-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Format: 1.8 Date: Sat, 20 Jun 2020 03:19:39 -0400 Source: alpine Architecture: source Version: 2.23+dfsg1-1 Distribution: unstable Urgency: medium Maintainer: Asheesh Laroia <asheesh@asheesh.org> Changed-By: Unit 193 <unit193@debian.org> Closes: 956361 963179 Changes: alpine (2.23+dfsg1-1) unstable; urgency=medium . * New upstream version 2.23+dfsg1. - Security Bug: Alpine can be configured to start a secure connection using /tls on an insecure connection. However, if the connection is PREAUTH, Alpine will not upgrade the connection to a secure connection, because a client must not issue a STARTTLS to a server that supports it in authenticated state. This makes Alpine continue to use an insecure connection with the server, exposing user data. Reported by Damian Poddebniak and Fabian Ising from Münster University of Applied Sciences. Closes: #963179, CVE-2020-14929 - Attempt to fix a bug that breaks scrolling of a message in Alpine when the screen is resized. (Closes: #956361) * d/control, d/copyright: Update my email address. * d/control: - Bump DH compat to 13. - Drop versioned B-D on dpkg-dev, no longer needed. Checksums-Sha1: 419168a5d145ed78738fdc27e359302a474b71b1 2184 alpine_2.23+dfsg1-1.dsc d67ca12377a95366e10ee4c557d2e6a69a045999 4420640 alpine_2.23+dfsg1.orig.tar.xz 1e9db3b064bd593b6183e1dfecf08d6dd409ba6b 15496 alpine_2.23+dfsg1-1.debian.tar.xz 923b0c41fc933d510d3e3927f5cbd3540c6a7fbc 8204 alpine_2.23+dfsg1-1_amd64.buildinfo Checksums-Sha256: b77090d6d08b7581c74b923c08269bfbf0fbec4a5cdd9704382ca656eb8ac49f 2184 alpine_2.23+dfsg1-1.dsc b9799c9a11c9aaf3d0fd6dd0b4b1b57406f8da6d788a80ad90c2139fdbbccf81 4420640 alpine_2.23+dfsg1.orig.tar.xz a153bd6c4547cf3d8dc32d319a725cc1896a9f52887e18e38d7958b72abdbc33 15496 alpine_2.23+dfsg1-1.debian.tar.xz 876f05c4bff5a95bbf928c71cdd6d42f950287e5927b36b2ca27af4909325b44 8204 alpine_2.23+dfsg1-1_amd64.buildinfo Files: 77ec57d34b78408842d9de29815ce61e 2184 mail optional alpine_2.23+dfsg1-1.dsc 49278e7c023811e8c3f630909ff58e0f 4420640 mail optional alpine_2.23+dfsg1.orig.tar.xz 6b6556d01eeffc249222680c20d2d17e 15496 mail optional alpine_2.23+dfsg1-1.debian.tar.xz 0122834fd001cc03987cc37ba05a995a 8204 mail optional alpine_2.23+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCQAdFiEEjbPlhoZdK0orGFpcUAHhsJqjdEsFAl7tuf4ACgkQUAHhsJqj dEtPMQ/6A9f8d6RivNAVIK3tLsUGYhBP2KSIUs4uHXbr6lVLmG3FMp+U+jeuhuQ/ tfgNaDJ87MZZgnyPBghIhUm/EjEqpgX8SNvKu4w3GnN9TcVZ+nM7nQJ2wHK39gz/ 6FpCKqmbC7Y/NXaG7w0dlhjKATuYGpRABYdZDfUK3nhCxEb+iJqYewDbsh2t3b/R rFN+pOPAZ7Gkc21/GnusDGr3w6FN2m//oon7DNQP4hkZqnu2dJYwRVfAdULLbZdh HicqBtbOUOrq0Pc2RiDMS9bAJJDMazSIyKF2r90F6wTFP+SGgxo/ey1a9Mj0WtDd iMc/v0kr2WlRyZdIbOI/Blp86L7eNwYGiKpXSI0b+9vKiYnmN+pSZCN/5mJtzw8Q ahDnzCPYBR2+0h2eMKAazTIjDJvFkFHlGDUE4sCHzbsl/GBK2ILB2AeYrFm0z7LR g8eSPLdjKNJ3oMqLYVjXdMgx1qEzE5hN+9kTEgk5RS5JpTeJqa1RbtadN2UEJB/U jdpZ3Dydoe53xJicj4JYtG6jIoGOvXk1bwcydq8xilPYD3WbKl/igjY9Jl6auw0Y PGL63+aiekWHyd6mNm664erQ2PfIIyJsgSAYwyItonSCjb/FIjqiB4OG8YHxBy8M flJNJvZWPikxOYeQ52pSmvasGtiX9Osi1ArxShpDCEGCgbCEeps= =xtt2 -----END PGP SIGNATURE-----