Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libthrift-java 0.9.1-2.1 (source) into unstable
Date: Wed, 06 Feb 2019 19:19:49 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Feb 2019 19:04:12 +0100
Source: libthrift-java
Architecture: source
Version: 0.9.1-2.1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Closes: 918736
Changes:
 libthrift-java (0.9.1-2.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2018-1320:
     It was discovered that it was possible to bypass SASL negotiation
     isComplete validation in the org.apache.thrift.transport.TSaslTransport
     class. An assert used to determine if the SASL handshake had successfully
     completed could be disabled in production settings making the validation
     incomplete. (Closes: #918736)
Checksums-Sha1:
 d1b8333774342a9b9dafa6661bb6264d9557d3eb 2301 libthrift-java_0.9.1-2.1.dsc
 126eab3f003eae06e620e7964eb9b227926c2e11 3224 libthrift-java_0.9.1-2.1.debian.tar.xz
 22a30bbc5be1f9e0a3145eba3a16edcd854bae2a 16747 libthrift-java_0.9.1-2.1_amd64.buildinfo
Checksums-Sha256:
 2dc5b734bbbeb6ef40a65f0c722f6e259201d9b9fa2de3476d5cc30e5a8b3778 2301 libthrift-java_0.9.1-2.1.dsc
 ec2bce943cde5acf766ca853ec9b5afc2b00ee73973aa2e047477b87e9f877b5 3224 libthrift-java_0.9.1-2.1.debian.tar.xz
 fbc6e0046c49f613200c918ab90fbbed944168d906a9f120d584594a8d0b7618 16747 libthrift-java_0.9.1-2.1_amd64.buildinfo
Files:
 f2a6d2269e9e46f8baa1e272ea67bb59 2301 java extra libthrift-java_0.9.1-2.1.dsc
 9cb7931277a664e2e7f045b552d949be 3224 java extra libthrift-java_0.9.1-2.1.debian.tar.xz
 4bc2728fb4eacc7713e7991ae5173801 16747 java extra libthrift-java_0.9.1-2.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxbLNtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkicIP+gOOyd9rUsSEHZawREnX5wpMV2gIBtkYxilL
kyXgPx7CDCJQpdx62qR2YlGKhQx55OlXu5vg2SQQGMoGACaWnO1z5OvW2yTnoA+c
Xh5/uSRE5eFqTJAh+WTU0HZ+6WMYh6kLfcuzkwiLclrAFV6mYkwqYxXTUZ6R/224
t16M+WzvuS2PK7VCuWL5bxxthsKugVkzMDMuPck16l53t1+HjoSK4kRPNv7YqBdc
c66HB/B/n1N6/Cf6TPWnZx/Ku2Bm07PcrTJHI975oGbL3JeLndAekjOUODR65arO
j5fLX9n7WbiiWIVYR+HMMeK5DzOlFcs+EmN91OjGTI4oY8mpx1TSyd91gHRCidII
bFOF1Jj9XnUNHAA31zYGMYNn8S7ZXekOLliko+p20+QdffqAbUiU6Gmp2aUDBtOj
3chXi6j5wyatyd0cQ0gFBgxf1YLx+EHtt7+PTXURsbz8UY/1V8R/YSg2yf2vlwub
8+lYkvCcRg4gTiPhAJR4Dn1UeignIl8/Rd5va2Qce09VVnn2ABzYhrNI07IBHtdV
qNNLUaErmmWGdrTw4le32Qr96Q118uMhnCgainEOy+o7vnho0m4v8fwABb8a8rJm
2y99DQBKA7wctT/KLYAmSUfu+RLvWyysH4wX0UEjnT4dj/2p0JUhsk8wCtSR0y1J
1OFB5NOM
=GP+i
-----END PGP SIGNATURE-----
News for package libthrift-java
