-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 09 Feb 2020 15:18:36 +0100 Source: ppp Binary: ppp ppp-udeb ppp-dev Architecture: source amd64 all Version: 2.4.6-3.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Marco d'Itri <md@linux.it> Changed-By: Markus Koschany <apo@debian.org> Description: ppp - Point-to-Point Protocol (PPP) - daemon ppp-dev - Point-to-Point Protocol (PPP) - development files ppp-udeb - Point-to-Point Protocol (PPP) - package for Debian Installer (udeb) Changes: ppp (2.4.6-3.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2020-8597: Ilja Van Sprundel discovered a buffer overflow vulnerability in ppp, the Point-to-Point Protocol daemon. When receiving an EAP Request message in client mode, an attacker was able to overflow the rhostname array by providing a very long name. This issue is already mitigated by Debian's hardening build flags. Checksums-Sha1: 80e7b1a76b10f86e7f75b0b1ca4e62ae36742b85 2185 ppp_2.4.6-3.1+deb8u1.dsc 0fd188b28cb8fdc81d2eaa15b78d3ad9c93344f4 687744 ppp_2.4.6.orig.tar.gz 9f53afdae18960e6da8fd89ef44f42d2ee835dd8 93012 ppp_2.4.6-3.1+deb8u1.debian.tar.xz 0d0edcb7a7385bfd5711bbba05f8b92f925aa128 336908 ppp_2.4.6-3.1+deb8u1_amd64.deb fca595132adaf7cbf5ecb1fdfa826ec6a1948500 120280 ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb 51f958bf0c29fa29969a5b7a7a8e7919c51f3825 55148 ppp-dev_2.4.6-3.1+deb8u1_all.deb Checksums-Sha256: b9f9785db3d4ee3bed5515aa3253ffe8c12bf8126048e50d3f093ed5b036689d 2185 ppp_2.4.6-3.1+deb8u1.dsc 1b33181a03962c8a092c055fb9980e9722728a8d98a4bb7ec7acda17c1b1b49d 687744 ppp_2.4.6.orig.tar.gz 29c1c645b1c66129af198d5c42258cedc64f5b55d91662e1b996fe0e6edef1b8 93012 ppp_2.4.6-3.1+deb8u1.debian.tar.xz 5f8b462171f2bc5880e6bc43a96db07ea7231e05ef8ced303073da1480279579 336908 ppp_2.4.6-3.1+deb8u1_amd64.deb a04fe66350fcd245abfff1c23224babcb8b32f5e5855272581c172c7282430ed 120280 ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb f19128489afcdb700016a86900303b8eeba4ee8b68c1c757e2e7c54d4c7f1388 55148 ppp-dev_2.4.6-3.1+deb8u1_all.deb Files: 999952fcb94d7c6c20b388246c9ce403 2185 admin optional ppp_2.4.6-3.1+deb8u1.dsc 3434d2cc9327167a0723aaaa8670083b 687744 admin optional ppp_2.4.6.orig.tar.gz e10845bd7aa484f91aa4cb3170053ffe 93012 admin optional ppp_2.4.6-3.1+deb8u1.debian.tar.xz 139c4697241ae175ea9bc8149cc2aa50 336908 admin optional ppp_2.4.6-3.1+deb8u1_amd64.deb 2dfffb56ae04ec37d3eecb62497c2dae 120280 debian-installer optional ppp-udeb_2.4.6-3.1+deb8u1_amd64.udeb 65735d9a232d1d9d6fa993fdda79c052 55148 devel extra ppp-dev_2.4.6-3.1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl5AIuFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hkhd0QAJctISyoG0piO5il69CGHj4wr+aA82hkWFer ixkz0tBBSAoMar7V0i7swBuR76WyQwbT2f7+l3sKpVPnWX7hml+965trO7OHoWTT qK76IssWloP2YpBpktaosHXDqIbm53EjxZYncYc9NLTOkRnCNn7IRimg95+3xoNd Dd6wjZWNjMZr7msz+C6K4T+blew/mQYv/3VvjeuuF+qohMQPhF1TUnRlIALaSJEM L3mGe4OJ1sVQTHdXDO2PEdPqIMoHpc9wvbC0kRkkz9qC77ChMzd0+ETAChadzbI7 Er1qcse5sKoP5jLIqKJkirbhv/82dyoIVoJHC+Ao0cne7XCJgEY4WrnX+YCv4kaC USyqY8a6Kz+j2i0Yr0d5SM+9lzdq8GO/vkhBAIRSlu81ELBEqJYLVreCndsm3uAp ozpZ0k6p1BIxdchnCAmBMuQg8XttNtIOxB/BiwLhMf1XQnUPiC5RNZMPEal4QC+t ScQ8ln6+O9YrR+HOB24HdGHtF3DOyrIeaZasL5Kg+yn7VTVWh82E16tekaDdzOI8 vwpT2LdYJ/mPgK4g+Q98fLJA80aZQasQFvyUI5XkqZUl0sJyHPtCVyqv7F0Z4xBV tqQFAKWMR1UGspm41J11sy/+cIIAMiC2fQ7wvjUjaQKX+ORS6AC5uZYVJl9Jqpcl 8qvWarkT =OIss -----END PGP SIGNATURE-----
