Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libplist 1.11-3+deb8u1 (source amd64 all) into oldoldstable
Date: Wed, 01 Apr 2020 22:50:19 +0000
Signed by: Dylan Aïssi <daissi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 02 Apr 2020 00:06:31 +0200
Source: libplist
Binary: libplist2 libplist++2 libplist-dev libplist++-dev libplist-dbg python-plist libplist-utils libplist-doc
Architecture: source amd64 all
Version: 1.11-3+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: gtkpod Maintainers <pkg-gtkpod-devel@lists.alioth.debian.org>
Changed-By: Dylan Aïssi <daissi@debian.org>
Description:
 libplist++-dev - Library for handling Apple binary and XML property lists
 libplist++2 - Library for handling Apple binary and XML property lists
 libplist-dbg - Library for handling Apple binary and XML property lists
 libplist-dev - Library for handling Apple binary and XML property lists
 libplist-doc - Library for handling Apple binary and XML property lists - docs
 libplist-utils - Apple property list converter
 libplist2  - Library for handling Apple binary and XML property lists
 python-plist - Library for handling Apple binary and XML property lists
Changes:
 libplist (1.11-3+deb8u1) jessie-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-5209: The base64decode function in base64.c allows attackers
      to obtain sensitive information from process memory or cause a denial
      of service (buffer over-read) via split encoded Apple Property List data.
   * CVE-2017-5545: The main function in plistutil.c allows attackers
      to obtain sensitive information from process memory or cause a denial of
      service (buffer over-read) via Apple Property List data that is too short.
   * CVE-2017-5834: The parse_dict_node function in bplist.c allows attackers
      to cause a denial of service (out-of-bounds heap read and crash) via a
      crafted file.
   * CVE-2017-5835: libplist allows attackers to cause a denial of service
      (large memory allocation and crash) via vectors involving an offset
      size of zero.
   * CVE-2017-6435, CVE-2017-6436: The parse_string_node function in bplist.c
      allows local users to cause a denial of service (memory corruption and
      memory allocation error) via a crafted plist file.
   * CVE-2017-6439: Heap-based buffer overflow in the parse_string_node function
      in bplist.c allows local users to cause a denial of service (out-of-bounds
      write) via a crafted plist file.
   * CVE-2017-7982: Integer overflow in the plist_from_bin function in bplist.c
      allows remote attackers to cause a denial of service (heap-based buffer
      over-read and application crash) via a crafted plist file.
Checksums-Sha1:
 c8f8b20642889501ce95883b261be11e219b1d9a 2495 libplist_1.11-3+deb8u1.dsc
 1a105757596131e3230382c21e06407090505427 355365 libplist_1.11.orig.tar.bz2
 560fd28fa13e18926266048f8a0e3129aded6110 13004 libplist_1.11-3+deb8u1.debian.tar.xz
 b66fc8a1c1aa82f9895ce1e2268de4ab5ed8aa0a 28308 libplist2_1.11-3+deb8u1_amd64.deb
 d713854042aa44f0d3f03b48ceabe3264c4d1a7d 26106 libplist++2_1.11-3+deb8u1_amd64.deb
 1b160ab1c0535a8fa10fc8e1dbcf9f707f19771e 10596 libplist-dev_1.11-3+deb8u1_amd64.deb
 61528ee976885de4ea8041fad3763d953929c580 9606 libplist++-dev_1.11-3+deb8u1_amd64.deb
 25c772aa07cd60ac0ccc3c4665e5fc3edf930b6a 351204 libplist-dbg_1.11-3+deb8u1_amd64.deb
 3284b6fbc7d953b69dc94b8cd516cc5221a9f156 58182 python-plist_1.11-3+deb8u1_amd64.deb
 4120b6ca0674b3fc8ad33741faaf21f4a0a88b6f 10404 libplist-utils_1.11-3+deb8u1_amd64.deb
 c0041252b9b09c01a7054e9ac61c9de77077de09 53158 libplist-doc_1.11-3+deb8u1_all.deb
Checksums-Sha256:
 24321bf55b6656fa86e6fcbdc81fe553b7bfe2a6029040dd6a1f01d19f16b0c8 2495 libplist_1.11-3+deb8u1.dsc
 28e1518eeea054f4eec9a1c93d9575d56193b290c53c1b753773a5e0add95235 355365 libplist_1.11.orig.tar.bz2
 ddb8bf2654f1c702c489b816c247c9b1d07b511dc60a7a333f523d84a51d533a 13004 libplist_1.11-3+deb8u1.debian.tar.xz
 7d73edaa3030fea53261d597ea3f9995a4be4c5427d49571634e80d61426e432 28308 libplist2_1.11-3+deb8u1_amd64.deb
 7aac916ccb80f4c56d91530670868402e97bfa4cc39a61a621060b2b097ebce0 26106 libplist++2_1.11-3+deb8u1_amd64.deb
 d8987b3d5132fbf6d0697a58e86ca680d3c5503cb8ef2bd3fff9ae6a266cded2 10596 libplist-dev_1.11-3+deb8u1_amd64.deb
 0c90798ccb735895394d4df6ce96034ccae974c91ba351d78368a2415505f640 9606 libplist++-dev_1.11-3+deb8u1_amd64.deb
 e1ff24b052eb0b5309340304e46fc8e8104777258d04617fef3129382f774836 351204 libplist-dbg_1.11-3+deb8u1_amd64.deb
 0b5ef096656cecf16d15993d78d176ca5ceff68338f388aa3271ab8555ba4ab3 58182 python-plist_1.11-3+deb8u1_amd64.deb
 141d0bb8d444a3c9d8f5f138de99e93068bd669530aa085d89833294d8f35a5b 10404 libplist-utils_1.11-3+deb8u1_amd64.deb
 65c3f55ff2b86a0fc7d281698761eeb55419d2fd045f1e834f29ae50f68158e3 53158 libplist-doc_1.11-3+deb8u1_all.deb
Files:
 5c8bee0858c1058d4f12a73892f2f297 2495 libs optional libplist_1.11-3+deb8u1.dsc
 82de65f38cb2f0a9fd0839679b46072b 355365 libs optional libplist_1.11.orig.tar.bz2
 86ab6a523a4711e7ac511f07497bc4ab 13004 libs optional libplist_1.11-3+deb8u1.debian.tar.xz
 67d76fc7f87c75d8a295ac5a18ced1e1 28308 libs optional libplist2_1.11-3+deb8u1_amd64.deb
 f72ff10fcf4a53470c877a49e8bf3f25 26106 libs optional libplist++2_1.11-3+deb8u1_amd64.deb
 8a449d7e186ab70fd9a018bfe03a5b66 10596 libdevel optional libplist-dev_1.11-3+deb8u1_amd64.deb
 aef4d1c48713670515ce1a4ad44503a4 9606 libdevel optional libplist++-dev_1.11-3+deb8u1_amd64.deb
 943cdbe5df2e0d630e4f3c6ae9a14165 351204 debug extra libplist-dbg_1.11-3+deb8u1_amd64.deb
 337cc9495ea0532ba94960a94db9a465 58182 python optional python-plist_1.11-3+deb8u1_amd64.deb
 7509a9e12579ad18c72fc2030edf3727 10404 utils optional libplist-utils_1.11-3+deb8u1_amd64.deb
 d551b078ff81a3a543cf26ab7654c0e5 53158 doc optional libplist-doc_1.11-3+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmjwHvQbeL0FugTpdYS7xYT4FD1QFAl6FE3sACgkQYS7xYT4F
D1Q1DRAAoY4b1f0K9lT5GmgqS3MSVZoE3DSEdqEgUPJUA4s4IJ4KE7WwpN9MH0GS
LC2bt9kn1h6UrH+UsUmyS1bH57pZ3BILk18kPvMdnHPK39jmYcXnUIFQ0hkHM44c
s2ioeGgngTdNoCdgKvtfvTk6OQ6m6KPTy1fWGtyxanXiTD/h0odbICTN84VofHTq
7qikpAOa4HyRtt2dxCYHvJsJEzqrzgYTyHZxoDewrxxnqno5D62jERJC0tnQ2Rvf
lNuzB5GxvlquL1Mxxw33qYE0nqbqkp/w9eNWwM+N5Lz86lHCNPGjFthG7MnZfcDJ
nAg6FNY4HGBWJXosK3h3fz2qASiXEI08GN2nZPAOmFB1XRd0I84xA7RRCJ0UStJQ
eNryZAj84pjwILAsAhT+oxBky8m6/ZhOLSVDvjfHXQ/Wco2yBGGR2xT4krKoGmTD
yLxtMRe2PyPDgHpjlrIUL9izUymVALEEQoGkv66gLzlC5aPMgHeOjr0R5NStsDk6
AiF0th87mHpxdHqSxeC7O/8ZB/tn9IXTmMqlZ7UHpm1fuGRe9EA7b26Hfc7X0g0h
S1JYgeCSiU9RE2vzQgzSRpJU5jhdYnppO2nZzHzwemssKmFqZljQTlYjYNk3S+se
T7SKQKIb6xl0yCkmf43u6rx8iyGwPNhiXDqjtV/CynA+9D5srv4=
=3ifj
-----END PGP SIGNATURE-----
News for package libplist
