Debian Package Tracker

From: Ferenc Wágner <wferi@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libqb 1.0.4-1 (source) into unstable
Date: Tue, 16 Apr 2019 10:18:54 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 16 Apr 2019 11:32:02 +0200
Source: libqb
Architecture: source
Version: 1.0.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 902104 927159
Changes:
 libqb (1.0.4-1) unstable; urgency=high
 .
   * [021333b] New patch: Reduce stress test lengths to help weak buildds
     (Closes: #902104)
   * [dc825fb] New upstream security release (1.0.4)
     Libqb creates files in world-writable directories (/dev/shm, /tmp) with
     rather predictable file names. Also O_EXCL flag is not used when opening
     the files.  This could be exploited by a local attacker to overwrite
     privileged system files.  (CVE not assigned yet. Closes: #927159)
   * [e36e34a] Refresh our patches
   * [0823bf1] Acknowledge new internal symbol
   * [88aafa5] Update Standards-Version to 4.3.0 (no changes required)
   * [174d210] New patch: Fix garbled Doxygen markup
Checksums-Sha1:
 710f93c4bac969ce0ae0796ddb484637e016e3ef 2423 libqb_1.0.4-1.dsc
 b8078893be6c2c355313fe71cf006da7713ea43e 488536 libqb_1.0.4.orig.tar.xz
 a0c36c968b98ff62fb2e08d1676068f074bc22da 490 libqb_1.0.4.orig.tar.xz.asc
 597140cbb986bae40feabd146485cac13b732061 14660 libqb_1.0.4-1.debian.tar.xz
 7ad39ccc76987a16c2557887a4ef38d59fd17c74 8994 libqb_1.0.4-1_amd64.buildinfo
Checksums-Sha256:
 f6baa06c325116c25dfb6e268b1f26c4c0cbe1440c5466e8bb15aa31a5f4d291 2423 libqb_1.0.4-1.dsc
 0064575151b11135a68a15f01da0ab1eaef4279b07e7059a10c748c12f28c14f 488536 libqb_1.0.4.orig.tar.xz
 10029fa1da3752b9c28ac2a7530108671a084fa80f37c5b211aeec2de74744ae 490 libqb_1.0.4.orig.tar.xz.asc
 23c9517fb3f746f50ce7bd99deb48d03ab88521ba1801ceeb2a501dd54311fae 14660 libqb_1.0.4-1.debian.tar.xz
 4c61f83a9a0fa365561fb7ddd2300f5ed09cf1dcef1fa763eba658b46d40c69a 8994 libqb_1.0.4-1_amd64.buildinfo
Files:
 254a63658735dcb207be357b4c2b3e6c 2423 libs optional libqb_1.0.4-1.dsc
 07dc93433a295f45dd16293a4b63389e 488536 libs optional libqb_1.0.4.orig.tar.xz
 22d567fc789da092b0e14e1c9d625ac5 490 libs optional libqb_1.0.4.orig.tar.xz.asc
 61a49b2f90a1bbe677275238cd107213 14660 libs optional libqb_1.0.4-1.debian.tar.xz
 3d70e4dc9e8d7c4d71204c670a3e11c5 8994 libs optional libqb_1.0.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIyBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAly1pF0ACgkQOsj3Fkd+
2yM2Bw/2JzHPYzWM71U7xw9/rYefEfzigmRTofej16IQtx4dGEmGs5wy2lkDrY/Y
lmho1aPv8dpV46Xz4oTGhi9n1L02b9hD3eVJ0CsJ6YCFQaBJ9CcXPM+TQSLCjYN8
syGl/jqKknAfRNJG50NnQUXnACHmgJ79CVaXyiZh132V28kOYJBgGJi0ayqznd9r
G8eHoYYdmk0zV+SdaQ6fTeg8pitu6QWLHQ73qfVlaLO+uCeRZUgJl8Ah9raHPqgi
DA7OPoPWdlsrQc0kRKI3vQ0KMkphjzsymy+TsXD0zomXp7X6tJ97rx1q3yylO528
lX86UNll+aY84dejFu+LxJG7UBFW1ADlgd830qEUVR0SbL97pVKZCwwJ4k/Z9zN0
I7c3wFAwUJF/XkIc3serOjUjj3AB7XvKuQWXNHbaN6e2IurtrRrn3SRKrp9WX5l7
/5uyaan3cZ1mugphn1cSStyw2+nqOPp5SyeqTRkhL1LkTISpvmm24/QQGOvGrv2z
vPgy7OC1AwQroagp0DjwCSLyPWdJm7Svaic4WmzNaYmUF/PmytW4sdNboCC1ZAGK
cNhrisnYd8yLH+geGKIfhrXOXJ7ivcoufFHpBROnoazhVtF+gGOm5k4HqYaPOVb5
3PklhlTgilvG/9wY3662YIHWQIKFd+gPth/dfKjfexoHNJl94Q==
=NWod
-----END PGP SIGNATURE-----
News for package libqb
