Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libthrift-java 0.9.1-2+deb8u1 (source all) into oldstable
Date: Wed, 06 Feb 2019 19:00:15 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 06 Feb 2019 19:04:12 +0100
Source: libthrift-java
Binary: libthrift-java
Architecture: source all
Version: 0.9.1-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libthrift-java - Java language support for Thrift
Changes:
 libthrift-java (0.9.1-2+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-1320:
     It was discovered that it was possible to bypass SASL negotiation
     isComplete validation in the org.apache.thrift.transport.TSaslTransport
     class. An assert used to determine if the SASL handshake had successfully
     completed could be disabled in production settings making the validation
     incomplete.
Checksums-Sha1:
 86cb9a53aed68d11d7ccd6ba33305bcaa708874b 2321 libthrift-java_0.9.1-2+deb8u1.dsc
 986c7879e16cf1968e62073473667eeed8b69c45 132137 libthrift-java_0.9.1.orig.tar.gz
 2448d87c6645a3f280691d4411336982394608ec 3260 libthrift-java_0.9.1-2+deb8u1.debian.tar.xz
 735d0f8d3f496e7c6419c5f649a8d03f3e1966e9 323264 libthrift-java_0.9.1-2+deb8u1_all.deb
Checksums-Sha256:
 ca16c2d7e66eb57db13092ca12b8aa516e0c2977106d682170634b3d5fd805ae 2321 libthrift-java_0.9.1-2+deb8u1.dsc
 8cb6af03b29e6b3ba5bcd06a6cf7681222c1e606fbae2e3ae617e06710cd7998 132137 libthrift-java_0.9.1.orig.tar.gz
 3bcd7bae90b7d03be4fa237fdfd0e81f749484b071019d12add212882dba90ed 3260 libthrift-java_0.9.1-2+deb8u1.debian.tar.xz
 7de1d653dc319d82facb4e9b510de6bc6b28c1c1844cd44e010341c1f97247a4 323264 libthrift-java_0.9.1-2+deb8u1_all.deb
Files:
 5ca0815d4904d4b599f31fc8c42a3fa6 2321 java extra libthrift-java_0.9.1-2+deb8u1.dsc
 b8140af7eaa842551c2476706a66aeed 132137 java extra libthrift-java_0.9.1.orig.tar.gz
 44635ab401160b4c4703fe8ea8728013 3260 java extra libthrift-java_0.9.1-2+deb8u1.debian.tar.xz
 f1c8fa9c0ac2775f8f12c37672a600b5 323264 java extra libthrift-java_0.9.1-2+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxbKuVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk6PMP/1X2DrTBwTNFAYdITJp5X38HdAQUFjKP3fYN
xGYdXffuObuwDBt5xLhti0NkPjpXUV5x5UpsENHbfitLmad3caBfzfq9Qr7VT7pD
eDvAJAd3W1GXDMPADd/5GJTYaylwFLwM3wlMklMa6Z6E8XDj78AJaMz2BTetWt0Q
cVgdz5/tVvRxSxfi47p5A/Zdr2pyobX4ujn+d54yQ2jk5+BVOwUKllvWZaicQ2p+
Qw6D8WH7LHuAriAvIr3CrwA6D9Hssc0TizrRYey77QADtQATmEO5Do456Mb8KENb
ZRyyun9G+ujCBZvtnkJWb/GaS6BRX+jeCZO18mz4MUJ0NPJ9l3zwCgXDcssfR+hi
2PfosVIy1tRzPw0zhc3ZUpvWkrz0Ku+RL0IjCgahqMz4KCjngAfiQvvCvqCgClKc
OL0Novn7M6Kn+UPpnf5sjrRHZEafx0SpjTLzoJEVclMTKCceFuy0aNXON/oR3zLw
DdLM0eAwPZmaup0NQpEYKa3DC4tqNuiPWF8YQGM+whc02e/9xRR52r1Q0eDk/gBq
v4tRi25KYx69e/fPT29dZuuvg0fJNXbMgUfMbNl3c7K3mEB//VC73IParu9Ua9UJ
61T0cLJYjuw864J5NZC2C1v+khp+giJxabZp9r6njilHOB5KuKK6ZkN+P7hSvPys
lAV7IKbF
=Mpwz
-----END PGP SIGNATURE-----
News for package libthrift-java
