-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 20 Jul 2019 13:01:18 +0200 Source: pam-u2f Architecture: source Version: 1.0.8-1 Distribution: unstable Urgency: high Maintainer: Debian Authentication Maintainers <team+auth@tracker.debian.org> Changed-By: Nicolas Braud-Santoni <nicoo@debian.org> Closes: 930021 930023 Changes: pam-u2f (1.0.8-1) unstable; urgency=high (security) . [ Nicolas Braud-Santoni ] * New upstream version 1.0.8 (2019-06-04) + Fix insecure debug file handling CVE-2019-12209. (Closes: #930021) + Fix debug file descriptor leak CVE-2019-12210. (Closes: #930023) + Fix a non-critical buffer out-of-bounds access. . * Comply with Debian policy v4.4.0 + debian/control: Set Rules-Requires-Root to no + debian/rules: Install upstream's changelog . * debian/control: Update my email address * debian/gbp.conf: Move the packaging ranch to debian/sid . [ Simon Josefsson ] * Drop myself from Uploader's. Checksums-Sha1: 50ed2dd861a6dc76dfe357f1802465b1c38d3d8e 2059 pam-u2f_1.0.8-1.dsc 5d925e314ce45ed0e354e58240e6d94d25dbee4f 384163 pam-u2f_1.0.8.orig.tar.gz 47df77d5e2468d851208147ed318f87e9bf3fa28 50580 pam-u2f_1.0.8-1.debian.tar.xz ea68586ff89ed227ee0dcb056ea3b228bc3db373 6441 pam-u2f_1.0.8-1_amd64.buildinfo Checksums-Sha256: 351504138974f823b02ad75cdcef30a617aa4582de549919551328aa50288716 2059 pam-u2f_1.0.8-1.dsc 52a203a6fab6160e06c1369ff104afed62007ca3ffbb40c297352232fa975c99 384163 pam-u2f_1.0.8.orig.tar.gz d2e2707fb82a986ccede92f4ca05845f605e8a94ee77e5a61788cdd7702085c2 50580 pam-u2f_1.0.8-1.debian.tar.xz c111b3c705ba8219c9ab737100fbc7be0f760f746a4e82c5a677c7a8497022d3 6441 pam-u2f_1.0.8-1_amd64.buildinfo Files: 4f46d48921b239886368efbedafdbe21 2059 admin optional pam-u2f_1.0.8-1.dsc e39e6bbb73921a7e015319fe8397b890 384163 admin optional pam-u2f_1.0.8.orig.tar.gz 24e962d24313019ea4491b8f0d10e535 50580 admin optional pam-u2f_1.0.8-1.debian.tar.xz e51f61ac93398e7d2fb5af663a0606cc 6441 admin optional pam-u2f_1.0.8-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU7EqA8ZVHYoLJhPE5vmO4pLV7MsFAl0y9k4ACgkQ5vmO4pLV 7MulxQ//X4aX6pv5qvAo+htY67UE+2l/zGVgywYqlolslNbhxiL3W8qDP1wCfP65 xyyaFCaroVTjg9xMssnH9Icb5x+myMOytCRrBswQA6piWX52vTt24rO1BAvYLRjQ rbT9X9AsRGYlVvQS2MeU6goFM+5KuGGkn7X4sdbHrwIfDiqrgRRf6p22yBcIWHS+ J3LENMxrN9XP+WjL4+vKpbZBzExaPMESqhydf7lLFB2dVe2BsFkpbNRY7I+m3hMQ E/Uz9WP/P3YLUrtk331O4xQcePqFrcwcm5ssHmU8RLWpj2/gCyqytLUde3JBU0Nn /cTcJX+DL96dJ22I8Bkl/w51BWjlwIilPYtBtWx7SLTJbYy1NWQ5gYXsFjGRCn3P 5rso3hEZDc6MBMvGA00H9R5JleG5MhNBSAynheCc8bl47OTkvLxK25fQkLEqeRj9 UdVcRH4zpysqFvmFtXIAh1Y41E5nIJLk6Ij69mFcFytTPDYZSQoTOpNuqqBJ+kN+ 5Y93K8P2PoQTzPNEpfqC+9sPGg5tdP4xuYxbMoPKwwAGnFIoExseGuFbC2RebnOf vwRq1gFRxhLDgfv5ofQG8L29w7Y5lZ0rydXmLTeGpMQNEobWm8BPKE9ja+PlTAeV 9VQ0vZj5gOqo057eIAw8fQIerd6RpDRG7VzT584FyKknzr8CQZs= =FnsC -----END PGP SIGNATURE-----
