5eb6575ce0b8b580b2f90cc4c 282566 openssh-server-udeb_6.7p1-5+deb8u8_amd64.udeb Files: 91ef5456d83e691c05728718566e20b8 2752 net standard openssh_6.7p1-5+deb8u8.dsc 70a980feabd0efb3f0f0684f2e79390a 177024 net standard openssh_6.7p1-5+deb8u8.debian.tar.xz 716470ea992234058424c5c6d929eb1e 695954 net standard openssh-client_6.7p1-5+deb8u8_amd64.deb e5060c3022a0439be5ef81594fd48c3a 328780 net optional openssh-server_6.7p1-5+deb8u8_amd64.deb 4cba32e87e90db608324f939a005 38062 net optional openssh-sftp-server_6.7p1-5+deb8u8_amd64.deb 23ac53ac4d2f818c06fd0888a06cb0c0 121092 net extra ssh_6.7p1-5+deb8u8_all.deb 673528d9de9ebbd5151502a00707fa40 120628 oldlibs extra ssh-krb5_6.7p1-5+deb8u8_all.deb 2b49818fc605d1b065adbb64ff541bb7 128654 gnome optional ssh-askpass-gnome_6.7p1-5+deb8u8_amd64.deb 5d11d68fe297ce2acdd72747760c4fd6 262036 debian-installer optional openssh-client-udeb_6.7p1-5+deb8u8_amd64.udeb 9ea2567f9482431dff2a32f13edbb033 282566 debian-installer optional openssh-server-udeb_6.7p1-5+deb8u8_amd64.udeb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyY0vUVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx030P/0iVD2G+vuC4GQSOzehGHaREomiK 0pxe67XehDx6Vi1JPO3w0g52Bu2AHwUtUDIbpm0FZWj7VsFma9+1CCp/KdGqEtwr yboNqArMXSfccGZI2YX/um+9rO/90/xVLZT+W+TKQ+ZoNnwiyi+AlkQruwnBV
Accepted cron 3.0pl1-127+deb8u2 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 21 Mar 2019 20:43:10 +0100
Source: cron
Binary: cron
Architecture: source amd64
Version: 3.0pl1-127+deb8u2
Distribution: jessie-security
Urgency: medium
Maintainer: Javier Fernández-Sanguino Peña
Changed-By: Mike Gabriel
Description:
cron - process scheduling daemon
Closes: 809167
Changes:
cron (3.0pl1-127+deb8u2) jessie-security; urgency=medium
.
[ Christian Kastner ]
* SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open
If these files exist, then they must be readable by the user executing
crontab(1). Users will now be denied by default if they aren't.
(LP: #1813833)
* SECURITY: Fix for possible DoS by use-after-free
A user reported a use-after-free condition in the cron daemon, leading to a
possible Denial-of-Service scenario by crashing the daemon.
(CVE-2019-9706) (Closes: #809167)
* SECURITY: DoS: Fix unchecked return of calloc()
Florian Weimer discovered that a missing check for the return value of
calloc() could crash the daemon, which could be triggered by a very
large crontab created by a user. (CVE-2019-9704)
* Enforce maximum crontab line count of 1000 to prevent a malicious user
from creating an excessivly large crontab. The daemon will log a warning
for existing files, and crontab(1) will refuse to create new ones.
(CVE-2019-9705)
* SECURITY: group crontab to root escalation
via postinst as described by Alexander Peslyak (Solar Designer) in
http://www.openwall.com/lists/oss-security/2017/06/08/3
(CVE-2017-9525)
* Add d/NEWS altering to the new 1000 lines limit.
.
[ Mike Gabriel ]
* debian/NEWS: Fix from unstable to jessie-security.
Checksums-Sha1:
ef8dabee455aa707bfafd588ffea15ce74e6f2c1 1993 cron_3.0pl1-127+deb8u2.dsc
f8d00de4c7c0eae97bedb4a3ec10ea21d43ece84 59245 cron_3.0pl1.orig.tar.gz
909154e27ae136a9648f782671f084bce89dcafd 100476 cron_3.0pl1-127+deb8u2.diff.gz
9276b853cf9d3a7e71dccd84e8b352a92da491f0 95630 cron_3.0pl1-127+deb8u2_amd64.deb
Checksums-Sha256:
2a9ad9124749494a3c535a0817bdf4be7eab963982d4cba69012376d4099eb0c 1993
cron_3.0pl1-127+deb8u2.dsc
d931e0688005dfa85cfdb60e19bf0a3848ebfa3ee3415bf2a6ea3ea9e5bcfd21 59245
cron_3.0pl1.orig.tar.gz
f92312cad57d320307a384f6ad3b1cdd40231e0d8e3f7734a02a145d11ea17ba 100476
cron_3.0pl1-127+deb8u2.diff.gz
96fc4923835c8cda716bc2fe3e39e359b8520027ebbbcb5c4a36d1207eddd7ed 95630
cron_3.0pl1-127+deb8u2_amd64.deb
Files:
940ab100cad242fd068221c935e7477c 1993 admin important
cron_3.0pl1-127+deb8u2.dsc
4c64aece846f8483daf440f8e3dd210f 59245 admin important cron_3.0pl1.orig.tar.gz
fb57621114fac390e3207d90f4040230 100476 admin important
cron_3.0pl1-127+deb8u2.diff.gz
7023dc126d9ea06b98099b32e62a235a 95630 admin important
cron_3.0pl1-127+deb8u2_amd64.deb
-BEGIN PGP SIGNATURE-
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlyT6iAVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxVRsP/Re9BBFY+wtrQuLYY2Px6MgNT3H7
FbkqdZcQaUHv8HS2XHwGdrXjmUHj9DLNIe6XUgrIu2BGvASWW4UQzaZzRA+GWdOj
9Ky8rYWO2ozlRwO4jYJGs7pXRlwdYkPhvxztKlivZwJJjTWqC1EM092bfbZ3G9Jo
tRStJeiM5cWEv45wghO6/vNJxms0UiSf8/4IvxAFrZPHQrj5KC9dpq5WPPGlO8+9
fi/ybrsWx/90ZVEN6lJIqGE/yb4WwAY+WdDp8h4dTmgpcsyH6Y0DMAV0RaHz9dKi
n0VjP3rbusAvXYRVAxOXN1R4IwACzyxHamj277qiysnLqDydK4MmeVDG7NxIzsF4
zkk+Sa31QWH37DAok5MwZXo22qzS4d7LuIrY7MDypo3B/etFdZGdizWrvlzrcW7g
zNoFPjsBSOvg+SRwTO2sifvwJ0VLXS/w3Xv+MEog2PIC8G88z5R8c3vNKuDFlr64
X/jGRgkeAg3m1h5dVNE3JEP3BIKc0DekcDBaCmcU0AmFeXKIatY0V/QDdHrHmc/Q
WJENGn6h+HqvuufUyFKuUawn5SmUDQEMI6bZYtGyuCx9LMycFOdJ/vVTKNZFBmH/
YwGAVwQelhQjr8oOWdyuf/IuBfjXo74mC381RXlUo6Lr6QYumzsLtbxVnDeMROxL
dXgMSUXLEXg2Rrs4
=gJmJ
-END PGP SIGNATURE-
Accepted freerdp 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 10 Jan 2019 16:39:47 +0100 Source: freerdp Binary: freerdp-x11 libfreerdp-cache1.1 libfreerdp-client1.1 libfreerdp-codec1.1 libfreerdp-common1.1.0 libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1 libfreerdp-locale1.1 libfreerdp-primitives1.1 libfreerdp-rail1.1 libfreerdp-utils1.1 libwinpr-asn1-0.1 libwinpr-bcrypt0.1 libwinpr-credentials0.1 libwinpr-credui0.1 libwinpr-crt0.1 libwinpr-crypto0.1 libwinpr-dsparse0.1 libwinpr-environment0.1 libwinpr-error0.1 libwinpr-file0.1 libwinpr-handle0.1 libwinpr-heap0.1 libwinpr-input0.1 libwinpr-interlocked0.1 libwinpr-io0.1 libwinpr-library0.1 libwinpr-path0.1 libwinpr-pipe0.1 libwinpr-pool0.1 libwinpr-registry0.1 libwinpr-rpc0.1 libwinpr-sspi0.1 libwinpr-sspicli0.1 libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1 libwinpr-timezone0.1 libwinpr-utils0.1 libwinpr-winhttp0.1 libwinpr-winsock0.1 libxfreerdp-client1.1 libfreerdp-plugins-standard libfreerdp-dev libwinpr-dev freerdp-x11-dbg libxfreerdp-client-dbg libfreerdp-dbg libwinpr-dbg libfreerdp-plugins-standard-dbg Architecture: source amd64 Version: 1.1.0~git20140921.1.440916e+dfsg1-13~deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Remote Maintainers Changed-By: Mike Gabriel Description: freerdp-x11 - RDP client for Windows Terminal Services (X11 client) freerdp-x11-dbg - RDP client for Windows Terminal Services (X11 client, debug symbo libfreerdp-cache1.1 - Free Remote Desktop Protocol library (cache library) libfreerdp-client1.1 - Free Remote Desktop Protocol library (client library) libfreerdp-codec1.1 - Free Remote Desktop Protocol library (codec library) libfreerdp-common1.1.0 - Free Remote Desktop Protocol library (common library) libfreerdp-core1.1 - Free Remote Desktop Protocol library (core library) libfreerdp-crypto1.1 - Free Remote Desktop Protocol library (freerdp-crypto library) libfreerdp-dbg - Free Remote Desktop Protocol library (debug symbols) libfreerdp-dev - Free Remote Desktop Protocol library (development files) libfreerdp-gdi1.1 - Free Remote Desktop Protocol library (GDI library) libfreerdp-locale1.1 - Free Remote Desktop Protocol library (locale library) libfreerdp-plugins-standard - RDP client for Windows Terminal Services (plugins) libfreerdp-plugins-standard-dbg - RDP client for Windows Terminal Services (plugins debug) libfreerdp-primitives1.1 - Free Remote Desktop Protocol library (primitives library) libfreerdp-rail1.1 - Free Remote Desktop Protocol library (rail library) libfreerdp-utils1.1 - Free Remote Desktop Protocol library (freerdp-utils library) libwinpr-asn1-0.1 - Windows Portable Runtime library (ASN1 library) libwinpr-bcrypt0.1 - Windows Portable Runtime library (bcrypt library) libwinpr-credentials0.1 - Windows Portable Runtime library (credentials library) libwinpr-credui0.1 - Windows Portable Runtime library (credeui library) libwinpr-crt0.1 - Windows Portable Runtime library (crt library) libwinpr-crypto0.1 - Windows Portable Runtime library (crypto library) libwinpr-dbg - Windows Portable Runtime library (debug symbols) libwinpr-dev - Windows Portable Runtime library (development files) libwinpr-dsparse0.1 - Windows Portable Runtime library (dsparse library) libwinpr-environment0.1 - Windows Portable Runtime library (environment library) libwinpr-error0.1 - Windows Portable Runtime library (error library) libwinpr-file0.1 - Windows Portable Runtime library (file library) libwinpr-handle0.1 - Windows Portable Runtime library (handle library) libwinpr-heap0.1 - Windows Portable Runtime library (heap library) libwinpr-input0.1 - Windows Portable Runtime library (input library) libwinpr-interlocked0.1 - Windows Portable Runtime library (interlocked library) libwinpr-io0.1 - Windows Portable Runtime library (io library) libwinpr-library0.1 - Windows Portable Runtime library (library) libwinpr-path0.1 - Windows Portable Runtime library (path library) libwinpr-pipe0.1 - Windows Portable Runtime library (pipe library) libwinpr-pool0.1 - Windows Portable Runtime library (pool library) libwinpr-registry0.1 - Windows Portable Runtime library (registry library) libwinpr-rpc0.1 - Windows Portable Runtime library (RPC library) libwinpr-sspi0.1 - Windows Portable Runtime library (sspi library) libwinpr-sspicli0.1 - Windows Portable Runtime library (sspicli library) libwinpr-synch0.1 - Windows Portable Runtime library (synch library) libwinpr-sysinfo0.1 - Windows Portable Runtime library (sysinfo library) libwinpr-thread0.1 - Windows Portable Runtime library (thread library) libwinpr-timezone0.1 - Windows Portable Runtime library (timezone library) libwinpr-utils0.1 - Windows Portable Runtime library (utils library) libwinpr-winhttp0.1 - Windows Portable Runtime library (winhttp library) libwinpr-winsock0.1 - Windows Portable Runtime library (winsock library) libxfreerdp-client-dbg - RDP client
Accepted libjpeg-turbo 1:1.3.1-12+deb8u1 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 22 Jan 2019 20:46:50 +0100 Source: libjpeg-turbo Binary: libjpeg-dev libjpeg62-turbo-dev libjpeg62-turbo libjpeg62-turbo-dbg libturbojpeg1 libturbojpeg1-dbg libturbojpeg1-dev libjpeg-turbo-progs libjpeg-turbo-progs-dbg Architecture: source all amd64 Version: 1:1.3.1-12+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Ondřej Surý Changed-By: Mike Gabriel Description: libjpeg-dev - Development files for the JPEG library [dummy package] libjpeg-turbo-progs - Programs for manipulating JPEG files libjpeg-turbo-progs-dbg - Programs for manipulating JPEG files (debugging symbols) libjpeg62-turbo - libjpeg-turbo JPEG runtime library libjpeg62-turbo-dbg - Debugging symbols for the libjpeg-turbo JPEG library libjpeg62-turbo-dev - Development files for the libjpeg-turbo JPEG library libturbojpeg1 - TurboJPEG runtime library - SIMD optimized libturbojpeg1-dbg - TurboJPEG runtime library - SIMD optimized (debugging symbols) libturbojpeg1-dev - Development files for the TurboJPEG library Changes: libjpeg-turbo (1:1.3.1-12+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2018-11212: Check image size when reading targa file. Throw an error when image width or height is 0. * CVE-2018-11213, CVE-2018-11214: Check range of integer values in PPM text file. Add checks to ensure values are within the specified range. (This in theory also fixes unimportant-to-Debian issue CVE-2016-3616). * CVE-2018-1152: tjLoadImage(): Fix FPE triggered by malformed BMP. Checksums-Sha1: 0c3f15a72d8bab3ba61209559a97eeb082385dd7 2591 libjpeg-turbo_1.3.1-12+deb8u1.dsc 5fa19252e5ca992cfa40446a0210ceff55fbe468 1390282 libjpeg-turbo_1.3.1.orig.tar.gz 929a62fc58ada8ab6f6399d16f4c142637b3f133 81232 libjpeg-turbo_1.3.1-12+deb8u1.debian.tar.xz 3abc2e216fb8578e86c35bd56ed1bc807106e7e8 49546 libjpeg-dev_1.3.1-12+deb8u1_all.deb 21336b77bc74f3fe9527c84657573c2a6e1b3d3b 456972 libjpeg62-turbo-dev_1.3.1-12+deb8u1_amd64.deb 95ff1fe13e325b408de03a766b0049b751a7f6f0 116686 libjpeg62-turbo_1.3.1-12+deb8u1_amd64.deb 7ab160eb962654df2b6aa5f5d1bd52e5e307ffab 318686 libjpeg62-turbo-dbg_1.3.1-12+deb8u1_amd64.deb 2415e219e8e2ffc8f8916abd16294585a0746e3a 126982 libturbojpeg1_1.3.1-12+deb8u1_amd64.deb 7b1bacd158e9bdc564550a9c7dd4a45aa3c7a63b 355334 libturbojpeg1-dbg_1.3.1-12+deb8u1_amd64.deb d26bc7a7f546ae8248b328b6f79aaa2e0f730301 498016 libturbojpeg1-dev_1.3.1-12+deb8u1_amd64.deb c696a1f7b2864f9f38dcb39c571912ed30cfd3ee 83232 libjpeg-turbo-progs_1.3.1-12+deb8u1_amd64.deb 6e646b26eae093dcfe654c762d531e7ede67ccd1 187578 libjpeg-turbo-progs-dbg_1.3.1-12+deb8u1_amd64.deb Checksums-Sha256: 1e25b1182557628cc43e271a9703ac91f8029062ef848c58f57a17d20929b336 2591 libjpeg-turbo_1.3.1-12+deb8u1.dsc c132907417ddc40ed552fe53d6b91d5fecbb14a356a60ddc7ea50d6be9666fb9 1390282 libjpeg-turbo_1.3.1.orig.tar.gz 80db43c97a0c7c7f42794773261061bec5989edce52326ccd235b101edbb825e 81232 libjpeg-turbo_1.3.1-12+deb8u1.debian.tar.xz ad5144db360e9fb84eba426b0ec7841a41c2b584abf97048d45e09dddb7c1873 49546 libjpeg-dev_1.3.1-12+deb8u1_all.deb 7ec7f926e3ac443373c90805cec6ed1afb0c0d4bcc950e5e594da08cade27441 456972 libjpeg62-turbo-dev_1.3.1-12+deb8u1_amd64.deb 717cf834afa6e71b70041b301656158ad541995e32d71158ef355ce54b276c3c 116686 libjpeg62-turbo_1.3.1-12+deb8u1_amd64.deb b9838169c5abf690151ac5d57507280395ddeaa956f00a1e79db174b854dcb60 318686 libjpeg62-turbo-dbg_1.3.1-12+deb8u1_amd64.deb c4f2184f28563792da03677745d57510eed0d88118fe849bbeb31c83e07aff17 126982 libturbojpeg1_1.3.1-12+deb8u1_amd64.deb a7db947d9b39e212d9694c5b02f0a5790ab8dd50ea96b335d807960a83586e3a 355334 libturbojpeg1-dbg_1.3.1-12+deb8u1_amd64.deb 374ad1a88df74f9eaabea4efe9d518fa5bb2c65fdacf2566540e99fa69f6d126 498016 libturbojpeg1-dev_1.3.1-12+deb8u1_amd64.deb 8fd805b373e9c80a5fba61f7e57d70d94919a73779a363790903573e51566191 83232 libjpeg-turbo-progs_1.3.1-12+deb8u1_amd64.deb 17d3246b30d49b29ce47597c47c83c155cb80aa769943f90d5b1e21f38eb4305 187578 libjpeg-turbo-progs-dbg_1.3.1-12+deb8u1_amd64.deb Files: 378ec007f9461933723d6301f1841201 2591 graphics optional libjpeg-turbo_1.3.1-12+deb8u1.dsc 2c3a68129dac443a72815ff5bb374b05 1390282 graphics optional libjpeg-turbo_1.3.1.orig.tar.gz 7c680599ee7e96fd2641c6f8adb61558 81232 graphics optional libjpeg-turbo_1.3.1-12+deb8u1.debian.tar.xz d2ab54e1d253b1def0f2c34fa36dc288 49546 libdevel optional libjpeg-dev_1.3.1-12+deb8u1_all.deb 78337e6ac166e0cd20672913f2de6320 456972 libdevel optional libjpeg62-turbo-dev_1.3.1-12+deb8u1_amd64.deb a464cd08f50ad1c2055a14b068b3184c 116686 libs optional libjpeg62-turbo_1.3.1-12+deb8u1_amd64.deb 63184328927234b8969985eb3e88263a 318686 debug extra libjpeg62-turbo-dbg_1.3.1-12+deb8u1_amd64.deb 096863f3db60dc789df3fd041665e8c9 126982 libs optional libturbojpeg1_1.3.1-12+deb8u1_amd64.deb 66f55f6b8cd865def473cc482098a012 355334 debug extra
Accepted sssd 1.11.7-3+deb8u2 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 17 Jan 2019 12:13:23 +0100 Source: sssd Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss libpam-sss libipa-hbac0 libipa-hbac-dev libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev libsss-sudo python-libipa-hbac python-libsss-nss-idmap python-sss Architecture: source amd64 Version: 1.11.7-3+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian SSSD Team Changed-By: Mike Gabriel Description: libipa-hbac-dev - FreeIPA HBAC Evaluator library libipa-hbac0 - FreeIPA HBAC Evaluator library libnss-sss - Nss library for the System Security Services Daemon libpam-sss - Pam module for the System Security Services Daemon libsss-idmap-dev - ID mapping library for SSSD -- development files libsss-idmap0 - ID mapping library for SSSD libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files libsss-nss-idmap0 - SID based lookups library for SSSD libsss-sudo - Communicator library for sudo python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library python-libsss-nss-idmap - Python bindings for the SID lookups library python-sss - Python module for the System Security Services Daemon sssd - System Security Services Daemon -- metapackage sssd-ad- System Security Services Daemon -- Active Directory back end sssd-ad-common - System Security Services Daemon -- PAC responder sssd-common - System Security Services Daemon -- common files sssd-dbus - System Security Services Daemon -- D-Bus responder sssd-ipa - System Security Services Daemon -- IPA back end sssd-krb5 - System Security Services Daemon -- Kerberos back end sssd-krb5-common - System Security Services Daemon -- Kerberos helpers sssd-ldap - System Security Services Daemon -- LDAP back end sssd-proxy - System Security Services Daemon -- proxy back end sssd-tools - System Security Services Daemon -- tools Closes: 919051 Changes: sssd (1.11.7-3+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS team. * CVE-2019-3811: Return "" for users with no configured home directory (rather than returning "/".). (Closes: #919051). Checksums-Sha1: ba397f4f38a6fdee466c0b065c7492f57ed7 3781 sssd_1.11.7-3+deb8u2.dsc 4d6184309da91dedfa1fcb75f604e9a5d162f68f 46164 sssd_1.11.7-3+deb8u2.diff.gz f12553a7064c8582d1850e6787562f4b27b0636c 13450 sssd_1.11.7-3+deb8u2_amd64.deb 2fef876beba71ddb3e8fa025d8a8ff9cd7907d27 631588 sssd-common_1.11.7-3+deb8u2_amd64.deb e79ec820fc5bae2fdd64fbffdaa633b90ef977c9 66478 sssd-ad_1.11.7-3+deb8u2_amd64.deb 024a418eb76859de35a6d0341e1208235c0f2272 44564 sssd-ad-common_1.11.7-3+deb8u2_amd64.deb 5abacc68945d0f26f431c745714c2d521ee3a6de 45454 sssd-dbus_1.11.7-3+deb8u2_amd64.deb f5f82edccd40146a2408fb0361cb730fbc40a436 113590 sssd-ipa_1.11.7-3+deb8u2_amd64.deb 9cf58e00ac551f5356c0af50df33da275fc60941 28960 sssd-krb5_1.11.7-3+deb8u2_amd64.deb 1256eaf877957b2e212aae9d34d3721ad14a069d 83740 sssd-krb5-common_1.11.7-3+deb8u2_amd64.deb 7510b797ef9f812a86f5cfb822097c813b365058 59190 sssd-ldap_1.11.7-3+deb8u2_amd64.deb ea770005059333964de74cd25c613fa2d701abf9 40012 sssd-proxy_1.11.7-3+deb8u2_amd64.deb a7a2fb31ec5599284f71c36d38a36a687909ceae 113762 sssd-tools_1.11.7-3+deb8u2_amd64.deb 798bb2c6f1266253e18b89c36a755908f4c3965c 26278 libnss-sss_1.11.7-3+deb8u2_amd64.deb 0f30ae6b55592f9454cb9c29e0c0312e201a2f39 28408 libpam-sss_1.11.7-3+deb8u2_amd64.deb a428f695ab1b0af7b4b30613c1be3bdcc163f9c3 16720 libipa-hbac0_1.11.7-3+deb8u2_amd64.deb 50d52bf9a4d1e7392b4865959cfa0652a31fd4e5 15678 libipa-hbac-dev_1.11.7-3+deb8u2_amd64.deb 8f94a0e91bb67215e293a9b60dd9b29e214d8294 21178 libsss-idmap0_1.11.7-3+deb8u2_amd64.deb c0cb3fdccd5ccfb26e91b0baacba02e5f6067032 17450 libsss-idmap-dev_1.11.7-3+deb8u2_amd64.deb b01698dbb6137de231eab8f92638aac81a7aa4b6 2 libsss-nss-idmap0_1.11.7-3+deb8u2_amd64.deb ae36f5beadc964260df11e8681c6deec4fff832a 14410 libsss-nss-idmap-dev_1.11.7-3+deb8u2_amd64.deb 3b20de3136c97592ad83e45d4699e0dede08830a 21020 libsss-sudo_1.11.7-3+deb8u2_amd64.deb 1d159dafb5b181638f094c975c0dad34f2d6471d 24410 python-libipa-hbac_1.11.7-3+deb8u2_amd64.deb 4375dbb08b6e122b1cad9599e1169afb5c0db8fe 17014 python-libsss-nss-idmap_1.11.7-3+deb8u2_amd64.deb 831c5d8f7eb4dce0742caa06904afdd5a6670359 55774 python-sss_1.11.7-3+deb8u2_amd64.deb Checksums-Sha256: ca921550d300a7d4dfc9d8e23ce2495e4d02f15043e469b1fa4e62f637ab8cd4 3781 sssd_1.11.7-3+deb8u2.dsc 47f878d0042eaaec7c5e9af1c0a888b8d28b2a369bd9179c968223fe0ed7ee70 46164 sssd_1.11.7-3+deb8u2.diff.gz 07eeb2397d0f97064c85dc3cbaa9a20fe97eaba6f580798a44bf07debe5f3abc 13450 sssd_1.11.7-3+deb8u2_amd64.deb b041a839335d47db04c1fec8dfbece146f3161ada1b9be0ae4ec28add3b76adb 631588 sssd-common_1.11.
Accepted sqlite3 3.8.7.1-1+deb8u3 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 22 Dec 2018 00:28:43 +0100 Source: sqlite3 Binary: lemon sqlite3 sqlite3-doc libsqlite3-0-dbg libsqlite3-0 libsqlite3-dev libsqlite3-tcl Architecture: source all amd64 Version: 3.8.7.1-1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Mike Gabriel Description: lemon - LALR(1) Parser Generator for C or C++ libsqlite3-0 - SQLite 3 shared library libsqlite3-0-dbg - SQLite 3 debugging symbols libsqlite3-dev - SQLite 3 development files libsqlite3-tcl - SQLite 3 Tcl bindings sqlite3- Command line interface for SQLite 3 sqlite3-doc - SQLite 3 documentation Changes: sqlite3 (3.8.7.1-1+deb8u3) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * CVE-2018-20346: Add extra defenses against strategically corrupt databases to fts3/4. Checksums-Sha1: fc7d2ff4450ba3d098d7ca3ba880b3f2ecbe6b0c 2583 sqlite3_3.8.7.1-1+deb8u3.dsc 2b145083445287bee9c7dcb3373301015b942bc7 3337784 sqlite3_3.8.7.1.orig-www.tar.bz2 a248816ea1e590214fe33c412c9a5b03a02e7709 4082068 sqlite3_3.8.7.1.orig.tar.bz2 4b9e81d8675a15aab28cb5bbe21fdf27ecf00c18 22544 sqlite3_3.8.7.1-1+deb8u3.debian.tar.xz 55e54c3ddcb253bc9b72e3c9a5088341a7979e65 3026928 sqlite3-doc_3.8.7.1-1+deb8u3_all.deb bf3d2515a4ecfae736185b71d4619009097f825a 117070 lemon_3.8.7.1-1+deb8u3_amd64.deb 51fcdfffd18d9c4e5329f1290fcfe4da91a9ab0d 101522 sqlite3_3.8.7.1-1+deb8u3_amd64.deb 9241d914f050cf263b7cc96c6e29195b481c2e35 1008704 libsqlite3-0-dbg_3.8.7.1-1+deb8u3_amd64.deb b663b783f746cb78ee67fb3cc3fa31caf1f6e74a 438394 libsqlite3-0_3.8.7.1-1+deb8u3_amd64.deb 6fff484eebc289721f25de43efb7156fbc95dd07 537940 libsqlite3-dev_3.8.7.1-1+deb8u3_amd64.deb a9ef38522f9be54238fdd605e8dc9e18be98edbe 87646 libsqlite3-tcl_3.8.7.1-1+deb8u3_amd64.deb Checksums-Sha256: a9724e31807793c02b9ef8d828cd83bafd6f3efe00973ffe70ff17ef666e1887 2583 sqlite3_3.8.7.1-1+deb8u3.dsc e642657752f20144f42d002895510ea635e0384b14f276f1a2f281b73252bc64 3337784 sqlite3_3.8.7.1.orig-www.tar.bz2 2632a999feba925aa0f1828fa669a091b165a719676765fb542f538345bfa7b9 4082068 sqlite3_3.8.7.1.orig.tar.bz2 5e5d51718d4dbfb7027ef82dc9eafdf86e17f78a20f8233e267aae6c0b2040a3 22544 sqlite3_3.8.7.1-1+deb8u3.debian.tar.xz f6b413a55090f73829e4b2839d76cf667a3c28bf2cb21edd6e7c69b14f2c9649 3026928 sqlite3-doc_3.8.7.1-1+deb8u3_all.deb c1df5b1804638b1442e320cbe5c87094ad097e6a8a28b6494169e9570a327471 117070 lemon_3.8.7.1-1+deb8u3_amd64.deb 90fdaca330b825f5479a66dca3205ecac381dfb0e2869bb2d03f633cdbc45aa2 101522 sqlite3_3.8.7.1-1+deb8u3_amd64.deb 70f4a0bbe125e827017f73ca756501d3a3023c8ef7f236d4b3593ce378389425 1008704 libsqlite3-0-dbg_3.8.7.1-1+deb8u3_amd64.deb d04dda2ca398e3a75aa1cf0bec985efaa9b64f3f0426e4b23e87d06a43350320 438394 libsqlite3-0_3.8.7.1-1+deb8u3_amd64.deb 75b49e93836278033943b44c00fcc48828529c3c5da5edbd1389066c60efb3b3 537940 libsqlite3-dev_3.8.7.1-1+deb8u3_amd64.deb a91dd98f3a3ee9e9e2c60ef94887ee4dc7331f7f68def639da5cde8341c10241 87646 libsqlite3-tcl_3.8.7.1-1+deb8u3_amd64.deb Files: 484aa8a82eb30145e06e8c7b54ccaa29 2583 devel optional sqlite3_3.8.7.1-1+deb8u3.dsc 7b29a382e72646f4c84744f1b536e5aa 3337784 devel optional sqlite3_3.8.7.1.orig-www.tar.bz2 c09684e906b9eea55fa349f9dab7ded9 4082068 devel optional sqlite3_3.8.7.1.orig.tar.bz2 19e8a54112d7688ceed50428f9aeed65 22544 devel optional sqlite3_3.8.7.1-1+deb8u3.debian.tar.xz 78b95ea871aff658db50302ba74b8528 3026928 doc optional sqlite3-doc_3.8.7.1-1+deb8u3_all.deb af774d6021526ac32dcc76a0a25d7559 117070 devel optional lemon_3.8.7.1-1+deb8u3_amd64.deb 6c2e4870fe3b2fc20a7566d909475658 101522 database optional sqlite3_3.8.7.1-1+deb8u3_amd64.deb 158813faaf7de07772ffaf02657e4e6a 1008704 debug extra libsqlite3-0-dbg_3.8.7.1-1+deb8u3_amd64.deb 1eebf70192bea9af0ace8815c02805dd 438394 libs standard libsqlite3-0_3.8.7.1-1+deb8u3_amd64.deb f0fd67ba49519e67418a90396bc7f47b 537940 libdevel optional libsqlite3-dev_3.8.7.1-1+deb8u3_amd64.deb 1005f788afc19ffaf2d12033e616cf45 87646 interpreters optional libsqlite3-tcl_3.8.7.1-1+deb8u3_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlwdgBwVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxTZEP/3OVB9Kp53FuUdATCoJdO6uA790w oz0n95Yi+EDvyRL4gBs/+MqpbIwy1ZvsXA0bRUl++uILhVUoy3nE9REbZWRzZsaa V3iVoPTyAwD39TA1AVnHkanDcE7bewfUotB/01WJPUsCFZXN0A8oSxtQD64MfmFM VRf11ZSfCkVQocLWYi82ayvdWR43RMR7FvC2QUXpWueYDQt1OA2XPDVN0DZjer5A bIbWnTZASPWRBtKesLViwkF9vKfONlr541IPirA+BHZOFPjBz5zNR75P7FlR1cwu Hz4u6SSflxynmsqwsGZubQz0TQ9xwlA/puLVNqJjdpk+Tj/R2OEmO29SNjunJaHM SEIKvA+J3MGkNNU8EFW5FPVFAUCNY4MvGknOPwu9tG7DvkRVqnJM048BXFlYU7Vv mbu9F/pfhK45l8cPtbHhCBr/fj7Pxv3hx4KJAhbru/pHX1g3vIvPHSTWM2g9aaf4 xtXzePuFVlv33zK6Y6vKJgMHdPRZPi8dx56QsYTM2Deh4+rwU0PAtiONLmJJf4A1 ANq6pHK5IlSGS0HPLs4a+JpAbg7971sQnYIdCR/1WaXmhLX44nJO1A0HTkrP/Lj2 sun9j1TXG8DjD/U5pX1cf7URgH6KbKESzv91uJNlh8kc0W9zWq9AxfLoUwIJq6Y0 NNHxuL2mmSAAzYim
Accepted libav 6:11.12-1~deb8u3 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 20 Dec 2018 22:56:40 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u3) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * debian/patches: + Rename CVE-2015-6822+6823+6824.patch to CVE-2015-6822.patch.. * CVE-2015-6823: avcodec/alac: Clear pointers in allocate_buffers(). * CVE-2015-6824: swscale/utils: Clear pix buffers. Fixes use of uninitialized memory. Checksums-Sha1: 29d44a844fa91d3e58b59c0fecffcad703f0694f 4023 libav_11.12-1~deb8u3.dsc c95dd3ebdfa67b08e322cefd4cd0bab675fb7a88 64084 libav_11.12-1~deb8u3.debian.tar.xz f45a1706ec161786d6cbf9ff441f0a3970d62700 18440680 libav-doc_11.12-1~deb8u3_all.deb 218d1e154982d2ed142400f878d8027db06f2f4e 65586 libavcodec-extra_11.12-1~deb8u3_all.deb ac38727c8a386c598e9844a0814f95db6694fba4 473170 libav-tools_11.12-1~deb8u3_amd64.deb b0165b5fd1569b0547902dec55ee53dde1dc3c57 21598842 libav-dbg_11.12-1~deb8u3_amd64.deb a80efde1fc4584fb8f912b49fee6bf7500c55aba 130554 libavutil54_11.12-1~deb8u3_amd64.deb 78e7dcb4d2356ef7b9da3693099a6ca31b5a0711 3109018 libavcodec56_11.12-1~deb8u3_amd64.deb 2e356abfc5ae6bc3a7ee3617133763e8e35aeef2 90472 libavdevice55_11.12-1~deb8u3_amd64.deb 495cde59d9d4253e24e717fefdc2c79a358ec250 584778 libavformat56_11.12-1~deb8u3_amd64.deb 6c758874e9c03d7727d69f2006a28aa31b809b21 171510 libavfilter5_11.12-1~deb8u3_amd64.deb c385a07fa663c68c6e4e0cdc6d55fd6cd8378c90 144048 libswscale3_11.12-1~deb8u3_amd64.deb d12dec592e3d4b7f1641dab81e96ae53ff0ef65d 192708 libavutil-dev_11.12-1~deb8u3_amd64.deb 91049d76fe517514e037f7be72eec4eccf79d973 3431348 libavcodec-dev_11.12-1~deb8u3_amd64.deb a97688201cace4e815cf0d9c2f1bb64dadd5b432 93520 libavdevice-dev_11.12-1~deb8u3_amd64.deb 7fe72d2f70943675ae6649af1112343300ff8917 690694 libavformat-dev_11.12-1~deb8u3_amd64.deb 288cf0e05e874a9af94f08dea0ac64abed20d83b 202772 libavfilter-dev_11.12-1~deb8u3_amd64.deb 79d3b5b016db6e6b59b2f208a22a701e513d5634 157042 libswscale-dev_11.12-1~deb8u3_amd64.deb 267a4a68a4ca3d788a95a9f6352aeb08f66c1377 111936 libavresample-dev_11.12-1~deb8u3_amd64.deb 18169fb3a773033045b6ee7451de8d64eff6ff56 102996 libavresample2_11.12-1~deb8u3_amd64.deb 1ab3995529e6c2dc4b13ac745f67fd7ae6a0667f 3112894 libavcodec-extra-56_11.12-1~deb8u3_amd64.deb Checksums-Sha256: 3122af21a12824407e6bf80979951a839168bc890a3cd73a45e4262565aa068f 4023 libav_11.12-1~deb8u3.dsc 1e13db8b055a502f05e49138fe9b6692a9ffb11305b39d7e8182a90fce4b39c9 64084 libav_11.12-1~deb8u3.debian.tar.xz 9cdcfaa805a4546065aed516404b581fd64604a33d3a5877323b522307305171 18440680 libav-doc_11.12-1~deb8u3_all.deb 49f13b0f5c57c59a31073a4ed5fb272b8ca9cac646c0c77eb818e52f907c8776 65586 libavcodec-extra_11.12-1~deb8u3_all.deb 83855e75e09a71ccc59f220e9c0e6fbe0567b1f87e841333728579c7e75def2f 473170 libav-tools_11.12-1~deb8u3_amd64.deb 2e4780be773991478890fe8e050678fd28d189f6f4c0957b4da9dccfbd06d2f6 21598842 libav-dbg_11.12-1~deb8u3_amd64.deb a3e364cbae86694c7fed85e95cf48cf8f260d5b94e6c1783ec0ec7ce57a95b3e 130554 libavutil54_11.12-1~deb8u3_amd64.deb cb17453126e3199c7992f083cf3abd16917630965c255c0db00cca68330e5f62 3109018 libavcodec56_11.12-1~deb8u3_amd64.deb ebc77cac26b8c78fba2dc298de503bc0960a202b380554f5b17bd7b1c4ad55de 90472 libavdevice55_11.12-1~deb8u3_amd64.deb bdc081cd347334caeffa1637c44a488370fcd87035078f39be41844e87e0d9de 584778 libavformat56_11.12-1~deb8u3_amd64.deb 515b034d2c8ba59c802d88bc3d8a7e12db9b55c5b4a02cbde4bb158b84098cf5 171510 libavfilter5_11.12
Accepted libav 6:11.12-1~deb8u2 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 19 Dec 2018 14:31:49 +0100 Source: libav Binary: libav-tools libav-dbg libav-doc libavutil54 libavcodec56 libavdevice55 libavformat56 libavfilter5 libswscale3 libavutil-dev libavcodec-dev libavdevice-dev libavformat-dev libavfilter-dev libswscale-dev libavresample-dev libavresample2 libavcodec-extra-56 libavcodec-extra Architecture: source all amd64 Version: 6:11.12-1~deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian Multimedia Maintainers Changed-By: Mike Gabriel Description: libav-dbg - Debug symbols for Libav related packages libav-doc - Documentation of the Libav API libav-tools - Multimedia player, encoder and transcoder libavcodec-dev - Development files for libavcodec libavcodec-extra - Libav codec library (additional codecs meta-package) libavcodec-extra-56 - Libav codec library (additional codecs) libavcodec56 - Libav codec library libavdevice-dev - Development files for libavdevice libavdevice55 - Libav device handling library libavfilter-dev - Development files for libavfilter libavfilter5 - Libav video filtering library libavformat-dev - Development files for libavformat libavformat56 - Libav file format library libavresample-dev - Development files for libavresample libavresample2 - Libav audio resampling library libavutil-dev - Development files for libavutil libavutil54 - Libav utility library libswscale-dev - Development files for libswscale libswscale3 - Libav video scaling library Changes: libav (6:11.12-1~deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * CVE-2014-9317: avcodec/pngdec: Check IHDR/IDAT order. Prevent remote attackers from causing a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file. * CVE-2015-6761: avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup. The variable is not a constant and can lead to race conditions. * CVE-2015-6818: avcodec/pngdec: Only allow one IHDR chunk. Multiple IHDR chunks are forbidden in PNG. Fixes inconsistency and out of array accesses. * CVE-2015-6820: avcodec/aacsbr: check that the element type matches before applying SBR. Fixes out of array access. * CVE-2015-6821: avcodec/mpegvideo: Clear pointers in ff_mpv_common_init(). This ensures that no stale pointers leak through on any path. * CVE-2015-6822, CVE-2015-6823, CVE-2015-6824: avcodec/sanm: Reset sizes in destroy_buffers(). * CVE-2015-6825: avcodec/pthread_frame: clear priv_data, avoid stale pointer in error case. * CVE-2015-6826: avcodec/rv34: Clear pointers in ff_rv34_decode_init_thread_copy(). Avoids leaving stale pointers. * CVE-2015-8216: avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it. Fixes out of array access. * CVE-2015-8217: avcodec/hevc_ps: Check chroma_format_idc. Fixes out of array access. * CVE-2015-8363: avcodec/jpeg2000dec: Check for duplicate SIZ marker. * CVE-2015-8364: avcodec/ivi: Check image dimensions. Fixes integer overflow. * CVE-2015-8661: avcodec/h264_slice: Limit max_contexts when slice_context_count is initialized. Fixes out of array access. * CVE-2015-8662: avcodec/jpeg2000dwt: Check ndeclevels before calling dwt_decode*(). Fixes out of array access. * CVE-2015-8663: avcodec/utils: Clear dimensions in ff_get_buffer() on failure. Fixes out of array access. * CVE-2016-10190: http: make length/offset-related variables unsigned. Required cherry-picking 3668701f and 362c17e6 from ffmpeg.git. * CVE-2016-10191: avformat/rtmppkt: Check for packet size mismatches. Fixes out of array access. Checksums-Sha1: dddc80889e64e8e01cee06d145d7913befbf32fb 4023 libav_11.12-1~deb8u2.dsc 61d5dcab5fde349834af193a572b12a5fd6a4d42 4865624 libav_11.12.orig.tar.xz a46c5abf3539d805b46c577fbdcd9c1bc81e70eb 63348 libav_11.12-1~deb8u2.debian.tar.xz c68b8cb7a40af736d4fac5f2df14f833d66e7ba8 18439966 libav-doc_11.12-1~deb8u2_all.deb e66e60e2e3cf007a1187c3fc294d0d838bc274c3 65506 libavcodec-extra_11.12-1~deb8u2_all.deb d00bcba1eaae7f6243a487f4503bfc0520606359 472802 libav-tools_11.12-1~deb8u2_amd64.deb 8216ee04b089f67ebac48bf6ef57e42a8b76bb49 21598990 libav-dbg_11.12-1~deb8u2_amd64.deb 766a029a861ccf4d517d2309f9f2416039a958b2 130458 libavutil54_11.12-1~deb8u2_amd64.deb eeec171f3f8a13030d7792711ba32d601b71bce4 3108822 libavcodec56_11.12-1~deb8u2_amd64.deb 97eb8a3c424cbb77664240ff4231f687bc7eac78 90414 libavdevice55_11.12-1~deb8u2_amd64.deb 700dcdbfec70e85ab4857d640b2e60655b427bf1 584780 libavformat56_11.12-1~deb8u2_amd64.deb e5cb11481c516110116900e5c9e70a630c5d6282 171674 libavfilter5_11.12-1~deb8u2_amd64.deb aa28082b695da7ab9c63cea1ce94755ba0c8bc02 143968 libswscale3_11.12-1~deb8u2_amd64.deb 7e001b1d5ccd14037cc51b46de1da49a4002d6ff 192632 libavutil
Accepted poppler 0.26.5-2+deb8u7 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 12 Dec 2018 15:55:59 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u7 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Changes: poppler (0.26.5-2+deb8u7) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-16646: Add regression fix patches from upstream: + upstream_CVE-2018-16646-regfix1.patch + upstream_CVE-2018-16646-regfix2.patch Checksums-Sha1: 5eef40145cd1dc92d01f8823a9130197ba83dafd 3331 poppler_0.26.5-2+deb8u7.dsc c1438b014f9e611de1f4e1f476a268cc140e5d4d 41452 poppler_0.26.5-2+deb8u7.debian.tar.xz 1162c21e3b5b36948eb8dcc29f9cca1ad1baf836 1213090 libpoppler46_0.26.5-2+deb8u7_amd64.deb 7a3d50eef70ee94a60487d9d212688abbb8b29bb 768126 libpoppler-dev_0.26.5-2+deb8u7_amd64.deb ad3f2484642f7142c4bea2e04eb79ef27302787d 180496 libpoppler-private-dev_0.26.5-2+deb8u7_amd64.deb e0177d7ba3b45a50dc653abf42ca3aebce0d2942 122312 libpoppler-glib8_0.26.5-2+deb8u7_amd64.deb 1242ce03e3ed131e35aeef72ebf2d31a23e84cff 163458 libpoppler-glib-dev_0.26.5-2+deb8u7_amd64.deb 39f981baaa6ff779a1571210914748fafecadb4a 85954 libpoppler-glib-doc_0.26.5-2+deb8u7_all.deb a17eeedf1078842c476de938ada49786c31a0abe 34420 gir1.2-poppler-0.18_0.26.5-2+deb8u7_amd64.deb 1bec4befbb471f894139319d7eab36880749d2de 127994 libpoppler-qt4-4_0.26.5-2+deb8u7_amd64.deb 47440a2b3d64124bafdbec55efc898b4c459931d 159310 libpoppler-qt4-dev_0.26.5-2+deb8u7_amd64.deb 88d06c9b7aeddae983bffdb35c9253fd3a47ab89 132118 libpoppler-qt5-1_0.26.5-2+deb8u7_amd64.deb 21dddb7d9863183696cf50bfe98f64171829033b 165388 libpoppler-qt5-dev_0.26.5-2+deb8u7_amd64.deb d3ff8906e2c3524d729b5b445ec99140210a026e 45076 libpoppler-cpp0_0.26.5-2+deb8u7_amd64.deb 0eddeda894c6f84b7932d5a6f16e7df4785dbba9 49424 libpoppler-cpp-dev_0.26.5-2+deb8u7_amd64.deb 1ad0905bd3899dac1a317cae0f31f317dbdf21f3 140950 poppler-utils_0.26.5-2+deb8u7_amd64.deb 21ea8ffd436a7cc842ab93a3073689a7823684f8 7686380 poppler-dbg_0.26.5-2+deb8u7_amd64.deb Checksums-Sha256: 9c3db8bc083795e954941aa4a5e68fb435e1fc423f1a44ab6cdadaaa3751d4fe 3331 poppler_0.26.5-2+deb8u7.dsc 039b9c67cd0f982bfbfaa0cac0d670386d0787fc8da931538f103ff65d9722ef 41452 poppler_0.26.5-2+deb8u7.debian.tar.xz ef25a0fef8b1d917dd81c789be1119b8e00ed030a4ece7a454e96f65b9b164e7 1213090 libpoppler46_0.26.5-2+deb8u7_amd64.deb c67d9d800b878ac18d9c90b3c618755db2e0994f0e2ffc4f4ed0040906aaf38b 768126 libpoppler-dev_0.26.5-2+deb8u7_amd64.deb d22015a07102e48d3bdf0a5f834de1add17e6b1e669399d80cb92b2e4d76bdac 180496 libpoppler-private-dev_0.26.5-2+deb8u7_amd64.deb ae1835b58bfc222e497e7510b96ff579e924905d80a9b96ef09b758bc8a7c913 122312 libpoppler-glib8_0.26.5-2+deb8u7_amd64.deb 83da84f44ce8f1f5d08550dcb5396869788d2de779229eea4c36249587590827 163458 libpoppler-glib-dev_0.26.5-2+deb8u7_amd64.deb 511fe03a408610bfbaa731e57e515cdb15bd032f138ef5dc32a2e61bc1a05757 85954 libpoppler-glib-doc_0.26.5-2+deb8u7_all.deb 961caec90a7755a1c212d0f12d2652d869397d0ddd9d73ddafd9bd07d926847d 34420 gir1.2-poppler-0.18_0.26.5-2+deb8u7_amd64.deb fd6ac90031ddb8fd99af92e8706dee7152b958e87190e1b20a99d396d4353290 127994 libpoppler-qt4-4_0.26.5-2+deb8u7_amd64.deb 23ebd9c21c82738273bc4b71ba38f0c078a0cb5943aa6104a3a8de2a5a109666 159310 libpoppler-qt4-dev_0.26.5-2+deb8u7_amd64.deb fdb787b1e10fdc5731aa56e8ae3e22902084c9521ee977169e788c56ca80b84e 132118 libpoppler-qt5-1_0.26.5-2+deb8u7_amd64.deb fc772b79ab5172bbf6244e8d122daba7b1bc4405cadabd821fc38c0fb0268c1e 165388 libpoppler-qt5-dev_0.26.5-2+deb8u7_amd64.deb
Accepted poppler 0.26.5-2+deb8u5 (source amd64 all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 31 Oct 2018 12:47:07 +0100 Source: poppler Binary: libpoppler46 libpoppler-dev libpoppler-private-dev libpoppler-glib8 libpoppler-glib-dev libpoppler-glib-doc gir1.2-poppler-0.18 libpoppler-qt4-4 libpoppler-qt4-dev libpoppler-qt5-1 libpoppler-qt5-dev libpoppler-cpp0 libpoppler-cpp-dev poppler-utils poppler-dbg Architecture: source amd64 all Version: 0.26.5-2+deb8u5 Distribution: jessie-security Urgency: medium Maintainer: Loic Minier Changed-By: Mike Gabriel Description: gir1.2-poppler-0.18 - GObject introspection data for poppler-glib libpoppler-cpp-dev - PDF rendering library -- development files (CPP interface) libpoppler-cpp0 - PDF rendering library (CPP shared library) libpoppler-dev - PDF rendering library -- development files libpoppler-glib-dev - PDF rendering library -- development files (GLib interface) libpoppler-glib-doc - PDF rendering library -- documentation for the GLib interface libpoppler-glib8 - PDF rendering library (GLib-based shared library) libpoppler-private-dev - PDF rendering library -- private development files libpoppler-qt4-4 - PDF rendering library (Qt 4 based shared library) libpoppler-qt4-dev - PDF rendering library -- development files (Qt 4 interface) libpoppler-qt5-1 - PDF rendering library (Qt 5 based shared library) libpoppler-qt5-dev - PDF rendering library -- development files (Qt 5 interface) libpoppler46 - PDF rendering library poppler-dbg - PDF rendering library -- debugging symbols poppler-utils - PDF utilities (based on Poppler) Closes: 898357 909802 Changes: poppler (0.26.5-2+deb8u5) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-16646: Handle duplicate objects more robustly. Prohibit DoS attacks via crafted PDF files causing inifinite recursions. (Closes: #909802). This fix adds the following patches: + upstream_Fix-rendering-of-some-broken-PDF-files.patch + upstream_Allow-newlines-in-num-gen-obj-sequence.patch + upstream_XRef-Fix-runtime-undefined-behaviour.patch + upstream_CVE-2018-16646_Fail-when-PDF-contains-duplicate-objects.patch + upstream_CVE-2018-16646_Allow-duplicated-objects-in-incremental-updates. patch * CVE-2018-10768: Fix crash on AnnotInk::draw for malformed documents. * CVE-2017-18267: FoFiType1C::cvtGlyph: Fix infinite recursion on malformed documents. (Closes: #898357). * CVE-2018-13988.patch: Fix crash when Object has negative number. Specs say, number has be > 0 and gen >= 0. Original upstream patch backported to old Object API: + upstream-modified_CVE-2018-13988.patch Checksums-Sha1: 1b74b217b107a888c7ae5f1b9fe09b30a9e205e9 3331 poppler_0.26.5-2+deb8u5.dsc 5f56ef63b712c356e7cfb833a5a7f04255bae33a 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz d330a0c7fde7d6bcf3cc3023afbdc6613d6454dd 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb 586ddb413f6c2f72f24bd8b571e2330ff03b0dcf 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb e6ed488e5059888ddeb25612dd66dfeab9ebba9d 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb f72206a1d66e0ffc97249e7aad911b9de932ebfa 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd64.deb 0ace8ee98f8bfd80db5552c38d7b2a2ae66aadb1 163500 libpoppler-glib-dev_0.26.5-2+deb8u5_amd64.deb bf325a5d1f6a9b64ff0f76d31fe751b7c49bc1be 85842 libpoppler-glib-doc_0.26.5-2+deb8u5_all.deb 4294f5ab3b3910e4d2ce4dde255124016390fc58 34326 gir1.2-poppler-0.18_0.26.5-2+deb8u5_amd64.deb db1498584cdeb6278d5deed4083bf5ef3be31a9a 127708 libpoppler-qt4-4_0.26.5-2+deb8u5_amd64.deb 2002f6798b9b3d21b55c44d26e9a73cdcc804db7 158900 libpoppler-qt4-dev_0.26.5-2+deb8u5_amd64.deb bb1fdce423892eaccd47451a986ab7f0edabe5ff 132238 libpoppler-qt5-1_0.26.5-2+deb8u5_amd64.deb 0b012fd7a1390cd875b6ae8ae6f3c6db74c3fd84 165658 libpoppler-qt5-dev_0.26.5-2+deb8u5_amd64.deb 886674499ec98bf25343497666fc2413359751f2 44778 libpoppler-cpp0_0.26.5-2+deb8u5_amd64.deb 2b2b8ac0289c7c8b8a4aa3385be6b2e2d974516c 49336 libpoppler-cpp-dev_0.26.5-2+deb8u5_amd64.deb e2edcd563a0411d2b4805e7c1de003e018fb6151 140904 poppler-utils_0.26.5-2+deb8u5_amd64.deb 75524dc64725452d4ab5d0993f8fe50df4414190 7699424 poppler-dbg_0.26.5-2+deb8u5_amd64.deb Checksums-Sha256: 902cba51b4898917e0e86e11a71b01834faf6ed7174a7334ffc0985a6cbb858f 3331 poppler_0.26.5-2+deb8u5.dsc fa1784e8629ad163d1c5f786a9c80974d57be2b82b4e84a57acfb4bc0a2611d9 41356 poppler_0.26.5-2+deb8u5.debian.tar.xz b17ea73d482a2072560f630bc7d98b91b96e409de47560310561bee2d3224c86 1213944 libpoppler46_0.26.5-2+deb8u5_amd64.deb 7ce04869e65d67689562a2288c898480bbfa65732fd4b1030ac0924ae4f00dd9 768576 libpoppler-dev_0.26.5-2+deb8u5_amd64.deb 6b6f57f2338427dfea852a23d256b3fd0f46e54475caa8b29c1d3d9f01a4721a 180710 libpoppler-private-dev_0.26.5-2+deb8u5_amd64.deb 12545af75fc9f5487bcd9c671431c1d112a38e3f47e75ab0b7d56083dc7a 122298 libpoppler-glib8_0.26.5-2+deb8u5_amd
Accepted polarssl 1.3.9-2.1+deb8u4 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 25 Sep 2018 12:32:28 +0200 Source: polarssl Binary: libpolarssl-dev libpolarssl-runtime libpolarssl7 Architecture: source amd64 Version: 1.3.9-2.1+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Roland Stigge Changed-By: Mike Gabriel Description: libpolarssl-dev - lightweight crypto and SSL/TLS library libpolarssl-runtime - lightweight crypto and SSL/TLS library libpolarssl7 - lightweight crypto and SSL/TLS library Changes: polarssl (1.3.9-2.1+deb8u4) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-0497: Protection against Lucky13 attack when using HMAC-SHA-384. Fixes regression introduced in 1.2.5-1 (CVE-2013-0169). * CVE-2018-0498 (three patches): Fix Lucky 13 cache attack on MD/SHA padding. * CVE-2018-9988 (two patches): Prevent arithmetic overflow on bounds check and add bound check before signature length read in ssl_parse_server_key_exchange(). * CVE-2018-9989 (two patches): Prevent arithmetic overflow on bounds check and add bound check before length read in ssl_parse_server_psk_hint(). Checksums-Sha1: fcac34634c35bd302e984992c963e257a6035ae3 1930 polarssl_1.3.9-2.1+deb8u4.dsc b8c8adeb5e36c9c8729a857d85318fb740a405de 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz 91c4bac2ca167a529a9ee1a269651de8d958b7b1 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 49f2ef8efe107289df5e58a372b2f017f2031e51 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 826c85b9cce9833af650524ffce96520fdc190f1 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb Checksums-Sha256: 80fb072f1c3ba7da53e0913ccf81c34191790322af74f284780b0dcadfbcb56b 1930 polarssl_1.3.9-2.1+deb8u4.dsc 445894cfb310383a13ec84a77ae97d3bd5af3efa4e156b1a389193ba888e6dbe 19880 polarssl_1.3.9-2.1+deb8u4.debian.tar.xz c9d65306958397994b9bc5777591f8ffdabee39878686a3ac1920283d8ef14a9 327266 libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 14497b87201a0f8e036984d1d81208dc3c36dbd7df657e8e6c0a4065af27752d 684924 libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 10f0bd516edc9a052492c974008e23139c2a31b1c2082fc3414ec288a7e47895 230936 libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb Files: 6ba043432ba352587cd28ae6c8930536 1930 libs optional polarssl_1.3.9-2.1+deb8u4.dsc 95835702f0fc35e4a01b8ece295c3ee6 19880 libs optional polarssl_1.3.9-2.1+deb8u4.debian.tar.xz be4dafa2251146c2282dcc06766a326c 327266 libdevel optional libpolarssl-dev_1.3.9-2.1+deb8u4_amd64.deb 32e7d791e3f94c4fc4ce5c1dd5d9e720 684924 libdevel optional libpolarssl-runtime_1.3.9-2.1+deb8u4_amd64.deb 84204579fe703bd7ff12c41a30a6ae0d 230936 libs optional libpolarssl7_1.3.9-2.1+deb8u4_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluqJXQVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxmJIP/2hw64AtRkVzQv3dE94LcUBqQ2U4 7GoKlHTu1y+38f3FIVwjIFWF646SVOZFv5PFLD32pvyh9a5bmu8zYVVfwK3gPlL1 p2HTGZWpDCR7ENmLDBrk5JXgro7BaCh7FyczDNiIZgOVUnbs6kHePkucjM21wZdZ ZJxzlCzsxtp+sOetVdEAEdRR2b3IHwHMAw882lKJCWwVoV0NC1vanv8V1f9aORs9 G12kjy4m9ySRPBEWyM+pcPLxvJvTgY2AkalW/I8oDdAUDxXv9f6I90w1+0rSCYS3 FjioMOeKY6/sNf5RRu8+QN1ASNcp5u8yUL1EZuUxvby5OmzubEb13bKGcMGjNoaT tLob89ItYzgFOOVLrLacGp7iWDqvKolgh/HVPUNrdRb16lV2Ng8VHYFcWI8r4z1D legT8bjXuwUKvyWxfR/Ovma7dGZZhDDNA5I+OJ01pBbGExJKMJR+uM07iD8dHEkh IA7e2Kg2oh/a2pSEBXbZR/K580YQPVo917uyi8VJFr+eO5gowQ/PaLxvIff+KDM9 RWG8whW59leyR9DCwZpGIuFY2nkkqminP+uOOjo0llNOLXc/fLKIesyB62ydYu/3 Z7eGQfnwflpoia6Z93qlF4R4csN3xOScdWwViCZZ4geintvNSJO6/VGoTrvaSX6A AU0m6ClIpUt+w+T1 =JaVZ -END PGP SIGNATURE-
Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 31 Aug 2018 23:52:16 +0200 Source: spice-gtk Binary: spice-client-gtk spice-client-glib-usb-acl-helper libspice-client-glib-2.0-8 gir1.2-spice-client-glib-2.0 libspice-client-glib-2.0-dev libspice-client-gtk-2.0-4 gir1.2-spice-client-gtk-2.0 libspice-client-gtk-2.0-dev libspice-client-gtk-3.0-4 gir1.2-spice-client-gtk-3.0 libspice-client-gtk-3.0-dev python-spice-client-gtk Architecture: source amd64 Version: 0.25-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Liang Guo Changed-By: Mike Gabriel Description: gir1.2-spice-client-glib-2.0 - GObject for communicating with Spice servers (GObject-Introspecti gir1.2-spice-client-gtk-2.0 - GTK2 widget for SPICE clients (GObject-Introspection) gir1.2-spice-client-gtk-3.0 - GTK3 widget for SPICE clients (GObject-Introspection) libspice-client-glib-2.0-8 - GObject for communicating with Spice servers (runtime library) libspice-client-glib-2.0-dev - GObject for communicating with Spice servers (development files) libspice-client-gtk-2.0-4 - GTK2 widget for SPICE clients (runtime library) libspice-client-gtk-2.0-dev - GTK2 widget for SPICE clients (development files) libspice-client-gtk-3.0-4 - GTK3 widget for SPICE clients (runtime library) libspice-client-gtk-3.0-dev - GTK3 widget for SPICE clients (development files) python-spice-client-gtk - GTK2 widget for SPICE clients (Python binding) spice-client-glib-usb-acl-helper - Spice client glib usb acl helper spice-client-gtk - Simple clients for interacting with SPICE servers Changes: spice-gtk (0.25-1+deb8u1) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. . Fix: Bail out with an error if the pointer to the start of some message data is strictly greater than the pointer to the end of the message data. . See review comments in debian/patches/CVE-2018-10873.patch about potential weaknesses of this fix. Checksums-Sha1: 9aab0ec657bc54dc5ccd166ce689e0b11d70e927 3501 spice-gtk_0.25-1+deb8u1.dsc dc4caf42d7497ba424efc22720946d116ead5dd2 1242457 spice-gtk_0.25.orig.tar.bz2 54c8eba041a4869e72c96bee0bbfcdfcb00dfd3c 13972 spice-gtk_0.25-1+deb8u1.debian.tar.xz 84ab52bc5daf372b39ef44f1cb58cfa3482d3c93 143616 spice-client-gtk_0.25-1+deb8u1_amd64.deb fa9d7025d2b91d2675a8909a4b511823ea5b3895 123280 spice-client-glib-usb-acl-helper_0.25-1+deb8u1_amd64.deb 8d542868ac90156114f25b0762f39850358f5d8c 412092 libspice-client-glib-2.0-8_0.25-1+deb8u1_amd64.deb 898d653b9242ab6017d8612b42d047fdbcb75bea 125106 gir1.2-spice-client-glib-2.0_0.25-1+deb8u1_amd64.deb 75322d47740ff7309dc1307c0e64283ce406608c 145686 libspice-client-glib-2.0-dev_0.25-1+deb8u1_amd64.deb 33aed38a899ccaa22513005a31bf267aff79ca81 151410 libspice-client-gtk-2.0-4_0.25-1+deb8u1_amd64.deb 21167358f47bc0979cf5c3cdee009663e4065662 119952 gir1.2-spice-client-gtk-2.0_0.25-1+deb8u1_amd64.deb dbc8bd3adc88e7eb4c8483a988ba222db6f7c70c 176978 libspice-client-gtk-2.0-dev_0.25-1+deb8u1_amd64.deb a3cc8d419902dc8efada7d0bd241347b9f205f3d 152324 libspice-client-gtk-3.0-4_0.25-1+deb8u1_amd64.deb 20b2ab3c988612608d8234c74d0b1cfed4171c1c 119950 gir1.2-spice-client-gtk-3.0_0.25-1+deb8u1_amd64.deb d041db3f114c2e7fd2f215890a0396cb8c4c9cff 125098 libspice-client-gtk-3.0-dev_0.25-1+deb8u1_amd64.deb 1ee5f41db8580f7b0044690f17e23d4f1878b436 129330 python-spice-client-gtk_0.25-1+deb8u1_amd64.deb Checksums-Sha256: d1cef3d9d26636900cb51e082eca45989806b6397649d50c11cf94ef91a7b17b 3501 spice-gtk_0.25-1+deb8u1.dsc 0730c6a80ad9f5012f65927d443377019f300573f7ccc93db84eadec462ad087 1242457 spice-gtk_0.25.orig.tar.bz2 d07351332754dbb78e3f707f6cfa7ab278bd2d46c60e5a77be46b4f33d2048d1 13972 spice-gtk_0.25-1+deb8u1.debian.tar.xz c209f961d0a5057e6a49ed81860ec9270a096a3296d494c9b35ee8dd5b120b45 143616 spice-client-gtk_0.25-1+deb8u1_amd64.deb 0486197f8560f1b2e499c5ad18a5477dedb1cb1bf773d763264eba607963b56a 123280 spice-client-glib-usb-acl-helper_0.25-1+deb8u1_amd64.deb 76da8267fd1a307f401a535d8e5df66d6ec7c110d6d5ead0d8fe4784d019e8f0 412092 libspice-client-glib-2.0-8_0.25-1+deb8u1_amd64.deb 6a861c0dca7d063bb1a2ce9395eafa67454321fa23f8bf874c063674a35a 125106 gir1.2-spice-client-glib-2.0_0.25-1+deb8u1_amd64.deb bed7c5cb8a6137c4e2f989f7f9017e74653456caea8d6941ed36a71e0ed08802 145686 libspice-client-glib-2.0-dev_0.25-1+deb8u1_amd64.deb f9aff8f0cc54e9102d2c303114861ecf041ed819142b9eab95904309662db2b4 151410 libspice-client-gtk-2.0-4_0.25-1+deb8u1_amd64.deb 3fe3f2bd3ce546599ffea728462b230321e5e1aefaceb84e56a052e3c8446ba4 119952 gir1.2-spice
Accepted spice 0.12.5-1+deb8u6 (source amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 31 Aug 2018 20:44:48 +0200 Source: spice Binary: spice-client libspice-server1 libspice-server1-dbg libspice-server-dev Architecture: source amd64 Version: 0.12.5-1+deb8u6 Distribution: jessie-security Urgency: medium Maintainer: Liang Guo Changed-By: Mike Gabriel Description: libspice-server-dev - Header files and development documentation for spice-server libspice-server1 - Implements the server side of the SPICE protocol libspice-server1-dbg - Debugging symbols for libspice-server1 spice-client - Implements the client side of the SPICE protocol Changes: spice (0.12.5-1+deb8u6) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts. . Fix: Bail out with an error if the pointer to the start of some message data is strictly greater than the pointer to the end of the message data. . See review comments in debian/patches/CVE-2018-10873.patch about potential weaknesses of this fix. Checksums-Sha1: 08ffd2a001aa30123c047dd3c7ad91688dc95179 2398 spice_0.12.5-1+deb8u6.dsc 2fabe47611cac6b43b3c2c61e400d7375f06e16a 1737169 spice_0.12.5.orig.tar.bz2 a0c57412a805615c21d05bbb88693422f5fba75b 32528 spice_0.12.5-1+deb8u6.debian.tar.xz 18b30b59aa86c94369e7c861dc3663f52f64cf5b 494628 spice-client_0.12.5-1+deb8u6_amd64.deb f9186feee231617f3f50e0fca64ca4b384ff8134 473024 libspice-server1_0.12.5-1+deb8u6_amd64.deb e1f73e015a8627438efbece0119688422870de6b 1213574 libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb 7ff3356af483af2fe36d350c447f49b13e2b501d 507340 libspice-server-dev_0.12.5-1+deb8u6_amd64.deb Checksums-Sha256: 759602fa0978bd77063ce72af9ea424919ff63bb954d602afd20d686cf84c12f 2398 spice_0.12.5-1+deb8u6.dsc 4209a20d8f67cb99a8a6ac499cfe79a18d4ca226360457954a223d6795c2f581 1737169 spice_0.12.5.orig.tar.bz2 028e5620545e5b447f565e6505b4643daa2467adc61aedb1177644e7c39bceb5 32528 spice_0.12.5-1+deb8u6.debian.tar.xz c4ce7952b70628856d1a66954849225b747e70d64bb1dbffb6050cef989a0238 494628 spice-client_0.12.5-1+deb8u6_amd64.deb 942d80ad05524066643f58075df470587968bde395c25e0a6e98f39e55aa9955 473024 libspice-server1_0.12.5-1+deb8u6_amd64.deb 31087232f91ed17caeb3dcf951f2e0097f1e1013fd3ae72592fc151bac433312 1213574 libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb c0da8de6583a2194fa0a8ecc954b597827d67623688ca8517ad2badc23e94243 507340 libspice-server-dev_0.12.5-1+deb8u6_amd64.deb Files: a9df62402ff8712d0dd68e8ac7ac19a3 2398 misc optional spice_0.12.5-1+deb8u6.dsc 1256286214fe402703c0a01bd3a85319 1737169 misc optional spice_0.12.5.orig.tar.bz2 70e542e318aa8abb8a0192dc33270180 32528 misc optional spice_0.12.5-1+deb8u6.debian.tar.xz 76dfeb14f31b43c60da300a13b317de4 494628 misc optional spice-client_0.12.5-1+deb8u6_amd64.deb 14125295758c019722375c7cbf7bbf7b 473024 libs optional libspice-server1_0.12.5-1+deb8u6_amd64.deb a53d9aeaf6a95cdc89ba8ce8ac2d0893 1213574 debug extra libspice-server1-dbg_0.12.5-1+deb8u6_amd64.deb 598643136be5cc00da0366353c789552 507340 libdevel optional libspice-server-dev_0.12.5-1+deb8u6_amd64.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluJqBwVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx9coP/24xh2nTKIvo0w1Fb4zDiEMFHBUA A2WcthvA6eoqcu0tf4WzzE42P28vgy3S26kYIIqRK1d+RNKjzHe3P0XJNw/95S2C vJ+T4qoJDmWhsDTh9fFLouvuCCEOXNYMFOgP7Ft1EMu49JdtjfMOPP5OcDLcw4xb jHPOVCe+jd4xRkIEoY9HgdxaF/VMx+uo3Goq6NQaILguMyVXcEQXxdFx3kMs5jH3 5blIWXGhI/41knKti5a8oppsuOSvgyE1tLid309i5Whkd8bliiah0SFOPN/1H4IS h3zt4quVK43n+HsX6LMvPufS1uJIvcYpPICNSgCJrpbGyYMsT/GLXK3zRdmMyMSI jeEZOizvvWbjtqujyWnse8apSqeT21glMgn9KrQiGU3HqZuONABiiuxQm+o/ZyzA O2Jnh2+MMSrQio9kEnWwbA08MFIUJUC4F53uDTWAda6UqsPwhsazopCGsGAbUJ5F 1Y0wJu06m6gqCqBqWnzKJs/++FVBMxsybtyEmQ33vG5IeLcoes/W61Mj3F4rBTg0 j8NVgw/1byG3euzIwCZjTwKw6LGVZLQFsXU5loBf+lPTzFv4CzEE4ftK+fWZilA3 sqXRcCs8g29VrI2bQAA6Cyj3FjlfbGswv6Z8am7vlM2DaEHyQ+L1AE6kYTBKlam/ CEzmSMB12JzMhFVR =7DLm -END PGP SIGNATURE-
Accepted 389-ds-base 1.3.3.5-4+deb8u2 (source all amd64) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 30 Aug 2018 16:40:44 +0200 Source: 389-ds-base Binary: 389-ds 389-ds-base-libs 389-ds-base-libs-dbg 389-ds-base-dev 389-ds-base 389-ds-base-dbg Architecture: source all amd64 Version: 1.3.3.5-4+deb8u2 Distribution: jessie-security Urgency: medium Maintainer: Debian 389ds Team Changed-By: Mike Gabriel Description: 389-ds - 389 Directory Server suite - metapackage 389-ds-base - 389 Directory Server suite - server 389-ds-base-dbg - 389 Directory Server suite - server debugging symbols 389-ds-base-dev - 389 Directory Server suite - development files 389-ds-base-libs - 389 Directory Server suite - libraries 389-ds-base-libs-dbg - 389 Directory Server suite - library debugging symbols Closes: 906985 Changes: 389-ds-base (1.3.3.5-4+deb8u2) jessie-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2018-10935: Check if the we are able to index the provided value. If we are not then slapd_qsort returns an error (LDAP_OPERATION_ERROR) . Fixes: Any authenticated user doing a search using ldapsearch with extended controls for server side sorting is bringing down the ldap server itself. (Closes: #906985). * CVE-2018-10871: Set nsslapd-unhashed-pw-switch by default to 'off'. Fixes: By default nsslapd-unhashed-pw-switch is set to 'on'. So a copy of the unhashed password is kept in modifiers and is possibly logged in changelog and retroCL. Checksums-Sha1: 4217c76d6af70a24a966a6d8adfda494aed58beb 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc 2897b418f04166b34c701155a7b62357d98c9272 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 9d7d1af739203b1460f3ec583dbd621a75cf02fd 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 80fe90f6ba1f4db7b0f5c27ae8c1d3954ccfe9ed 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 67381a9a2b0d0109717ba8b5e596f7bdb193602f 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb bebce1d084971bcda14d53caeca8c205a9311c5a 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb f935135d1de21fe8ee7608836d12e9d52384fdfb 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb bd77312010bb9ddfc32127a17017abe861468f5b 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Checksums-Sha256: e67800084a9615523a31dc04306b30eb075f3aef6ba6f46db803d87fa88cd4ed 2667 389-ds-base_1.3.3.5-4+deb8u2.dsc bde8c7a7170960f4a5f53f0a75e4fe532194fdcdaf2c0d37a2b7d65d986d5da3 34856 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz 1eaa2b2d8244f44131a583b6e83a29c5f76f1add6178ae2f7078b45256f34115 16118 389-ds_1.3.3.5-4+deb8u2_all.deb 2f4dac3301e033ec29a16ba33875be780d2056866e2a1ec1ac1a0488328630e2 387850 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 9a584b495818cd498870bc2c4dc1ce682147429a780e2f089730e008d2e83018 1283148 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb e33e5561240cc757f10c20af38e2d7462b67c1df59e0ad72edf2691c70a29b26 69502 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb 40d88b201f1123a93c394f4a7eca96c6e67f262ee53571bff6a0a3554cfaee2f 1460054 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7a047fb06154f1c0eb7a8836ff160cbd0c10ab032516d18a1f973da852693f89 4181384 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb Files: a04a8814c0a7ed4e1d153ce6c99f3c7c 2667 net optional 389-ds-base_1.3.3.5-4+deb8u2.dsc 841eaac26a5e618806ff414596b003e7 34856 net optional 389-ds-base_1.3.3.5-4+deb8u2.debian.tar.xz d36df017cf42ac74a375f0ea8f1dbd38 16118 net optional 389-ds_1.3.3.5-4+deb8u2_all.deb 5129f83e3cd37b39c0c171cde0d1828c 387850 libs optional 389-ds-base-libs_1.3.3.5-4+deb8u2_amd64.deb 5ef0349745cb6c59e9b5045b3836b564 1283148 debug extra 389-ds-base-libs-dbg_1.3.3.5-4+deb8u2_amd64.deb cf93a0c9156ae41460881dbfacd8082d 69502 libdevel optional 389-ds-base-dev_1.3.3.5-4+deb8u2_amd64.deb afa5957497585a9dd4d36d1e8371673f 1460054 net optional 389-ds-base_1.3.3.5-4+deb8u2_amd64.deb 7954351a44eba927fd7b00788b03dfa1 4181384 debug extra 389-ds-base-dbg_1.3.3.5-4+deb8u2_amd64.deb -BEGIN PGP SIGNATURE- iQJVBAEBCAA/FiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAluIJvchHG1pa2UuZ2Fi cmllbEBkYXMtbmV0endlcmt0ZWFtLmRlAAoJEJr0azAldxsxODkP/0YAzcfC9jUd YK+F+xm86sVXkF3N8iLUahj1CfyAs4mFiGBlyqHdASZ0CPoN/lLx9rFB2y7uUJtI L/eylItucQLqq153enDRinAYHVpRX7KBj2DKHasnKIKAtoNiqCtVP4pKHy9yJvfy KhDdc5QZRQNIxHKieWgH0LFJwboL+da0pHp3N7Sj3AoEUGSXPVcFgREFKj4Eoh0P kQPjusHA7OT9LSGtsD0g07wSdvfHHmpkned+im8J27bLYario6Ia1+UAYLXBxBag m1whQ1a9NsXaNmA+KsDIXjDIKfEBDnyC9nH916XsTmBPMH2RilFYidrjWElllmDG pgydAplRNrtD76i60St6CCd76jNluozmwOGzB6DWzxUMzMf1ciWpkwFsrCRlXPbP o+xyB3g698xJN5AcY2OGU7CcDkCtGEGPIO89e+delfi8tddKKUMPzDrYjIKLLmeF T1giEw6YoyyRcTIMDW3axbr6pOUQVxDyi7aSm7eU+joN0GY+aIeo2I/g7L0nb5Ze M9Wlg/72lAmoGyPBFJbyjaI1HsWxc1LxlIT1VMvXG1egRhvfqwP5S76R9aUL5TYu veGLUdOm7kl++NoXHU3lOTqZXsmL6wEiOGG065rtD4yo5QRhwBOI90v1JnRuIP7R crBJ4oTVv3qwXm/iIjHpdYNcDkWRfmRG =sVSD -END PGP SIGNATURE-
Accepted gosa 2.7.4+reloaded2-1+deb8u3 (source all) into oldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 20 Jul 2018 17:22:32 +0200 Source: gosa Binary: gosa gosa-dev gosa-desktop gosa-schema gosa-help-en gosa-help-de gosa-help-fr gosa-help-nl gosa-plugin-connectivity gosa-plugin-dhcp gosa-plugin-dhcp-schema gosa-plugin-dns gosa-plugin-dns-schema gosa-plugin-fai gosa-plugin-fai-schema gosa-plugin-gofax gosa-plugin-gofon gosa-plugin-goto gosa-plugin-kolab gosa-plugin-kolab-schema gosa-plugin-ldapmanager gosa-plugin-mail gosa-plugin-mit-krb5 gosa-plugin-mit-krb5-schema gosa-plugin-nagios gosa-plugin-nagios-schema gosa-plugin-netatalk gosa-plugin-opengroupware gosa-plugin-openxchange gosa-plugin-openxchange-schema gosa-plugin-opsi gosa-plugin-phpgw gosa-plugin-phpgw-schema gosa-plugin-phpscheduleit gosa-plugin-phpscheduleit-schema gosa-plugin-pptp gosa-plugin-pptp-schema gosa-plugin-pureftpd gosa-plugin-pureftpd-schema gosa-plugin-rolemanagement gosa-plugin-rsyslog gosa-plugin-samba gosa-plugin-scalix gosa-plugin-squid gosa-plugin-ssh gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema gosa-plugin-systems gosa-plugin-uw-imap gosa-plugin-webdav Architecture: source all Version: 2.7.4+reloaded2-1+deb8u3 Distribution: jessie-security Urgency: medium Maintainer: Debian Edu Packaging Team Changed-By: Mike Gabriel Description: gosa - Web Based LDAP Administration Program gosa-desktop - Desktop integration for GOsa² gosa-dev - GOsa² development utilities gosa-help-de - German online help for GOsa² gosa-help-en - English online help for GOsa gosa-help-fr - French online help for GOsa² gosa-help-nl - Dutch online help for GOsa gosa-plugin-connectivity - connectivity plugin for GOsa² gosa-plugin-dhcp - dhcp plugin for GOsa² gosa-plugin-dhcp-schema - LDAP schema for GOsa² dhcp plugin gosa-plugin-dns - dns plugin for GOsa² gosa-plugin-dns-schema - LDAP schema for GOsa² dns plugin gosa-plugin-fai - fai plugin for GOsa² gosa-plugin-fai-schema - LDAP schema for GOsa² fai plugin gosa-plugin-gofax - gofax plugin for GOsa² gosa-plugin-gofon - gofon plugin for GOsa² gosa-plugin-goto - goto plugin for GOsa² gosa-plugin-kolab - kolab plugin for GOsa² gosa-plugin-kolab-schema - LDAP schema for GOsa² kolab plugin gosa-plugin-ldapmanager - ldapmanager plugin for GOsa² gosa-plugin-mail - base mail plugin for GOsa² gosa-plugin-mit-krb5 - mit-krb5 plugin for GOsa² gosa-plugin-mit-krb5-schema - LDAP schema for GOsa² mit-krb5 plugin gosa-plugin-nagios - nagios plugin for GOsa² gosa-plugin-nagios-schema - LDAP schema for GOsa² nagios plugin gosa-plugin-netatalk - netatalk plugin for GOsa² gosa-plugin-opengroupware - opengroupware plugin for GOsa² gosa-plugin-openxchange - openxchange plugin for GOsa² gosa-plugin-openxchange-schema - LDAP schema for GOsa² openxchange plugin gosa-plugin-opsi - opsi plugin for GOsa² gosa-plugin-phpgw - phpgw plugin for GOsa² gosa-plugin-phpgw-schema - LDAP schema for GOsa² phpgw plugin gosa-plugin-phpscheduleit - phpscheduleit plugin for GOsa² gosa-plugin-phpscheduleit-schema - LDAP schema for GOsa² phpscheduleit plugin gosa-plugin-pptp - pptp plugin for GOsa² gosa-plugin-pptp-schema - LDAP schema for GOsa² pptp plugin gosa-plugin-pureftpd - pureftpd plugin for GOsa² gosa-plugin-pureftpd-schema - LDAP schema for GOsa² pureftpd plugin gosa-plugin-rolemanagement - rolemanagement plugin for GOsa² gosa-plugin-rsyslog - rsyslog plugin for GOsa² gosa-plugin-samba - samba3 plugin for GOsa² gosa-plugin-scalix - scalix plugin for GOsa² gosa-plugin-squid - squid plugin for GOsa² gosa-plugin-ssh - ssh plugin for GOsa² gosa-plugin-ssh-schema - LDAP schema for GOsa² ssh plugin gosa-plugin-sudo - sudo plugin for GOsa² gosa-plugin-sudo-schema - LDAP schema for GOsa² sudo plugin gosa-plugin-systems - systems plugin for GOsa² gosa-plugin-uw-imap - uw-imap plugin for GOsa² gosa-plugin-webdav - webdav plugin for GOsa² gosa-schema - LDAP schema for GOsa Closes: 902723 Changes: gosa (2.7.4+reloaded2-1+deb8u3) jessie-security; urgency=medium . * debian/patches: + Add 0013_escape-html-entities-for-uid-to-avoid-code-execution- CVE-2018-1000528.patch. Fixes code injection in password change dialog. Resolves CVE-2018-1000528. (Closes: #902723). Checksums-Sha1: e01becdeff398e068441fc73ecac1bcaf2013090 15371 gosa_2.7.4+reloaded2-1+deb8u3.dsc bc3749f1ed763d5bab6a6558d76a803931867ac9 14245 gosa_2.7.4+reloaded2.orig-apache2.tar.gz 4cb26a0bc7e9b19b642503718f52eb070bec0f3a 13239 gosa_2.7.4+reloaded2.orig-connectivity.tar.gz 964df02a742168a9d892b4a6d947b11b8bf210f0 53759 gosa_2.7.4+reloaded2.orig-dhcp.tar.gz b3436e1147cf10c86352885f9a85ad936bc2ed58 42732 gosa_2.7.4+reloaded2.orig-dns.tar.gz d32cb8123d9b756b64ae8dfd5291eb732f6aea2f 254412 gosa_2.7.4+reloaded2.orig-fai.tar.gz 37025022b3b1e1782b386f07c9131ea1078aa5f4 71639 gosa_2.7.4+reloaded2.orig-gofax.tar.gz bfbaacd307d42ebdb4bac9106a6cc343c0cf3530 189055 gosa_2.7.4+reloaded2.orig-gofon.tar.gz
Accepted smarty3 3.1.10-2+deb7u3 (source all) into oldoldstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 30 Jan 2018 17:52:14 +0100 Source: smarty3 Binary: smarty3 Architecture: source all Version: 3.1.10-2+deb7u3 Distribution: wheezy-security Urgency: medium Maintainer: Mike Gabriel <mike.gabr...@das-netzwerkteam.de> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: smarty3- Template engine for PHP Changes: smarty3 (3.1.10-2+deb7u3) wheezy-security; urgency=medium . * debian/patches: + Fix object name in 0001_CVE-2017-1000480.patch. Thanks to Côme Chilliet from the FusionDirectory team for spotting this. Checksums-Sha1: 373dd919d2c71f8dae2c2db5f6746afaf8f9c1ec 1919 smarty3_3.1.10-2+deb7u3.dsc f7ba39f923f46d1fb86060bb4711a9656bf95f7c 8257 smarty3_3.1.10-2+deb7u3.debian.tar.gz 2a67691c4f2cc4ed015960a5a968b8fde08b88a9 210810 smarty3_3.1.10-2+deb7u3_all.deb Checksums-Sha256: 23b772129b33f4384fb485224772f097c53a2895a83004a6d7c188d7a1bfd6fd 1919 smarty3_3.1.10-2+deb7u3.dsc 766ad8d7d30cead284d18605b128388314c214cbb65c72e27389fc66e58f7d2e 8257 smarty3_3.1.10-2+deb7u3.debian.tar.gz 687aa97da48b2892c1caab5798ccbd1e9c17d377309e42ef5d6deaada5df608a 210810 smarty3_3.1.10-2+deb7u3_all.deb Files: 6a84c2365989ad141a29187c5be425e7 1919 web optional smarty3_3.1.10-2+deb7u3.dsc 1ed25061545e344e948d81bb97488f62 8257 web optional smarty3_3.1.10-2+deb7u3.debian.tar.gz 4f4b31ff9efb5203982aefd333a8df28 210810 web optional smarty3_3.1.10-2+deb7u3_all.deb -BEGIN PGP SIGNATURE- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlpwxT0VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxjiQP/RMLAs/9tG0t5DWNq1EnP1/bq81y ojKRuA9sRswpjfFLwIuWeYMDyUlLedEtDCV4nWMsaNsF76GzAbWQAv744Q1LQTr7 JlznGxJ8E57XNSKqLzKGD5bn93VNYTSASwcaBEzFpvlf0vYrQyGGtugHIZZ1SGJi cSK/OBOq83WtOHsWiD5o+2w7QvUeWl2Gf+aH9MP4TZ6lL4WP+8nGHZwWIzWKxzS8 T3N1VpHbTW2v0qGQK4EQRXg4Z5K6csvNwjO5ts5iiCeJlBq/CGb9mvBAwekINKqY AhrgnhwXXlmCtda4aGOFPghDS0TmZkCj0/6lE+1SRgEkKaLu8/BVMBvQ5eoDQIX5 x7xZSWG2vmKVkXbV74fCcjVxBXjL3JLs5Y69SpzLTbuA3MQNe4omtBrdXNktIxLR aVLY/svJ9nnw0tSCmfHD15z+C+oTXPJa3DC4Ux55d5gHoops17jmDPMy5BF0G4q7 9AyFjVVwrsVPBlLvBVbdayYWkp9aZ5m2liq04I1j5NGe0IMv/fr1taBiLJ/f1hM6 bSPvDknQZXFVDeaaZnKzvQgqxg9CYJjvb1D9CpF335nVsM43msawhd5CXlreVTZs il7KHJfbHKIzkrmKUi7Zg7pK6gOeQafKBIwOCOcB8hagykJVJdqSvuhyxGO1FwNQ Hs7OHN448E/+MRXx =SMwS -END PGP SIGNATURE-
Accepted lxc 0.7.2-1+deb6u1 (source amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 04 Dec 2015 16:17:06 +0100 Source: lxc Binary: lxc Architecture: source amd64 Version: 0.7.2-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Guido Trotter <ultrot...@debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: lxc- Linux containers userspace tools Closes: 800471 Changes: lxc (0.7.2-1+deb6u1) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS team. * debian/patches: + Add CVE-2015-1335.patch. Backport safe_mount support. Protect container mounts against symlinks. Resoled CVE-2015-1335. (Closes: #800471). + Add CVE-2013-6441.patch. Use read-only permissions when mounting /sbin/init. Resolved CVE-2013-6441. Checksums-Sha1: ad811a7fbb1c70c328356856acbef2813d737b6f 1749 lxc_0.7.2-1+deb6u1.dsc 75dfc113a576fa15d46a3736ff788a168de0b258 266877 lxc_0.7.2.orig.tar.gz ed09487ae2f4b6d8912fbfddbb413357625c73cd 10818 lxc_0.7.2-1+deb6u1.debian.tar.gz 0e101694c5fa957596cc4d14381c106b9269656c 142220 lxc_0.7.2-1+deb6u1_amd64.deb Checksums-Sha256: 56a9265a4894b892e2d3eb3bedc65cb6964684fa3099a228ee0167d5b7b1a400 1749 lxc_0.7.2-1+deb6u1.dsc 0660edbc08d74275968cb18c8e634aafd6f1ad395419e037d7018f2b1d669b1a 266877 lxc_0.7.2.orig.tar.gz 026a61f4a9f20ff8077fec26310308cc6425484057624ac0113f5d48d79648a9 10818 lxc_0.7.2-1+deb6u1.debian.tar.gz 38fd5bd4ca5b14a57dfb43e23e792b17ed20e55333ba565acbb23a3d2119af50 142220 lxc_0.7.2-1+deb6u1_amd64.deb Files: e96437dc8c4769a36a257c8a85e01245 1749 admin optional lxc_0.7.2-1+deb6u1.dsc 5c9c6889ba1255217078ea5d1aaf0c82 266877 admin optional lxc_0.7.2.orig.tar.gz 26b977f71ffeea672b74309285442981 10818 admin optional lxc_0.7.2-1+deb6u1.debian.tar.gz 3fb351d3dee78fa896524a12472ea1db 142220 admin optional lxc_0.7.2-1+deb6u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJW1DmHAAoJEJr0azAldxsx4cEQAIs6f+3taDlHq+rwT26YbCdg J0119WqKb/ASSj1gRUrXIET68d6zyiFhcqAtMisLOvxQqmHZZ5piRctzL+6wOhZu 47F3b9S4kaz4CypNy4fHSj6i7outU8AE1O5mIzwmxqiA1knGPT8iP+aRj/l4J/JC OWq+oXgYnlVJLrUFBb1l+6uDVY56G1RK+7ASoMIWaW3ow2PC+bhNK4FcAwCQkdai nnqdQ72IXIaRhtA6LCqwV+zgSEpgNUR7WP3mJkiWIEiATKYu3KOfhTbsJ0UNPB6U jFxG0OtptKIFdo5JnwJkM3VjrUpoFniq6eC2t+bBPLfQ6EWtZxzR64pkT5VVagcO D8C7+0E6kwCJgsYzUQxUw/tHiKEQV2y89BA5iuxwJOOqkXoYPYntYdAiE41m/zQa h7+xOaxho3AiRXE3aaAD1kqLYePajOqV6y9xBRNpP3+dR0a+ZhwBxK0ehlta8uDD OuLCsVB9nVfUuElc6C0+5X+bQyw3qVdKObD/5sDxyyLCgie3QOSGJSuYYi/bjmbG TpNTMza5wFc1u0vMHbdCdNJH5RZrSRO4Mp5Fr04lQtjGTYHL4gI8EECrHdIZGOjI rIO0XOmoTu7PzJR7jERjhhcGWfpaM6MiSJvREmfY1fhove7fMVgqxH8VwGMIFQhG Yj7ZjEbmdx6R4tomjCUe =oVMt -END PGP SIGNATURE-
Accepted gosa 2.6.11-3+squeeze5 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 29 Jan 2016 10:29:20 +0100 Source: gosa Binary: gosa gosa-dev gosa-desktop gosa-schema gosa-help-en gosa-help-de gosa-help-fr gosa-help-nl smarty-acl-render gosa-plugin-addressbook gosa-plugin-connectivity gosa-plugin-dhcp gosa-plugin-dhcp-schema gosa-plugin-dns gosa-plugin-dns-schema gosa-plugin-fai gosa-plugin-fai-schema gosa-plugin-gofax gosa-plugin-gofon gosa-plugin-goto gosa-plugin-kolab gosa-plugin-kolab-schema gosa-plugin-ldapmanager gosa-plugin-log gosa-plugin-log-schema gosa-plugin-mail gosa-plugin-mit-krb5 gosa-plugin-mit-krb5-schema gosa-plugin-nagios gosa-plugin-nagios-schema gosa-plugin-netatalk gosa-plugin-opengroupware gosa-plugin-openxchange gosa-plugin-openxchange-schema gosa-plugin-opsi gosa-plugin-phpgw gosa-plugin-phpgw-schema gosa-plugin-phpscheduleit gosa-plugin-phpscheduleit-schema gosa-plugin-pptp gosa-plugin-pptp-schema gosa-plugin-pureftpd gosa-plugin-pureftpd-schema gosa-plugin-rolemanagement gosa-plugin-rsyslog gosa-plugin-samba gosa-plugin-scalix gosa-plugin-squid gosa-plugin-ssh gosa-plugin-ssh-schema gosa-plugin-sudo gosa-plugin-sudo-schema gosa-plugin-systems gosa-plugin-uw-imap gosa-plugin-webdav Architecture: source all Version: 2.6.11-3+squeeze5 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Edu Packaging Team <debian-edu-pkg-t...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: gosa - Web Based LDAP Administration Program gosa-desktop - Desktop integration for GOsa² gosa-dev - GOsa² development utilities gosa-help-de - German online help for GOsa² gosa-help-en - English online help for GOsa gosa-help-fr - French online help for GOsa² gosa-help-nl - Dutch online help for GOsa gosa-plugin-addressbook - addressbook plugin for GOsa² gosa-plugin-connectivity - connectivity plugin for GOsa² gosa-plugin-dhcp - dhcp plugin for GOsa² gosa-plugin-dhcp-schema - LDAP schema for GOsa² dhcp plugin gosa-plugin-dns - dns plugin for GOsa² gosa-plugin-dns-schema - LDAP schema for GOsa² dns plugin gosa-plugin-fai - fai plugin for GOsa² gosa-plugin-fai-schema - LDAP schema for GOsa² fai plugin gosa-plugin-gofax - gofax plugin for GOsa² gosa-plugin-gofon - gofon plugin for GOsa² gosa-plugin-goto - goto plugin for GOsa² gosa-plugin-kolab - kolab plugin for GOsa² gosa-plugin-kolab-schema - LDAP schema for GOsa² kolab plugin gosa-plugin-ldapmanager - ldapmanager plugin for GOsa² gosa-plugin-log - log plugin for GOsa² gosa-plugin-log-schema - LDAP schema for GOsa² log plugin gosa-plugin-mail - base mail plugin for GOsa² gosa-plugin-mit-krb5 - mit-krb5 plugin for GOsa² gosa-plugin-mit-krb5-schema - LDAP schema for GOsa² mit-krb5 plugin gosa-plugin-nagios - nagios plugin for GOsa² gosa-plugin-nagios-schema - LDAP schema for GOsa² nagios plugin gosa-plugin-netatalk - netatalk plugin for GOsa² gosa-plugin-opengroupware - opengroupware plugin for GOsa² gosa-plugin-openxchange - openxchange plugin for GOsa² gosa-plugin-openxchange-schema - LDAP schema for GOsa² openxchange plugin gosa-plugin-opsi - opsi plugin for GOsa² gosa-plugin-phpgw - phpgw plugin for GOsa² gosa-plugin-phpgw-schema - LDAP schema for GOsa² phpgw plugin gosa-plugin-phpscheduleit - phpscheduleit plugin for GOsa² gosa-plugin-phpscheduleit-schema - LDAP schema for GOsa² phpscheduleit plugin gosa-plugin-pptp - pptp plugin for GOsa² gosa-plugin-pptp-schema - LDAP schema for GOsa² pptp plugin gosa-plugin-pureftpd - pureftpd plugin for GOsa² gosa-plugin-pureftpd-schema - LDAP schema for GOsa² pureftpd plugin gosa-plugin-rolemanagement - rolemanagement plugin for GOsa² gosa-plugin-rsyslog - rsyslog plugin for GOsa² gosa-plugin-samba - samba3 plugin for GOsa² gosa-plugin-scalix - scalix plugin for GOsa² gosa-plugin-squid - squid plugin for GOsa² gosa-plugin-ssh - ssh plugin for GOsa² gosa-plugin-ssh-schema - LDAP schema for GOsa² ssh plugin gosa-plugin-sudo - sudo plugin for GOsa² gosa-plugin-sudo-schema - LDAP schema for GOsa² sudo plugin gosa-plugin-systems - systems plugin for GOsa² gosa-plugin-uw-imap - uw-imap plugin for GOsa² gosa-plugin-webdav - webdav plugin for GOsa² gosa-schema - LDAP schema for GOsa smarty-acl-render - Provide ACL based rendering for Smarty Changes: gosa (2.6.11-3+squeeze5) squeeze-lts; urgency=medium . * debian/patches: + Add 0006_code-injection-in-samba-hash-generation.patch. Don't allow code injection via user password changes when using GOsa's samba plugin. User password strings are now passed on to the Samba hash creation hook as a base64 encoded string. (CVE-2015-8771). + Add 0007_update-sambaHashHook-description.patch. Document changes of the Samba NT/LM hash creation hook accordingly. + Add 1022_add-b-switch-to-mkntpasswd-script.patch. Add -b switch to mkntpasswd script. Allows providing user password strings in base64 en
Accepted isc-dhcp 4.1.1-P1-15+squeeze10 (source amd64 all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 18 Jan 2016 05:19:44 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev Architecture: source amd64 all Version: 4.1.1-P1-15+squeeze10 Distribution: squeeze-lts Urgency: medium Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: dhcp3-client - ISC DHCP server (transitional package) dhcp3-common - ISC DHCP common files (transitional package) dhcp3-dev - ISC DHCP development files (transitional package) dhcp3-relay - ISC DHCP relay (transitional package) dhcp3-server - ISC DHCP server (transitional package) isc-dhcp-client - ISC DHCP client isc-dhcp-client-dbg - ISC DHCP client (debugging symbols) isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common files used by all the isc-dhcp* packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols) isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug) isc-dhcp-server-ldap - DHCP server able to use LDAP as backend Changes: isc-dhcp (4.1.1-P1-15+squeeze10) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team (regression fix). * Rebuild in a pure squeeze-lts chroot with dpkg-dev (<= 1.16.1). * debian/patches: + Move CVE-2015-8605.dpatch further up in the patch series. Assure that the patch is applied to the LDAP _and_ non-LDAP build variants alike. Thanks to Ben Hutchings for spotting this. Checksums-Sha1: 2b691e163fcca1eb745c5e71ee0f0739c70d5517 2202 isc-dhcp_4.1.1-P1-15+squeeze10.dsc b28674773dbcf522f0c4451f4e4327f98cd2eb57 139076 isc-dhcp_4.1.1-P1-15+squeeze10.diff.gz f55acb8018c574790fac8f7daaa4f301e34e5c42 413008 isc-dhcp-server_4.1.1-P1-15+squeeze10_amd64.deb b6bc3f2c2f4cc0d2f301f12e71ddc4994128fd07 822528 isc-dhcp-server-dbg_4.1.1-P1-15+squeeze10_amd64.deb 42dd2435757646ade74949b82a59cc0db12f2243 374404 isc-dhcp-server-ldap_4.1.1-P1-15+squeeze10_amd64.deb d735d73b05a9cab3b1e3f10caee98b9a7d679049 339382 isc-dhcp-common_4.1.1-P1-15+squeeze10_amd64.deb 4a32adaa2b413ed8b55d928492a207605d385488 713398 isc-dhcp-dev_4.1.1-P1-15+squeeze10_amd64.deb 5c56689eacc27878a9f11850839009620e202678 281762 isc-dhcp-client_4.1.1-P1-15+squeeze10_amd64.deb d716fb18c2b50b7aecc53763a8e3d6ce8290e14f 639844 isc-dhcp-client-dbg_4.1.1-P1-15+squeeze10_amd64.deb 7ab586760eb62297776bf264c259890d05571f64 229130 isc-dhcp-client-udeb_4.1.1-P1-15+squeeze10_amd64.udeb 7b7c792600ca5fe743b2251c4e1aba3236856b53 227658 isc-dhcp-relay_4.1.1-P1-15+squeeze10_amd64.deb 84af6bdb3448b0e88f63af33d84c1ff5c78729ce 574746 isc-dhcp-relay-dbg_4.1.1-P1-15+squeeze10_amd64.deb de6ddd2e59901a7f7e99aa264945e1c282af0ec5 26564 dhcp3-server_4.1.1-P1-15+squeeze10_all.deb 34bb8e4ceb93fae22127d57bdac051557ad95b83 26142 dhcp3-client_4.1.1-P1-15+squeeze10_all.deb 5e1116c7c2e8c9b666fefef8b1b085fe10bbcd45 26280 dhcp3-relay_4.1.1-P1-15+squeeze10_all.deb 9d9b72903239e00c7acd03d83b5bdbd1588c320c 25700 dhcp3-common_4.1.1-P1-15+squeeze10_all.deb b4c6572348a1134278c210263a6d0d56c1715eeb 25748 dhcp3-dev_4.1.1-P1-15+squeeze10_all.deb Checksums-Sha256: a6bcc4fe9c90c15964119dcf823101efd01e0571e14bb67dc7876d4338b12c8a 2202 isc-dhcp_4.1.1-P1-15+squeeze10.dsc 4661154b6095cd75011086cf610dca879fabaa48309fbd9b25c2b38d7b292df2 139076 isc-dhcp_4.1.1-P1-15+squeeze10.diff.gz 8ccc26a584eb60009936e39018f3e23153f7cd081c911c3e7ba128dc87d09f6d 413008 isc-dhcp-server_4.1.1-P1-15+squeeze10_amd64.deb a1f0932db1a00a4991b3087e92a4bb2f5c651fdf0c21fe0a737e4122db77320c 822528 isc-dhcp-server-dbg_4.1.1-P1-15+squeeze10_amd64.deb 87dad879c0775a734c1cd35f98aa8959b3961985f2dab1586a954a7d5f5dab8a 374404 isc-dhcp-server-ldap_4.1.1-P1-15+squeeze10_amd64.deb f028e72f57a310f04aee90a43ded43a45694816540cc88b3f53350ae64653ee9 339382 isc-dhcp-common_4.1.1-P1-15+squeeze10_amd64.deb d6c16958ef9630176e0e5e261e080b05c8e77894c4db057d8cd88f3759dcaaa4 713398 isc-dhcp-dev_4.1.1-P1-15+squeeze10_amd64.deb f3ae6fcbd67c674b82bbeba9f54bc73b3504f1d5cc75c35c1a33fd39fdbca58e 281762 isc-dhcp-client_4.1.1-P1-15+squeeze10_amd64.deb 009afa3b249d6f3850d86ea48bcd087629584a7cde10b71baa9efe82c45ac07c 639844 isc-dhcp-client-dbg_4.1.1-P1-15+squeeze10_amd64.deb 1f083192bc5d975e6f6796fb6fee886dc6936f6639d5ceed80b7e00523bb33cb 229130 isc-dhcp-client-udeb_4.1.1-P1-15+squeeze10_amd64.udeb f6426d1222c14935831d8c99efdb4ac4a0346b2c5cc03f90adf07957dbc182da 227658 isc-dhcp-relay_4.1.1-P1-15+sque
Accepted isc-dhcp 4.1.1-P1-15+squeeze9 (source amd64 all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 14 Jan 2016 10:14:47 +0100 Source: isc-dhcp Binary: isc-dhcp-server isc-dhcp-server-dbg isc-dhcp-server-ldap isc-dhcp-common isc-dhcp-dev isc-dhcp-client isc-dhcp-client-dbg isc-dhcp-client-udeb isc-dhcp-relay isc-dhcp-relay-dbg dhcp3-server dhcp3-client dhcp3-relay dhcp3-common dhcp3-dev Architecture: source amd64 all Version: 4.1.1-P1-15+squeeze9 Distribution: squeeze-lts Urgency: medium Maintainer: Debian ISC DHCP maintainers <pkg-dhcp-de...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: dhcp3-client - ISC DHCP server (transitional package) dhcp3-common - ISC DHCP common files (transitional package) dhcp3-dev - ISC DHCP development files (transitional package) dhcp3-relay - ISC DHCP relay (transitional package) dhcp3-server - ISC DHCP server (transitional package) isc-dhcp-client - ISC DHCP client isc-dhcp-client-dbg - ISC DHCP client (debugging symbols) isc-dhcp-client-udeb - ISC DHCP Client for debian-installer (udeb) isc-dhcp-common - common files used by all the isc-dhcp* packages isc-dhcp-dev - API for accessing and modifying the DHCP server and client state isc-dhcp-relay - ISC DHCP relay daemon isc-dhcp-relay-dbg - DHCP relay daemon (debugging symbols) isc-dhcp-server - ISC DHCP server for automatic IP address assignment isc-dhcp-server-dbg - ISC DHCP server for automatic IP address assignment (debug) isc-dhcp-server-ldap - DHCP server able to use LDAP as backend Changes: isc-dhcp (4.1.1-P1-15+squeeze9) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * debian/patches: + Add CVE-2015-8605.dpatch. Properly check UDP payload length (CVE-2015-8605). + Add drop_unused_vars_from_ldap-c.dpatch. Fix FTBFS when gcc option -Werror is used. Checksums-Sha1: 5636c0afd31219ce066cdb358745a3c89072a873 2742 isc-dhcp_4.1.1-P1-15+squeeze9.dsc eaf82cbf7554d52b6a05ef5223392bd9b4d12ea6 138856 isc-dhcp_4.1.1-P1-15+squeeze9.diff.gz 9081408c96d6bf8a05ce47865880f2c19dfa7a9f 413662 isc-dhcp-server_4.1.1-P1-15+squeeze9_amd64.deb 3dd857e08b40cb983796c2521db38d4c7c2b93e8 822032 isc-dhcp-server-dbg_4.1.1-P1-15+squeeze9_amd64.deb 7593e7c4b05fd4df4969a0f9ed297ce828afe63b 374904 isc-dhcp-server-ldap_4.1.1-P1-15+squeeze9_amd64.deb e2e10951de0053960a8a8e14f6141660336d0676 339974 isc-dhcp-common_4.1.1-P1-15+squeeze9_amd64.deb 0e57fe29e6c2def400a73f5dd06e6de6ea29907a 713726 isc-dhcp-dev_4.1.1-P1-15+squeeze9_amd64.deb 1de239fc5073de86a50aae6c1ddc596df8c658d1 282298 isc-dhcp-client_4.1.1-P1-15+squeeze9_amd64.deb b318b56e27a103ecdbc04d9c70ebc95c707de929 639368 isc-dhcp-client-dbg_4.1.1-P1-15+squeeze9_amd64.deb ced3bbbd244ec8d28a72080b8190118353ac64f2 229834 isc-dhcp-client-udeb_4.1.1-P1-15+squeeze9_amd64.udeb 3a59f00db6ae7b93ef14ff014837f81b1d30d816 228078 isc-dhcp-relay_4.1.1-P1-15+squeeze9_amd64.deb 369f70c5ef0f1b44c44734b0b275fd041939be0b 574456 isc-dhcp-relay-dbg_4.1.1-P1-15+squeeze9_amd64.deb a407deb1ce599d16e5ca0e0837f4c889568961c6 26442 dhcp3-server_4.1.1-P1-15+squeeze9_all.deb 282ae8c52d00ae27ecc705f1492a784db91e9130 26020 dhcp3-client_4.1.1-P1-15+squeeze9_all.deb 2e754c4714ce5bc0132805568e4be5b1102fe13b 26162 dhcp3-relay_4.1.1-P1-15+squeeze9_all.deb 30a24d4fbd2747e8a041de72579aada04f27f88b 25576 dhcp3-common_4.1.1-P1-15+squeeze9_all.deb c28cc3c313b648795541c42f837c0a0ca6bb11a4 25628 dhcp3-dev_4.1.1-P1-15+squeeze9_all.deb Checksums-Sha256: 99cd7c732e9114936d89e0aa9965e3080e5dbd7bf21d22846ebf56e0c5315586 2742 isc-dhcp_4.1.1-P1-15+squeeze9.dsc 51c3ccd3f27d084301d6752192a4883548adca171038a7032675920f5d806c5a 138856 isc-dhcp_4.1.1-P1-15+squeeze9.diff.gz 1ebae5a4f850fb0d6b49c381ebe814aabbffdc6b14012757b9862e46b2cd8fd5 413662 isc-dhcp-server_4.1.1-P1-15+squeeze9_amd64.deb 402375616926d649ded22c19929dfc9245ba00cfdd7295cbe7939c6303970347 822032 isc-dhcp-server-dbg_4.1.1-P1-15+squeeze9_amd64.deb 5fa34ea70002d761f17e03c24d3968c23111c6fb7be41fbbe6a224a69065e106 374904 isc-dhcp-server-ldap_4.1.1-P1-15+squeeze9_amd64.deb d90cf26a96beef07f5b3de0dca4125af4c06c6d6059cb02878a2258ff10495ba 339974 isc-dhcp-common_4.1.1-P1-15+squeeze9_amd64.deb 0926a6ec1b6e5db0abfe3060a715cb50e8d2b800ef049b9bd1c1869db4fba208 713726 isc-dhcp-dev_4.1.1-P1-15+squeeze9_amd64.deb a4f04d0326f59293b680deeae706c9101b25c46a6eb8d537f8b36e5ed7f66c98 282298 isc-dhcp-client_4.1.1-P1-15+squeeze9_amd64.deb 32b60886ca884cb40f36a287b7d1482e139498f04437ffa439e23af16fb22e7d 639368 isc-dhcp-client-dbg_4.1.1-P1-15+squeeze9_amd64.deb 7bc811416b7f38b6bd3c60851c4ad45d7129d32fa03b9d3acad5bf4a26eb87c1 229834 isc-dhcp-client-udeb_4.1.1-P1-15+squeeze9_amd64.udeb 416258ce69661c1683f2e82257594c24e91ccee71a525129b888222b62345769 228078 isc-dhcp-relay_4.1.1-P1-15+squeeze9_amd64.deb 8f5b74549c912dd305ca61d848ba36a1404e47b3de8c881746b343c05592897e 574456 isc-dhcp-relay-dbg_4.1.1-P1-15+squeez
Accepted fuseiso 20070708-2+deb6u1 (source amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 01 Oct 2015 05:52:08 +0200 Source: fuseiso Binary: fuseiso Architecture: source amd64 Version: 20070708-2+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: David Paleino <da...@debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: fuseiso- FUSE module to mount ISO filesystem images Closes: 779047 Changes: fuseiso (20070708-2+deb6u1) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * debian/patches (Closes: #779047): + Add 02-prevent-buffer-overflow.patch. Prevent stack-based buffer overflow when concatenating strings to an absolute path name. Prevention is done by checking that the result will stay under the maximum path length as given by the platforms PATH_MAX constant. + Add 03-prevent-integer-overflow.patch. Prevent integer overflow in ZISO code. Bail out if a ZF block size > 2^17 is to be read. Checksums-Sha1: 34d693816e1b608dc819c4de6072bd09d55d4bbc 1921 fuseiso_20070708-2+deb6u1.dsc e82aee54c2a3ecc0c84ed738345eb0287c99a3b0 4933 fuseiso_20070708-2+deb6u1.debian.tar.gz ae3647de26ffadf48d79380913832afba28d8f38 21940 fuseiso_20070708-2+deb6u1_amd64.deb Checksums-Sha256: d5514cb26cc5e86e261a36511fc5fe1217d66a5da411814e49f81c4fdf7667e8 1921 fuseiso_20070708-2+deb6u1.dsc bb2d99c296afd5bcbe7ae446b268398f41cd70062fa5703436ad15c25d3b7b6f 4933 fuseiso_20070708-2+deb6u1.debian.tar.gz 15e5f9e4dac6c5ee3cb1bee52f493127681208972a62ba96ce82fafa8d1b0449 21940 fuseiso_20070708-2+deb6u1_amd64.deb Files: c931f85e31ccc2dde445fd4335f035c9 1921 admin optional fuseiso_20070708-2+deb6u1.dsc a7aaefe68e525f44d120088d36978de3 4933 admin optional fuseiso_20070708-2+deb6u1.debian.tar.gz 77c7178dc2bfc257b3cc5802c072e5da 21940 admin optional fuseiso_20070708-2+deb6u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWDP0zAAoJEJr0azAldxsxwA0QAIh/4Rgzq9pPoIPUodQmFAXR 9Pyh9ewLUMNoUxfAtxOPfc66otrrBL4arzrfL34PGA2VdUpJTAXEj1cAo2mpvmJE 5fMKMELCDnhBu2JaN6BOwysT/wjuhbuWt1C9FIajqI20/xOzFBkCa1eVDohEe30v WuJHqzSFtlZIjGZzzTIS2uj2rvemPlR920ZupfznCZzQfskA0h589zq0JR/cx/n6 L2nzP8QvZLkmra1Tr3BMSM3I2YfUWKo/Iko0xhlEuuLUtrsmGxugakWqhHUsH5NG E5/0QDIzYtBWcvpAZH5QpPj+PqVb5Moc2HgCbWXKC4fFDzrP3bK0ui2ew8eIeU7a FfGlOtefAD88Sgpw7lOUyI3LR2bTsEUUlUIFcaK8abDWALOl2R5fjrBzBKX0+TJD E10SPwEEWcipY22iBesW2kHR6W31FYalOFOpgA7dODyumrg6/MY2ch+JGtYn5Lo9 54e3R9FceMkw61t4QGr8zVL1xuHj3pz7RokjBYA3ga6tk4IZC65msopZECXRLW2F vx6XEMj22QWnEF/swQMMaUbnOWZH0OL3z/kx2W34Bw/caLMHCKKKEZtAydJ7nK6Q gazuPuTqWspv3KmfyX3mk40wAkbK0fbBvG80V2VO7n/viFJhLo7eMXxm4WDsvlVQ 8LF8R5ne3Y/AoyWtWMmi =M4jg -END PGP SIGNATURE-
Accepted commons-httpclient 3.1-9+deb6u2 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 30 Sep 2015 16:10:18 +0200 Source: commons-httpclient Binary: libcommons-httpclient-java libcommons-httpclient-java-doc Architecture: source all Version: 3.1-9+deb6u2 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: libcommons-httpclient-java - A Java(TM) library for creating HTTP clients libcommons-httpclient-java-doc - Documentation for libcommons-httpclient-java Closes: 798650 Changes: commons-httpclient (3.1-9+deb6u2) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * debian/patches: + CVE-2015-5262.patch. Respect configured SO_TIMEOUT during SSL handshake. (CVE-2015-5262). (Closes: #798650). Checksums-Sha1: c17f62809423ae857db62a14a6c50be4cb5ddef6 2433 commons-httpclient_3.1-9+deb6u2.dsc 6aa4a05e47d5b953196e38ed60396ba3c21be6d8 13340 commons-httpclient_3.1-9+deb6u2.diff.gz aeacbe1f03aa60dec7119844d0aea8322d29be50 299660 libcommons-httpclient-java_3.1-9+deb6u2_all.deb 6f86b61b348fe41fade11b8c726ee1b30163c135 1548082 libcommons-httpclient-java-doc_3.1-9+deb6u2_all.deb Checksums-Sha256: 6cfdc1b50cc92a6cdf28851b6787013f7fc98fee933462f92f91c9e4da5694dc 2433 commons-httpclient_3.1-9+deb6u2.dsc d9761a0a93cf117a4986f5d2553364eb55d9e78ca11147e2da5fb86be571536c 13340 commons-httpclient_3.1-9+deb6u2.diff.gz 2dc95b882c3d7784a5ed4ccecdc78a80ae3fcee0969f88f077a6ffdf932a2ea5 299660 libcommons-httpclient-java_3.1-9+deb6u2_all.deb 078bae7d2c0b4ee0016330a9200890f1a75bda6c797f45858a2a34260773fdd7 1548082 libcommons-httpclient-java-doc_3.1-9+deb6u2_all.deb Files: cae20482aacfa17a4beb089492a4427f 2433 java optional commons-httpclient_3.1-9+deb6u2.dsc 2a0b3f191dd4a211a1b97fdcc2575751 13340 java optional commons-httpclient_3.1-9+deb6u2.diff.gz 348dec40ce6d4a1ae66dbed9c19bea7a 299660 java optional libcommons-httpclient-java_3.1-9+deb6u2_all.deb 1f5b21892a3ab06bf2eb5c82c75e7e73 1548082 doc optional libcommons-httpclient-java-doc_3.1-9+deb6u2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWC/EAAAoJEJr0azAldxsxtesP/0JnEkU+OHgLLb+GFlq2a0lw K7jaNNdfkU7KCbyDbGF5ELf5dfevOso6xjuHRQ/VkuiBnzXdC+HJ5bJAa43Mm21L TgF/HOJ/TgmYIfJ0+nJ8kx6MzSujJYSM7gPF9PBivCaha+6dXBqRds2sEytGVaa7 Lv9nH9UMGFJIvaouO/o2rOHiNcojlBzS4lW80Q9VjqKfpYjNHzsWPEpcTe39eiNc UKeyIkIL+uBaMNDCBLa/WgGu7pjTT/piSZNbuBd2IKlqb7eLTgmBfY8gUYQCoJtx RX3XqbLiv9n+JpYpUEEtx8uwuen3ZnGGGUXIfu82nmC22a+sWAiNJ+NJ6VBYv4ai Xb2Roc7QIhuRr1hF4lSnLSuresPCUQn8GvGlUDkMOcLq5cbbvU/H4Y56hx8v8F44 EZrzfcJo2Fpjy+fx9PSLw9I92thazUelaFO82E72YdKZx6phb0u07r3NcJpAxNJ2 mCRqTBsniO9gMMmcOyKix92c3CwuBwntbg1np3PDCJJVUCiSmww0hko1gfEsHZx2 noLTXARE5XPmcr3/C3MJQVrDoXfW9BkjXN+hmSTMoTLBX+hVe/Wvq5ERkF5n8S20 VHDsO16U2JvMajzAsp4OCN2AcuQknFwBWoKjwtn4vcoMw5LlQb9SwTadtPvrm0eq gnev/jOhImY+9GucoLh3 =2waL -END PGP SIGNATURE-
Accepted vorbis-tools 1.4.0-1+deb6u1 (source amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 29 Sep 2015 10:30:16 +0200 Source: vorbis-tools Binary: vorbis-tools vorbis-tools-dbg Architecture: source amd64 Version: 1.4.0-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Xiph.org Maintainers <pkg-xiph-ma...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: vorbis-tools - several Ogg Vorbis tools vorbis-tools-dbg - several Ogg Vorbis tools (debug files) Closes: 771363 776086 797461 Changes: vorbis-tools (1.4.0-1+deb6u1) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * debian/patches: + Add 0009-Fix-oggenc-crash-on-closing-raw-input-files.patch. Fix crash on closing raw input. (CVE-2014-9640). (Closes: #771363). + Add 0015-Fix-Large-alloca-on-bad-AIFF-input-CVE-2015-6749.patch. Fix buffer overflow on bad AIFF input (CVE-2015-6749). (Closes: #797461). + Add 0016-Validate-channel-count-in-audio-header.patch. Prevent out-of-bounds memory access (CVE-2014-9638, CVE-2014-9639). (Closes: #776086). + Update no_debian_subdir.diff to avoid patch fuzziness. Checksums-Sha1: 7cb404aeedfe1b16c6d58b4f21e6446367ad 2071 vorbis-tools_1.4.0-1+deb6u1.dsc b012c9e2807e9078be4e4686baefd202672e9475 8486 vorbis-tools_1.4.0-1+deb6u1.diff.gz caacea79542df425afcc1d226eec0cf91687173b 291050 vorbis-tools_1.4.0-1+deb6u1_amd64.deb 2e7c516293aba0d5510ad2930673914747e1f1e1 189468 vorbis-tools-dbg_1.4.0-1+deb6u1_amd64.deb Checksums-Sha256: 9167034e9ba8d9383962e23f460761039eeba8559373af876d975f7f15a87b26 2071 vorbis-tools_1.4.0-1+deb6u1.dsc e9a739b20f400b794d6f4c017975ffb926eb8b058de770827616c610cb70a406 8486 vorbis-tools_1.4.0-1+deb6u1.diff.gz ee9b096e6df4be59dfba318964809c26fd83689a2048c551f5508d7927e712fe 291050 vorbis-tools_1.4.0-1+deb6u1_amd64.deb 2685b31884f681d54e3a2eb6a9bd13d86ed6c6f4a3e5f600c000cb59bc785625 189468 vorbis-tools-dbg_1.4.0-1+deb6u1_amd64.deb Files: af5c613487ac9174be65d081605119ea 2071 sound optional vorbis-tools_1.4.0-1+deb6u1.dsc ca9db9ff3763732cf74ece50d503b659 8486 sound optional vorbis-tools_1.4.0-1+deb6u1.diff.gz 35ac2bcece570cd6cf101a86b8621973 291050 sound optional vorbis-tools_1.4.0-1+deb6u1_amd64.deb 5357007da15fdd60cb93d66627baaba1 189468 debug extra vorbis-tools-dbg_1.4.0-1+deb6u1_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWClEnAAoJEJr0azAldxsxaJAP/2cGgnoey6QRi/fZLeDd3c+z U8l1xTmK/ZnI4UnHY2hnv4oKR/Em2Kl8CLcS+25+FlEp51TMXyXVMslVlF97aCt+ VwGhTvjGAD6s0RvcP0WRvaqPLqUuwK0ijdgsFMSq4piHrHkcgY9fHmZlFEPsmkNW eO9Pc/rUsIFCO+Q7FNHfL8wARGrlgSSF/JLr2WeVsvlyjK72HZxxaVY1ilt2BAQT nEWbd6MXZRODMSh8ULy2y2hVd3/MUf+fB+KtuUAiHanScn3N/mQW3UG6J/1as5LL mFLJ/9XTsNecFGziZfBOIiaOscjUTWJHhj2p4Om6osLWviBY1q0iSrRm9oY/I4iR I1DX3LNvAyG26BKCSS9RVC2J0Ea5es1QkZ1Tu5Mp/lncCKmJMwIRPMga1JxW7DbR x38MrUNq/5tzsfI+2BZTSF3Xv0143A7UMP2KgF4oFyL9Oxiaf4SY/zeNtn+3e9/f cCfJ0zsbX9MwA+6ZbB+QQm6TTINkjGMHuMOBb+0Uz6SKwDLLJa3BvMhoS0KJ299D Gi6KPLGBzyZjWOLDDXhIswM5ZSOom2XWAiAUPB2TxA5e0VusW53G/Yu9HpojOCoG 79XSJcfJFRsqZT7Ispd8sOxPtgBIbQMS1ouCux/8q5J4WXIUEUwMiXkuH00kyoEn nlbT6hPGmDf6/Kbu4IF4 =3QrS -END PGP SIGNATURE-
Accepted libemail-address-perl 1.889-2+deb6u2 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Tue, 29 Sep 2015 17:13:43 +0200 Source: libemail-address-perl Binary: libemail-address-perl Architecture: source all Version: 1.889-2+deb6u2 Distribution: squeeze-lts Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintain...@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: libemail-address-perl - RFC 2822 Address Parsing and Creation Changes: libemail-address-perl (1.889-2+deb6u2) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS Team. * Set default depth of parsing nestable comments to 1. This prevents possible DoS attack in software which uses Email::Address for parsing string input to list of email addresses. * Patch file provided for reference/documentation as debian/patches/0001_nested-comments-default-to-1-level.patch, also referencing the original upstream commit. Checksums-Sha1: b7e43c94c5fbdf7eebf6495d9d2006ef12c099cb 2127 libemail-address-perl_1.889-2+deb6u2.dsc 1eab1c1566b0c25dea3d845d1e7952f236b7cfff 4018 libemail-address-perl_1.889-2+deb6u2.diff.gz 2926a102dc8e34a9c75c129e78a73b645476eba0 27252 libemail-address-perl_1.889-2+deb6u2_all.deb Checksums-Sha256: 0b88f1ad54f1835f12a157c651a2a41cae76a7012c8c58343871782454ee11e6 2127 libemail-address-perl_1.889-2+deb6u2.dsc 092a199055839ecf4792e01fa54fcf586b3e87cdcc0549d93040427b3f2a6440 4018 libemail-address-perl_1.889-2+deb6u2.diff.gz 3138af97c455c2027ca0051f2601b4c026f63636051e99f920c1bc5c09d58b85 27252 libemail-address-perl_1.889-2+deb6u2_all.deb Files: 7dcd70f4a7c957ef3997d4e89666a591 2127 perl optional libemail-address-perl_1.889-2+deb6u2.dsc bfb05312c60704a19330c014ff17bb28 4018 perl optional libemail-address-perl_1.889-2+deb6u2.diff.gz b628c89564f56dde98dcfce443fd89e4 27252 perl optional libemail-address-perl_1.889-2+deb6u2_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJWC1q0AAoJEJr0azAldxsxWqIP/05amo+i+mMoTZCxOOx/eZI2 UnMOrLu8xWxTYqo/7RBR6lYa00Wgxw/Yp466YkwLgV6ZifWm/Y9LQYuY0w4VjR1L 3GoHMOBZPpEbcEIe5hk7KLeV/YhapPLLpQja7+1uKQUst58FmQMZ0AfksMlX0yHR Dw0obWm+9cPBCXjPqjmmQboQzdm0tGZFXzFAXRfT2wI25kcJeWw8IhzAVxMTrxfz 5nqeDcfwQDToBjU0n4TSN1zoJO/UC+RWIYkaQo8njTl/3/N0Atiwl5sW2ZSD8JdE Nrk5N0w5tatXMQlSRu/l2m3IZEkXnw1aJRlGjL3J2+OzC8gdfFXbzuL2r7mVmyqU 18YTMOHPwtiHqP8iRgg0gkYYj6q7n9EvZALZ5WZZUSzFvONsz6Roq/XKrid3lqPR Ww94Mm10x3gbJ1yo7Yk5yWy/8irD0fsuoZRjhewxxEnQj6cQSgXz5RGMry4Ix67Z vbJ8Jd48eK36SLn9VXF5/UF3t45BIxxj3EIIY1CNQlhQRu01a4jf0d73tKb6sfeD iuIO0F4xHlVx9A3gcyaxvf9WiY4QUWBg/sgS2/PS2WrtkwCoU1spHQkt4ucWBx2s zwtEOaeZurqibNsfAT0QPQczkhMkvxF9Ir97P8+fR7ixgPHGiFk1ZTbiJ/5BefPe eG/EgIBCG7wlhnBuko7U =pa5T -END PGP SIGNATURE-
Accepted libxml2 2.7.8.dfsg-2+squeeze12 (source amd64 all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 29 May 2015 13:37:58 +0200 Source: libxml2 Binary: libxml2 libxml2-utils libxml2-dev libxml2-dbg libxml2-doc python-libxml2 python-libxml2-dbg Architecture: source amd64 all Version: 2.7.8.dfsg-2+squeeze12 Distribution: squeeze-lts Urgency: medium Maintainer: Debian XML/SGML Group debian-xml-sgml-p...@lists.alioth.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: libxml2- GNOME XML library libxml2-dbg - Debugging symbols for the GNOME XML library libxml2-dev - Development files for the GNOME XML library libxml2-doc - Documentation for the GNOME XML library libxml2-utils - XML utilities python-libxml2 - Python bindings for the GNOME XML library python-libxml2-dbg - Python bindings for the GNOME XML library (debug extension) Closes: 782782 782985 783010 Changes: libxml2 (2.7.8.dfsg-2+squeeze12) squeeze-lts; urgency=medium . * Non-maintainer upload by the Debian LTS team. * debian/patches: + Fix CVE-2015-1819: Enforce the reader to run in constant memory. (Closes: #782782). + Fix out-of-bounds memory access when parsing an unclosed HTML comment. (Closes: #782985). + Fix out-of-bound memory access during read operations. (Closes: #783010). * debian/rules: + Disable updating of config.sub and config.guess during override_dh_auto_clean to avoid .debdiff pollution. Checksums-Sha1: cad07b9ed1d82af6e9c5a4a850f770979d75b4f9 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc 32dae94c8586d2d2b541a3d559119005a85931ad 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz f35c5c06b9308b92b10ce9b4e1f8a273e8033d77 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb d3e0281f9b1d5b48a02c3cd13459fda1376dbf8e 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb 2a8489136144332e365754f359fcf6f81836f702 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb d1c7f883bf8db616987fa4e16937730a0ad62107 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb 90a09f4461f687316afa3794b58fe6becb1fbfb8 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 752cf8de68974634e485278bd66b47c094f6ee83 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 62a56ed5540c0d7afe84a00a1e22d7d41777fe6f 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb Checksums-Sha256: caed369c39b9f938487dd9ad9a882885b88197f75038da3a203807f07f8d2b73 2426 libxml2_2.7.8.dfsg-2+squeeze12.dsc 1b200e219a9c5c99d9206403a8ed7c2b9a1c7071e5d007e1efd7ebc3bfaf4888 129695 libxml2_2.7.8.dfsg-2+squeeze12.diff.gz f6fb97455ce972248eaaedc219cf2860736709d0fb386ffb4ce40d000fe724f8 875920 libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb f252922bb86e0fcac3bd2081929b0f4b4f35b3f45ce2822e5af81ead3f797b73 94448 libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb 2ee8beca3f509ef235dbd618d546e4d646576b18205425e7763a187a8c052f6f 832468 libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb c69727af30bdca658bccf1bb56e97d7cb89b7f125912dbec149cac1cde2a7f0c 991698 libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb eabcc505adb9414a2d59bb8f5216ab64911e25a8411a99adb7b78f0d19155f44 1378304 libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 8f39e1b49f7a8ccbac349c9df51c8863d34ec1d92e1f781deb5fb74722b56df1 341358 python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb b823a6133e23e80e36e2258d1f40691264ab6543545c230ea8c0e4436157ed31 873454 python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb Files: 1fea8792ff13982cb91d1d2e980df6eb 2426 libs optional libxml2_2.7.8.dfsg-2+squeeze12.dsc a30d6731f2d386fa732c37adc9df39f3 129695 libs optional libxml2_2.7.8.dfsg-2+squeeze12.diff.gz 049693d2d1463d4c1d54705526d772f2 875920 libs standard libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 4471805189f4968271ab6d8c38655242 94448 text optional libxml2-utils_2.7.8.dfsg-2+squeeze12_amd64.deb b8a915afb3c42bc27dc86c29806ba730 832468 libdevel optional libxml2-dev_2.7.8.dfsg-2+squeeze12_amd64.deb a5b563f663875996422b552ade779647 991698 debug extra libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb 148d69ed482b8104a2bc106cd87fa3e2 1378304 doc optional libxml2-doc_2.7.8.dfsg-2+squeeze12_all.deb 2953603d24f56a3f700f1042c37d4de2 341358 python optional python-libxml2_2.7.8.dfsg-2+squeeze12_amd64.deb 43f08b8aa94017c105b336abb737dd66 873454 debug extra python-libxml2-dbg_2.7.8.dfsg-2+squeeze12_amd64.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVkuqRAAoJEJr0azAldxsx/sYP/RfomfpVAfBJuJzqYlsJflYX HfTJfFcvQQ1BD49eYJAjk3WUBUfYm3cKiRCJppMl8TOI1VolXHUr0LOF1Hf32Acf kJys9mDIBO6fKEZ4fNqZYAqcgkiott5MRXsQEm6HO4JTNdNVcdymTp8kPnZYaNEQ UA1Zg3smzjpeANgrBCca292svoEtz+gOHm3ZvD/dUUkXROiMIaHf42NKDyqVvE1F c85Nu+WGiulrwRVXXD/Toai1qoLV0AEvWCHHMUWXbTEyoS4DBbkVqxWIEVZURiKX rtT5RnkTcUmLLrIWUB/khCgltEno3ARpi1TTbMquc6i+/12Oh6C17e0HKNJSblVu X3Owmrb23OledtAj1Lhu5Uu3ofOgOVKEHkZrGC7A418Qcw8x0GZw1d4b9VilK+cG YXr+Y+b9NrEZ714TpmZPuu5W3tGVxyF5Xg5q8vYjYAwJEXOqKexu4UllSzqwUPcr 0UF7lAyJJoCXFlSvORCSaxlXiP4uykXIrNOYZLgc30xuEYWaxDVF9oaK1kj+Ae0F n/tXZlCXxYAjIXjRjWd06Ulz6JLVN9MkFyFO6ZMxixmgjJbQ9hBSliNgw13Eg9Hh
Accepted wordpress 3.6.1+dfsg-1~deb6u6 (source all) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Mon, 01 Jun 2015 13:07:25 +0200 Source: wordpress Binary: wordpress wordpress-l10n Architecture: source all Version: 3.6.1+dfsg-1~deb6u6 Distribution: squeeze-lts Urgency: medium Maintainer: Giuseppe Iuculano iucul...@debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: wordpress - weblog manager wordpress-l10n - weblog manager - language files Closes: 770425 783347 783554 Changes: wordpress (3.6.1+dfsg-1~deb6u6) squeeze-lts; urgency=medium . [ Mike Gabriel ] * Non-maintainer upload by the Squeeze LTS Team. + Backport patch set from wordpress in Debian wheezy (3.6.1+dfsg-1~deb7u5 and 3.6.1+dfsg-1~deb7u6). + For details, see below. . [ Craig Small ] * From 3.6.1+dfsg-1~deb7u6... * Backports of 4.1.2 security fixes (CVE-2015-3438, CVE-2015-3439). (Closes: #783347). - Changeset 32163 sanity checks - Changeset 32165 sanitize order by - Changeset 32174 multisite change extra checks - Changeset 32176 Dashboard escapes titles - Changeset 32234 More WPDB query sanity * Backport of 4.2.1 for security fixes Closes: #783554 - Changeset 32307: XSS for long 64k+ comments (CVE-2015-3440). * Changeset 32172 NOT applied as bug introduced later. . * From 3.6.1+dfsg-1~deb7u5... * Backport patches for 3.7.4-3.7.5 (Closes: #770425). - CVE-2014-9031 XSS in wptexturize() via comments or posts - CVE-2014-9033 CSRF in the password reset process - CVE-2014-9034 Denial of service for giant passwords - CVE-2014-9035 XSS in Press This - CVE-2014-9036 XSS in HTML filtering of CSS in posts - CVE-2014-9037 Hash comparison vulnerability in old passwords - CVE-2014-9038 SSRF: Safe HTTP requests did not sufficiently block the loopback IP address space - CVE-2014-9039 Email address change didn't invalidate previously sent password reset Checksums-Sha1: 8579908c887fbf54853c35656000f252b859ad5f 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc d6c057f370bbe0e14a4e401e0f4af4ca0f39900b 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz f47b685b0549607a5ed361883932d563b802ee7a 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb fa08938e7c79647ed5b81431794b566afb2c717e 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb Checksums-Sha256: 0973d67ec3bfb3d5640f40d4f05720cb9312c83ff170e4bbdd5c84375bed5928 2194 wordpress_3.6.1+dfsg-1~deb6u6.dsc 313a26e3b23acc805c883faacdc70dcbd7388478ba07fb76312c7a2b12bd8e1f 11018022 wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz 877e790334675ee6e77d4e130d61cd381e260ae724ccf30996994ac19a70d490 3992404 wordpress_3.6.1+dfsg-1~deb6u6_all.deb e72c9b4bb1985a04ae0b6006faba85184d031f6758d1914956d8f6f31dd39071 8869726 wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb Files: 83ee2d80c631c8506d121dc0fc2b0c28 2194 web optional wordpress_3.6.1+dfsg-1~deb6u6.dsc 166957d040da2b4a989d6574070ac6bf 11018022 web optional wordpress_3.6.1+dfsg-1~deb6u6.debian.tar.gz bb6760d7fd9db4ae24c253739e02e445 3992404 web optional wordpress_3.6.1+dfsg-1~deb6u6_all.deb 2c0ca74294de6264aa48e4fe63d14d34 8869726 localization optional wordpress-l10n_3.6.1+dfsg-1~deb6u6_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1 iQIcBAEBCAAGBQJVbEIrAAoJEJr0azAldxsx3mQQAJwp+0XGRI2IdL3ObCKd2ic3 3iqRo2EcQME9z8+KI1uDXzLNa+1GFAUW1WiqzIetvcrNAIz9YVt7DGVaL6SZQSQu adZcHsXgtw/+NJBiqx6Nfjk6Uo6Xh7WMBhHVwt2QpHIt5I7xKK6RWN3aiXdNOuGq lYqvGZt/TAu5FiPU09iUqp5OcflcCVnHvRm/d/UwU20cS43voYvhrhj3kXXqOMyV x3uuAC/Uz9Lp64WO+FDFH+skIAUV4zTQw0auQCefOF+vNjvcWezUiDTfez0t0XUv yLNHFM/w1Heu4ZOaOC+ntO3hyJzyEFTqFpoPu9d2ilM5KGQcqn4vEXHIyEA0pwD7 a++5v+S9Q+ELwc1LUKEElv7gOu0NTk2+cHk0IQ2b2CcANu+I43vXN313Vhua/TF4 sYIp8Q7hv52fpgtWeaCGhZZPdUC65D8Z28pBFcIjNZek8JMH++m9s9r3yx4xHSqT b3s1lsVWGfa4ZC2XjVF7FPrAb2b1g+ld7TG7f+N4NEV2hJN+DKKeU/GZZREm/o4t AocQcqmJsxi0KGSZCXbqZTvTCyT6WOuVU6sWPvypKuEJuUvO48ZOdDFCqzbPUyqp DUdPqPShD5qdDgEghug+7dbcoc+yF6t5Zzo7f308O/acIJnHAMknAC23Z3Sj7TA3 6vuQhTo9ij4MxEOZGb/m =ylZN -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-lts-changes-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/e1yzohf-ws...@franck.debian.org
Accepted xorg-server 2:1.7.7-18+deb6u3 (source all amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 01 May 2015 12:00:10 +0200 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source all amd64 Version: 2:1.7.7-18+deb6u3 Distribution: squeeze-lts Urgency: medium Maintainer: Debian X Strike Force debia...@lists.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Closes: 774308 Changes: xorg-server (2:1.7.7-18+deb6u3) squeeze-lts; urgency=medium . * Non-maintainer upload by Debian LTS Team. * debian/patches: + Add 31-CVE-2015-3418.patch. (Closes: #774308). dix: Allow zero-height PutImage requests, fixes CVE-2015-3418. Checksums-Sha1: 803bb93b440d9f9aca6348475e5f284e17a804a0 4272 xorg-server_1.7.7-18+deb6u3.dsc 9f3587fa8cfd4ebbf0816ba1f66ac7bd7636eb43 452894 xorg-server_1.7.7-18+deb6u3.diff.gz 1792e9dcadbcbcd14a899a0f5efffee8e32f0fef 59120 xserver-common_1.7.7-18+deb6u3_all.deb 6bc24dbc5bc253caa80d79c73e46574dd66019e1 2564802 xserver-xorg-core_1.7.7-18+deb6u3_amd64.deb 7e138c5e3d72f16bde513f071bff657ba5168304 1001574 xserver-xorg-core-udeb_1.7.7-18+deb6u3_amd64.udeb e8fd1261231debcece29866bf72def88acd71023 1226270 xserver-xorg-dev_1.7.7-18+deb6u3_amd64.deb 8edc42bdd79795acf6555648844d82b7b65283fc 1770610 xdmx_1.7.7-18+deb6u3_amd64.deb 8407b5188b97b833262acff602478f35641c7a85 1039276 xdmx-tools_1.7.7-18+deb6u3_amd64.deb 599dc11038e774af3e69044f1e90550b806d70f6 1683744 xnest_1.7.7-18+deb6u3_amd64.deb 360583b21cab8dd1d7d897243b43b89a2e158747 1798722 xvfb_1.7.7-18+deb6u3_amd64.deb be7f80bc708aa9221c4489164e37e2f6a0d93ac6 1886352 xserver-xephyr_1.7.7-18+deb6u3_amd64.deb c0045351e2ea495356689612ce5b9be05f967ba4 1824186 xserver-xfbdev_1.7.7-18+deb6u3_amd64.deb b01c3ef951069c4c82d6a35957b58dd2c2f5305d 6094922 xserver-xorg-core-dbg_1.7.7-18+deb6u3_amd64.deb Checksums-Sha256: 97d75dd08651c1fce8071ed6c128ab4ab072bc067782e85800d584f70a0d7b1c 4272 xorg-server_1.7.7-18+deb6u3.dsc 1159f74dca00d0bb41426dc0019f0ef2ffd652265840ce83b6fb56da8c64110a 452894 xorg-server_1.7.7-18+deb6u3.diff.gz 7ade7349c138960976f8cbfad2394e34e2df92853873de1dede85d063447f34b 59120 xserver-common_1.7.7-18+deb6u3_all.deb 32f25b4297ceea6c76fe47008c1016a560c7530900ddd54c92a0594f88f68456 2564802 xserver-xorg-core_1.7.7-18+deb6u3_amd64.deb d603d71504a66f89babfdcf698376b8b95adcb2bc6ed89c2d23f0fe695cdefe2 1001574 xserver-xorg-core-udeb_1.7.7-18+deb6u3_amd64.udeb 6a6695c3c1cafe6d092b21e85f8c4870d25183344f50dfc1f60eeca5c823a7ce 1226270 xserver-xorg-dev_1.7.7-18+deb6u3_amd64.deb 8506a64dacf63226505fbaf28045393908c2ea585f4d6c7015dfd5d9fc67a74d 1770610 xdmx_1.7.7-18+deb6u3_amd64.deb c995663228e546191af0ac36e9477e8e62d7954134cecac6b0179917be8fe84f 1039276 xdmx-tools_1.7.7-18+deb6u3_amd64.deb 624dc5a60881f3042845da1ef60449f3a1ffc98c055b1b27c3deefb9a3088032 1683744 xnest_1.7.7-18+deb6u3_amd64.deb 25595b7dacd1685e44edd3bd238b293c6b1cdf324850a5859f23970942397708 1798722 xvfb_1.7.7-18+deb6u3_amd64.deb e3f93743efca8a52c11eb35a92c0d0aa515a2fe8601ef50664a87b8da8e55925 1886352 xserver-xephyr_1.7.7-18+deb6u3_amd64.deb e4e310696c6884d2cb391144cfc571b5950d47c79e7c0fc7ab5bf62029bfa6c0 1824186 xserver-xfbdev_1.7.7-18+deb6u3_amd64.deb 29d9d946c2a1762a0424094a74f44fd54ddd755d156424758c1c302fd8705819 6094922 xserver-xorg-core-dbg_1.7.7-18+deb6u3_amd64.deb Files: 9d508bee9e5b598ba45901014a138a6e 4272 x11 optional xorg-server_1.7.7-18+deb6u3.dsc 138fbafadd296cce5bd7f11227a1bf0d 452894 x11 optional xorg-server_1.7.7-18+deb6u3.diff.gz 03c28606b8dcccdfb253f49b198803ff 59120 x11 optional xserver-common_1.7.7-18+deb6u3_all.deb 6fb00d75fee5e0764098919ed462002b 2564802 x11 optional xserver-xorg-core_1.7.7-18+deb6u3_amd64.deb fa7d37050cddadac66b4f6b858176ab8 1001574 debian-installer optional xserver-xorg-core-udeb_1.7.7-18+deb6u3_amd64.udeb 0dc9762551a87abe86f7056f3f51879c 1226270 x11 optional xserver-xorg-dev_1.7.7-18+deb6u3_amd64.deb 5689477cfc398f7bb0448a8799219f6f 1770610 x11 optional xdmx_1.7.7-18+deb6u3_amd64.deb 88290db9c17da557961f4b9748b94c18 1039276 x11 optional xdmx-tools_1.7.7-18+deb6u3_amd64.deb 9b0fd3913fbcd352a7f34e8480ab1da4 1683744 x11 optional xnest_1.7.7-18+deb6u3_amd64.deb 075b4a6465c41b8bff50719235a8b68f 1798722 x11 optional xvfb_1.7.7-18+deb6u3_amd64.deb a8ab86729443d18e2a23e33fb22ff907 1886352 x11
Accepted xorg-server 2:1.7.7-18+deb6u2 (source all amd64) into squeeze-lts
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Wed, 22 Apr 2015 11:45:21 +0200 Source: xorg-server Binary: xserver-xorg-core xserver-xorg-core-udeb xserver-xorg-dev xdmx xdmx-tools xnest xvfb xserver-xephyr xserver-xfbdev xserver-xorg-core-dbg xserver-common Architecture: source all amd64 Version: 2:1.7.7-18+deb6u2 Distribution: squeeze-lts Urgency: high Maintainer: Debian X Strike Force debia...@lists.debian.org Changed-By: Mike Gabriel sunwea...@debian.org Description: xdmx - distributed multihead X server xdmx-tools - Distributed Multihead X tools xnest - Nested X server xserver-common - common files used by various X servers xserver-xephyr - nested X server xserver-xfbdev - Linux framebuffer device tiny X server xserver-xorg-core - Xorg X server - core server xserver-xorg-core-dbg - Xorg - the X.Org X server (debugging symbols) xserver-xorg-core-udeb - Xorg X server - core server (udeb) xserver-xorg-dev - Xorg X server - development files xvfb - Virtual Framebuffer 'fake' X server Changes: xorg-server (2:1.7.7-18+deb6u2) squeeze-lts; urgency=high . * Non-maintainer upload by Debian LTS Team. * debian/patches: + Add 30-CVE-2015-0255.patch. Don't swap XkbSetGeometry data in the input buffer, check strings length against request size (CVE-2015-0255). Checksums-Sha1: b7db7a606f10514bd26b1fe4ab1fba9b81b10175 4272 xorg-server_1.7.7-18+deb6u2.dsc c391e4a13b04fdd2fe4d135c4758e09f35b8f5c0 6621190 xorg-server_1.7.7.orig.tar.gz 5149b8a814f5a929aa17011efd78393745ce2382 452475 xorg-server_1.7.7-18+deb6u2.diff.gz 22165569c84b8f02897cf28f5e73bfefb4684063 59042 xserver-common_1.7.7-18+deb6u2_all.deb b6eca0aefa18566d42e635dcd0dc251a5036728d 2564718 xserver-xorg-core_1.7.7-18+deb6u2_amd64.deb 54ea5fbad5d5b42dc63d1479fbf2919b7cdbda33 1001570 xserver-xorg-core-udeb_1.7.7-18+deb6u2_amd64.udeb 5d8037fcbbbc88e4eb6c1912c0ceb8916b2f03b9 1226186 xserver-xorg-dev_1.7.7-18+deb6u2_amd64.deb ca46e66ae2ba51eb55c130de3149ebd7213355b6 1770538 xdmx_1.7.7-18+deb6u2_amd64.deb e1fb3adda810e10b807c81ebb8e0533eab90e28e 1039202 xdmx-tools_1.7.7-18+deb6u2_amd64.deb 7a4dee70b486fbd791b4ab1d05ae3322ad79062e 1683650 xnest_1.7.7-18+deb6u2_amd64.deb c3b221cd44c0ac0505f3d1a3bcffc56e9360a4ad 1798658 xvfb_1.7.7-18+deb6u2_amd64.deb 7323b710ed901cd9df863aed40851aac20220ec2 1886250 xserver-xephyr_1.7.7-18+deb6u2_amd64.deb 64a30628dc03733f2572fd6bd9d1f3c5c1ba8f65 1824116 xserver-xfbdev_1.7.7-18+deb6u2_amd64.deb 069e7a1e87d68b91a6d8b702b60dd34bc772f183 6095426 xserver-xorg-core-dbg_1.7.7-18+deb6u2_amd64.deb Checksums-Sha256: c5387de38464381b7d49dd6c32a54511882667e415d1988058009da59b0f3529 4272 xorg-server_1.7.7-18+deb6u2.dsc 92e00fa8fc6723c7e0629de1e6a4b87fee34383967d36b6ae1e648f8a06cafd8 6621190 xorg-server_1.7.7.orig.tar.gz 0cfb1a8b7754fa34c2f63e129e4ab27119de56c044791406ace6f9e1893c34b3 452475 xorg-server_1.7.7-18+deb6u2.diff.gz c91f35046dbe61c6e99b18e8260e4839efa7c41fbf121e6025956fb384fabe06 59042 xserver-common_1.7.7-18+deb6u2_all.deb 68ec2d8d318fdefcc9a68f18f2bd2759c1127fe68416cde55c3be94552feadc0 2564718 xserver-xorg-core_1.7.7-18+deb6u2_amd64.deb 41acbef77eb2f03ff06f59a3484d3f84ce462a25c5d84e1072ca0610776509a7 1001570 xserver-xorg-core-udeb_1.7.7-18+deb6u2_amd64.udeb 001140241ccbc9ba65ffa28075cdbe675b44476b322a7492a2300784317dfbb9 1226186 xserver-xorg-dev_1.7.7-18+deb6u2_amd64.deb 293c5d56e29085f61b47c08a35d261b4adcce84ca27e98f4e58eb7294ff51914 1770538 xdmx_1.7.7-18+deb6u2_amd64.deb 143bb515e40daaf4673795fdcc945a9366d8b4bd3a2982c72cff3e0dd0807055 1039202 xdmx-tools_1.7.7-18+deb6u2_amd64.deb 893b3c8aea44399b4ac14bb41d1a76611e7cfe1b88b7f7d20708cb01e1434beb 1683650 xnest_1.7.7-18+deb6u2_amd64.deb a3560d1c1381c9b5a2fe7300150f626f6fb3f2297dbbce437acfd2c4bff6b62f 1798658 xvfb_1.7.7-18+deb6u2_amd64.deb d424476817f000be90de93a13d6eb8de05bedb39baec830343bdbda8e3edc71d 1886250 xserver-xephyr_1.7.7-18+deb6u2_amd64.deb 1fa79de9745b78bbe4267efdfd50c708fbc1e53dec11106637e768734842274c 1824116 xserver-xfbdev_1.7.7-18+deb6u2_amd64.deb a5476fe35fe65b23550eb89388ac2f500c4a23ee52e093e0653221d3ada71d39 6095426 xserver-xorg-core-dbg_1.7.7-18+deb6u2_amd64.deb Files: 51d38d96c0fecfee99fdfa36b6b6315f 4272 x11 optional xorg-server_1.7.7-18+deb6u2.dsc a88ab769d163a08ef77eda465206c890 6621190 x11 optional xorg-server_1.7.7.orig.tar.gz 7b637bd5e10963d4964eb5092c577dbf 452475 x11 optional xorg-server_1.7.7-18+deb6u2.diff.gz 229617002ccc1dd5fbff5f5c50e740c1 59042 x11 optional xserver-common_1.7.7-18+deb6u2_all.deb cf43702a80348dafbe2434cc1b51c537 2564718 x11 optional xserver-xorg-core_1.7.7-18+deb6u2_amd64.deb ce44cc13ab92c4230dbb65c4f5a152ee 1001570 debian-installer optional xserver-xorg-core-udeb_1.7.7-18+deb6u2_amd64.udeb 0565480a9488d8b78dfb952ae33844df 1226186 x11 optional xserver-xorg-dev_1.7.7-18+deb6u2_amd64.deb 4aaf6ee812abf13984d61fbbe6f6509a 1770538 x11 optional xdmx_1.7.7-18+deb6u2_amd64.deb
