-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 24 Jul 2019 01:18:17 +0200
Source: xymon
Architecture: source
Version: 4.3.29-1
Distribution: unstable
Urgency: high
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Axel Beckert <abe@debian.org>
Changes:
xymon (4.3.29-1) unstable; urgency=high
.
* Import new upstream release.
+ Fixes multiple security vulnerabilities:
- CVE-2019-13451: service overflows histlogfn in history.c.
- CVE-2019-13452: service overflows histlogfn in reportlog.c.
- CVE-2019-13273: srdb overflows dbfn in csvinfo.c.
- CVE-2019-13274: reflected XSS in csvinfo.c.
- CVE-2019-13455: htmlquoted(hostname) overflows msgline in
acknowledge.c.
- CVE-2019-13484: htmlquoted(xymondreq) overflows errtxt appfeed.c.
- CVE-2019-13485: hostname overflows selfurl in history.c.
- CVE-2019-13486: htmlquoted(xymondreq) overflows errtxt in
svcstatus.c.
+ Drop patches applied upstream:
- 00_htmlcontenttype.patch
- 39_kfreebsd-makefile.patch
- 66_apache2.4.patch
- 84_fix_compilation_on_GNU_Hurd.patch
- 90_fix-spelling-errors.patch
+ Refresh update patches where necessary:
- 24_hobbitclient-tmpfs.patch
- 51_hardening-buildflags.patch
- 87_fix_logfetch_FTBFS_with_glibc_2.26.patch
+ Add new build-dependency libtirpc-dev.
* Declare compliance with Debian Policy 4.4.0. (No changes needed.)
* Bump debhelper compatibility level to 12.
+ Replace debian/compat with a versioned b-d on debhelper-compat.
Checksums-Sha1:
ba459f222afada74e4c97b38ae1ec0c7e30639b8 2081 xymon_4.3.29-1.dsc
faf18c75839b4ec0863cbf309651c54bb2890988 3548283 xymon_4.3.29.orig.tar.gz
481d922168b584d877b95d6576c4fbaa5ce9433f 42308 xymon_4.3.29-1.debian.tar.xz
906f83302d63d48a91796c23036822ceb7bcc3f4 8587 xymon_4.3.29-1_source.buildinfo
Checksums-Sha256:
cbd9aaaaed2943d0c192f58bc3bbb925df4ccbe509286b430f2d3456c905d351 2081 xymon_4.3.29-1.dsc
89bcb6c7a4325c8bcaa5c1f3de238c444f2731b04b0cb0348b88add89396c659 3548283 xymon_4.3.29.orig.tar.gz
4da37521e08b3ebd443d1661e1298bb3bb9cfbf6990b47fee11f09d98f6b078a 42308 xymon_4.3.29-1.debian.tar.xz
417a67d049bf391693b160a9b4f0c9c7948f7483923c3bf6112f829f37cd67e7 8587 xymon_4.3.29-1_source.buildinfo
Files:
4742ff02ca573299ffd0126232ddb5fa 2081 net optional xymon_4.3.29-1.dsc
7172470955f6514c1d1fb72235efdc55 3548283 net optional xymon_4.3.29.orig.tar.gz
0831f5d69bd6b4df78c464d36e10b330 42308 net optional xymon_4.3.29-1.debian.tar.xz
96da9e36f6939b9f2982fe8586d736a8 8587 net optional xymon_4.3.29-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERoyJeTtCmBnp12Ema+Zjx1o1yXUFAl03m8IACgkQa+Zjx1o1
yXUtQg/8DACEhDBwnw4jCA0t+qX/rTdjpAKK3dG3MBS1CtqzjB1ocxzbtQ7M2GUb
/XinNqAL6t+UT/0JQkJzBnROOINhJPlIpllIL2dXL2+NI7uI2KD7s8P0vxM8Aa+5
X2ggcTchdudbC/t16Syw9R7vWXUoLBzUUf44IQG73YjMglgiyF/75DJ5sYOg7APz
QDewSzbrxW3in+nBHMjBRB3Vk9qhNwX+wlAEFlWUeSFAQSpZX6okc2WecwCOTdtB
RZIPfDaWLb058ycbm5f3iMoF+bD+zOPfDivW0Cy4L+HmRd30j3GzJDN3fdUnnEau
1GXmgl0I6VHolAPZ4fDz9tvQADHa62J9Tgdr21fvycKSTTvSjRB7BGI1gPjJCZP/
zgiSuL+FrKGO3O09Gcpfbkk6JTTKlVb7e79Gd7Ek5DXtsgOi5uy8hDieneESGQm3
ggic461vExDKTVK+EXligYJHCXHUPey59pRqDkr6lQ4INVWougilgA8KDDkKm0wt
qcUnsa4OjGMDjE2zvVun44H+0f2j3KsI5rrBX+tAVzAlahwwHu4riD5Ko2ooOxO2
2veYYZQlUxj1YkJyXxVJCx4Xcn296u1XVzMXsiUNRi80OCQg4h9ylpKna/G8Y3MX
MeAiT/fDT5HOwChvIlARZnyk7u63qc/AzLcjuwRkdxkFlpLCLqQ=
=5HQ2
-----END PGP SIGNATURE-----
