-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Oct 2019 04:55:01 +0530 Source: graphite-web Binary: graphite-web Architecture: source all Version: 0.9.12+debian-6+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Graphite Group <pkg-graphite-maint@lists.alioth.debian.org> Changed-By: Utkarsh Gupta <guptautkarsh2102@gmail.com> Description: graphite-web - Enterprise Scalable Realtime Graphing Changes: graphite-web (0.9.12+debian-6+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Add patch to remove 'send_email' function to avoid SSRF attack. This was insecure, not used in the code, and was undocumented as well. (Fixes: CVE-2017-18638) Checksums-Sha1: bbd80667a7de3e4e0dc5f185eb1e4dff1d006118 2152 graphite-web_0.9.12+debian-6+deb8u1.dsc ccb4ecbdfb8312062f1617b05ac57feb0d5e837e 1114668 graphite-web_0.9.12+debian.orig.tar.xz 23d7d24b8011e6cc24ce36fc47995de6f2d0af78 328624 graphite-web_0.9.12+debian-6+deb8u1.debian.tar.xz da1f39bccd6c751eed43874384ca07213adde14a 1130816 graphite-web_0.9.12+debian-6+deb8u1_all.deb Checksums-Sha256: dce03a66f2ea44c6d862bca4e21381b13debac96c5490badfe5d099e38524d71 2152 graphite-web_0.9.12+debian-6+deb8u1.dsc afc6c3c292aaaf6da9ed0455512f275f9583e28c09604e9b891a7c71ca4967b8 1114668 graphite-web_0.9.12+debian.orig.tar.xz 5227ff1ab327929047f44f071d1ee4aa58d1d013893831e1d0cec27bcfe982fa 328624 graphite-web_0.9.12+debian-6+deb8u1.debian.tar.xz 551630520af12df2d28ba69e9b73500fcfe45d19a3cdcd1d4d56bbfd887a6e72 1130816 graphite-web_0.9.12+debian-6+deb8u1_all.deb Files: 10fb0e812388048745d299eaf233c013 2152 web extra graphite-web_0.9.12+debian-6+deb8u1.dsc 9054440fa4b535fd272faf925e1282b6 1114668 web extra graphite-web_0.9.12+debian.orig.tar.xz b36bf127f1970a2de2ecf995b27537f1 328624 web extra graphite-web_0.9.12+debian-6+deb8u1.debian.tar.xz 7c28f376c99e711f11ffa298c6fba973 1130816 web extra graphite-web_0.9.12+debian-6+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl2tq8sACgkQCRq4Vgaa qhxY/Q//U+pBq7bW4ULRB+7pYBf+c1niF3Tbo857KDeJ0zF6ZRMD8vBHDowgXP4P 3uqtDg4Y25EuqxQ00A8tOy6afl1RaNXbRsz1Z3SJHuo//7gpxQg0sdU/36ssvrBt gKRO6IEJxMh8i+Lfi0r3qszYRFkSMow2i5elbqHg28VVKSNgay5FjIUkb+L0IAOR DBsQerU/KJVkh96S+om2H9IMpBDQDNZ6XDAPqoz6mFdR8vuKNn/gA9pB/Es1pk8w L0oWKIDqlhtI8vpYqD9t37dxBqJuIE8pim7kVUsQsU/184zTR7fmtBBmSJNJtHZR lbJZbplb6d2IB+UNv7gxZuNjWk0fO9WAqb2DrT4MWetZ/eJCs4JKpBZr2Suk/4eK leFFHTZ1bMrq+vU5Aw83EgbuAbxpFiMfnC3mDu60eONnVZ/0oVYPxC/egso/SlC1 tsIfeHvYpf/6NX1CcjUvvPjREL8Sbxl6c33gwvki+n33mDFX9J3xP9PQWPqfl+sk l4NvjZiqWzGZOOe0xY9yT+kekOf1lj7yMgTyOhoDDbZ0iet2KKQFAC52BHZvzvTh rxwAQkVhsIap0X9ZLw55Kkds0ma0D7bR2yYjUn0wfYhyhWsLuwDCjTtQfe4N3IG1 iWg/CZLt6InVh7rJc6S51vuw8e4llxrEh0iKoiX9q7mQwAA4Yy4= =eghQ -----END PGP SIGNATURE-----