Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libntlm 1.4-3+deb8u1 (source amd64) into oldoldstable
Date: Sun, 10 May 2020 15:30:13 +0000
Signed by: Anton Gladky <gladk@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 10 May 2020 16:16:51 +0200
Source: libntlm
Binary: libntlm0-dev libntlm0
Architecture: source amd64
Version: 1.4-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian XMPP Maintainers <pkg-xmpp-devel@lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Description:
 libntlm0   - NTLM authentication library
 libntlm0-dev - Development files for the NTLM authentication library
Changes:
 libntlm (1.4-3+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix buffer overflow. CVE-2019-17455:
       Libntlm through 1.5 relies on a fixed buffer size for
       tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
       read and write operations, as demonstrated by a stack-based buffer
       over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted
       NTLM request.
   * Add regression test for CVE-2019-17455
Checksums-Sha1:
 48569c181d36f5fcff083c40251638543c03a40a 2083 libntlm_1.4-3+deb8u1.dsc
 b15c9ccbd3829154647b3f9d6594b1ffe4491b6f 568414 libntlm_1.4.orig.tar.gz
 aa4efaf5f436e9f5ace7aae3bd951c219903bd4e 28228 libntlm_1.4-3+deb8u1.debian.tar.xz
 9541812f1f3612cf0621728b2639a0534a841f1c 25854 libntlm0-dev_1.4-3+deb8u1_amd64.deb
 fa72bb57532bac1d3ab06220a05f67a4bedb4de0 21508 libntlm0_1.4-3+deb8u1_amd64.deb
Checksums-Sha256:
 e8215f71922d3c008b551bd9cdf0ba55ec5ea4016b42a1c7fe54dc552db0b15f 2083 libntlm_1.4-3+deb8u1.dsc
 8415d75e31d3135dc7062787eaf4119b984d50f86f0d004b964cdc18a3182589 568414 libntlm_1.4.orig.tar.gz
 bbd5892bbf585c34e8ff8ad332ae5e2a0b5e0a5bdac34f9e6d32e11bb1e07fa4 28228 libntlm_1.4-3+deb8u1.debian.tar.xz
 740589defad8662f2a5aba74921372224908e5d05521de1ccf85e36fdb20fb69 25854 libntlm0-dev_1.4-3+deb8u1_amd64.deb
 3c637d0eada32c8f1576c1e8090846610454e6a0653aede8e7258a3c1b8d3fbf 21508 libntlm0_1.4-3+deb8u1_amd64.deb
Files:
 8b8c78a5b194f256b284a4580d3503e2 2083 libs optional libntlm_1.4-3+deb8u1.dsc
 54793488450e9085c57e0d859ff3bc8c 568414 libs optional libntlm_1.4.orig.tar.gz
 a8498e0a371fea71e14a7cc9212e0a4f 28228 libs optional libntlm_1.4-3+deb8u1.debian.tar.xz
 ee225bb816888ff7c892a1171e99f61f 25854 libdevel optional libntlm0-dev_1.4-3+deb8u1_amd64.deb
 e365345b525b382c7425e69eca6cbfd2 21508 libs optional libntlm0_1.4-3+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl64FmgRHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wbmBQ//ROSekQ2FwJp6CUG9Rhrrr7A3wmF48mxO
KGs6u8S6TCWWGh20nquVFUTo6iVkdTNa+4rYC6c6cUOJik/xbQq7WzCYAHNRcmv9
IMAoiVLIpblLmpN2Vpyjbk/thE6yrsJ10k2DnOaeWJDQ4Y/RgCQ4kwEV0akaW3VK
1dGIg7tYufeG8+OztFhjdMOFZhDJEacHbr4E2jLa6h3yeU7luOerQfjI9+jRGIP1
mT3lwqTBHbLu1dp5dgkuH7J/158XCBVnYm/RqCoUFWz7Qf5eDm6PIRKylyswr0Yu
bFuAD6jx6iHnQwKjHdsXhasPSGS3zgt7AK7pOFnfowlvfweEBtoOoppb0LaCECCU
Xa5fWM+Ku0KWIqYIIaEv5jXbJHCC56UhPlZzs+UZqwr0WaHnlkmxCNuWRIkkLElC
NGcaWArcyVtvGNv39sT1eGnvaruEP2OnNrZgNP6ck+aTuldurs6h4copnsmW2BPM
zyoD5ewMxoki7kBP8RhsCcjXc7g5Q2C9EthpkuNNz7nMZ/EauxPOVa7W5MjgTuMm
HY8lNnUfVmpVgbN7GCsr9NNT2HCZlA3f55BQbcWWPiOzXcKNEBcRwAXIViqhuJhd
SDJMm7M4u7mSY4eJpBBC+mADZ6+k04c71Z98Oc/rKK4k4slh2rfQj6jY2wWidpLT
QvgAqPiiNWM=
=LITm
-----END PGP SIGNATURE-----
News for package libntlm
