-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 09 Nov 2019 18:21:56 -0500 Source: ampache Binary: ampache ampache-common Architecture: source all Version: 3.6-rzb2752+dfsg-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian QA Group <packages@qa.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: ampache - web-based audio file management system ampache-common - web-based audio file management system common files Changes: ampache (3.6-rzb2752+dfsg-5+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix security vulnerabilities, thanks to Ampache developer lachlan for the patch: + CVE-2019-12385: the search engine is affected by a SQL Injection + CVE-2019-12386: the LocalPlay "add instance" functionality is vulnerable to a stored XSS Checksums-Sha1: 55a2ec61b94b40d9af22bef7e97d0ced2924c4bb 2003 ampache_3.6-rzb2752+dfsg-5+deb8u1.dsc f01d0cb50d04fef6086933afe2e5e6b51ef220a4 762084 ampache_3.6-rzb2752+dfsg.orig.tar.xz 3ca668ce8f15d2908ef469caac62a58b15310f5a 37524 ampache_3.6-rzb2752+dfsg-5+deb8u1.debian.tar.xz 16a7bb02fdb2f39023f5108a00a3a2d9cb3d3524 45060 ampache_3.6-rzb2752+dfsg-5+deb8u1_all.deb 8d2a7750298b15e66783e16775c572b28c9e847b 796002 ampache-common_3.6-rzb2752+dfsg-5+deb8u1_all.deb Checksums-Sha256: aaf749386d5172ca9647b9231080c0ea07a7316f0da7356e9148fc4ba0b1ae55 2003 ampache_3.6-rzb2752+dfsg-5+deb8u1.dsc 7ee8a20fdfb99bfbd59736f0c24062dbe732bb7a7ae968acf87a349b1606d08f 762084 ampache_3.6-rzb2752+dfsg.orig.tar.xz 1296a435a3aabad60707193b8f0a6d07f9e81a6f17ffff59ea9b39f0bb79c008 37524 ampache_3.6-rzb2752+dfsg-5+deb8u1.debian.tar.xz 62d6793afea3599d5230af38a324d042bf039f561abc36dca4ca0aafe0a2d083 45060 ampache_3.6-rzb2752+dfsg-5+deb8u1_all.deb 7d6b4a6c91fb98d88f81a06b898b3534ddfa96daaf9f95e4530be8e48292b49d 796002 ampache-common_3.6-rzb2752+dfsg-5+deb8u1_all.deb Files: cde911e8d8a58857cc35a614761a6041 2003 web optional ampache_3.6-rzb2752+dfsg-5+deb8u1.dsc 07b75788353011616f8cd00ecd0567db 762084 web optional ampache_3.6-rzb2752+dfsg.orig.tar.xz 255de9ae7b3432276cd2b3dfe4b85300 37524 web optional ampache_3.6-rzb2752+dfsg-5+deb8u1.debian.tar.xz 4c283dec07e9dfadb75628278ab76ddd 45060 web optional ampache_3.6-rzb2752+dfsg-5+deb8u1_all.deb bf12df5a76d5b3c45d3353f59345c6c9 796002 web optional ampache-common_3.6-rzb2752+dfsg-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl3HUcMACgkQLNd4Xt2n sg+xUxAAiRJzO5ZojzmyWxK0SddmHBZrPQyfs17QVpp46gII+eKTTstxYVuzSdrC vQ6JLuC4ec09xPHL8Byf05jtyRdG+ypd517HUn0f5Mle6gJCgiax8004N3QfjO7k /LnOEg2lVimqsn3psH/CKF+38vlq7R3kox/R/m3PV2CYNd2HwvPtjjXxdtd9cHQC 2COiHYUznBOQc3CGaarneaahwC+ctH60nrIS/v3NzDN9lfkodn/wAd/zM8TrPXsT V2S86gkZ7h/1dlrbNftBkgOBV0yJIDcgzWfSgOTs/bJZHpEg/nwzGikzUNlNf2VF w6URffvgQ6bp9Mi/exflJ4dDFafrcZkOC7gxu4aAguUNKkBsyTji9VAr+IhOk0IO vbbeDVb1Aq/l+uI54+ZWWYTM874t+kOxsoKGJNqHfxKWiblJEjMxXT1xxzG2dkUY 5youlSRD7KPa/cIEG6yJWO3aaFU4JKXCk6YsUDwdNj706LmvkfzyMVD8B8ogG4oL 1G/bdeROqfwqJg5kQVnFiAWq6oi7uJisVZsq1YIajv2sYUnJyCtmWrrrlYPSSTFC y/GVZWNotgoU8lC2P1rjlX3FKGXnU5gq5FxtFttt6L3B7Auf5PezSfOfGH9Nx697 I36a+mKDywNmjs/LgD1Rkoae9UoS2uanIw3YgEKMWbV+unpEPw4= =PZC4 -----END PGP SIGNATURE-----