Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted libntlm 1.5-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 09 Jul 2020 19:32:09 +0000
Signed by: Anton Gladky <gladk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 23 May 2020 21:18:56 +0200
Source: libntlm
Architecture: source
Version: 1.5-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Authentication Maintainers <pkg-auth-maintainers@lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Closes: 942145
Changes:
 libntlm (1.5-1+deb10u1) buster; urgency=medium
 .
   * Non-maintainer upload
   * Fix buffer overflow. CVE-2019-17455:
       Libntlm through 1.5 relies on a fixed buffer size for
       tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
       read and write operations, as demonstrated by a stack-based buffer
       over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted
       NTLM request.
       Closes: #942145
   * Add regression test for CVE-2019-17455
Checksums-Sha1:
 5aedf84bc904d30a4e89a9c9c07128e65d26ffd5 2279 libntlm_1.5-1+deb10u1.dsc
 60dbb6c47c8a41d10f6cbbefa570944f362b7842 62220 libntlm_1.5-1+deb10u1.debian.tar.xz
 d4978e0c8d418ed24903dbde59d25602bb67b49a 5634 libntlm_1.5-1+deb10u1_source.buildinfo
Checksums-Sha256:
 0845c08eea8400b7f53c27051b21b5647af39565ccb17f70b91e401b51eb3af2 2279 libntlm_1.5-1+deb10u1.dsc
 6f2a2d9790814488b7a7d65ff98384f58992fe7ef4d01de81d6f5ff947757a15 62220 libntlm_1.5-1+deb10u1.debian.tar.xz
 25c99872a6a2171ed99619fb66c739d5317bc13994e3258676bffce8878f87a1 5634 libntlm_1.5-1+deb10u1_source.buildinfo
Files:
 2537947dd84372bc51cda5d96b03f973 2279 libs optional libntlm_1.5-1+deb10u1.dsc
 e369cdfb973fa86be0bc0ce36df20b75 62220 libs optional libntlm_1.5-1+deb10u1.debian.tar.xz
 6fab559ac887becd29d91e1ecb7ab928 5634 libs optional libntlm_1.5-1+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl7/lVUACgkQ0+Fzg8+n
/wZ9TA//W+pNTOAvHZwrntd2ubv6iIl0Mj+pxW0nxU+LedlbKNBzRnaAHpMVtfA4
VjuI168ygiP8VAkje8r/Cdmit2udZjDnxtjeL1KXTI/i1yIalew48unPxAgxENPg
chZyMEYbO9B10B37ZjZcJISchyDjEi2brXwqJMGSQFKYLF5dRbfjLs7Q1CdU7Xmd
OnJQcIBdKLHIA/174tQiGFf0l9WZRkGPu3u5wUEhlWZKXTzGtR3W3cH3GySeOLrT
dbbQlBZq0uqPF2mn07JQNSXzEasUlvTcrpr00UjSIi+l2achnPBoKf0rJPuP39+l
lBwsLWn7OZ35SU0Ji9ahD8suQVGw1oB2m/bSBEZohJR+Ri3u+f0XKcIn6feIaTw5
xyr4JW3RSXflPw6TP2Li+XOvUrjgprtmG0zHivI6ncVuH9JeuHXx3lr0EEuOjOjN
mm0W3BkDW4lAftLKLVCb/TdfSEUQLSZPP/9tNvXidAyYbOFDFfUAXkkyFsdROyK1
eLM6Z7w9r5IGbAuq0pOb/dNdiqKlZbcxbv/lgVMfEKf74+l0seuY5IaTdy12P3BS
bC2+DdeOPnoDzCB+TGuO3YAAf61X0s/08X4EqZtX1z42Ip9nveOUlR2NdBW/gcfI
W6Docn9qn+bcWRuybDbrA/Qagu5e1Flkpxq2qGagoYadPJZRmzY=
=zpKq
-----END PGP SIGNATURE-----

News for package libntlm