-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 24 Sep 2020 19:03:02 +0200 Source: yaws Binary: yaws erlang-yaws erlang-yapp yaws-doc yaws-chat yaws-mail yaws-wiki yaws-yapp Architecture: source amd64 all Version: 2.0.4+dfsg-1+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: erlang-yapp - Erlang application for deploying Yaws webserver applications erlang-yaws - Erlang application which implements HTTP webserver yaws - High performance HTTP 1.1 webserver written in Erlang yaws-chat - Chat application for Yaws webserver yaws-doc - Documentation and examples for Yaws webserver yaws-mail - Webmail application for Yaws webserver yaws-wiki - Wiki application for Yaws webserver yaws-yapp - Provides an easy way to deploy applications for Yaws webserver Changes: yaws (2.0.4+dfsg-1+deb9u1) stretch-security; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2020-24379 Reject external resource requests in DAV in order to avoid XML External Entity (XXE) attackes. * CVE-2020-24916 Sanitize CGI executable in order to avoid command injection via CGI requests. Checksums-Sha1: e3068a06f47920dcbde01bbbd56e12cc48f0ebd0 2703 yaws_2.0.4+dfsg-1+deb9u1.dsc d651a0bd64bbea714a867a572d6e45d43b4ce1c7 1186072 yaws_2.0.4+dfsg.orig.tar.xz 5d918e29a8085526570cb40e8cbdf8616517e3e7 29384 yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz d3a719a05824b81f8a7902bf525578e1199a00f3 80328 erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb 4095028e1eedfe15080fb3bc6a1e2ae2890fbaf7 21240 erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb c1e07b1b121eaae1bbb5f6268ea9321e63643736 1203582 erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb b9661d577aa93fc88d6389c5d627c661e555ebe2 75452 yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb 286bbdbd8f3988866529d7f70583c1b61f6fb806 1015922 yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb bd6fa2d92c926885872288ea49ab4508b91b4606 166636 yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb a75240cb5679d154f8fcbff7b1c9d1db0a2c5388 201782 yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb 930a2f1b7d99e0efb1178f78edfdad591734a9d2 59234 yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb dfb57cba40b63fbdba762fca1ca0dc1761793c8d 89132 yaws_2.0.4+dfsg-1+deb9u1_all.deb 100d5c0fe046a1806b2f8ee306f9caff65ae1490 12043 yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo Checksums-Sha256: 26f44afaf669306a4cc63a758bc1ef71fa599a02ffac9ccaed0a3c95ec3733cc 2703 yaws_2.0.4+dfsg-1+deb9u1.dsc 6d6d2f71e0061529e9ac6dd2babf9a5c53e9ca266543d11c97cb1de427970a0e 1186072 yaws_2.0.4+dfsg.orig.tar.xz 39c953e502ca3be3f23f56f2395360fea9908a208c50fdbe7dedca4787fdae7e 29384 yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz 4c94c847988d59959ec37708ba6d22457de4192c5f65ba8dc2d1448352402185 80328 erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb 63f7998b6350c3c80a29d6c11f0ebc777f9c4ffb2c66511d854d6e5a28920022 21240 erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb 8757e5e7a1295e19918ab9f0a2138001a977fb831f6e4f6410082712c02d2135 1203582 erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb 6496b5efe01fc7a184d5463d7fbd3bf023b8d0f229228167c1e410d05990f3df 75452 yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb 7886c3c35fa7544b465bfe3ee6e24ee81a4f41bd904ff62c45886df9d510e050 1015922 yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb 93965df167c6e84aca45c8b3206123f16478493216b07e3dbbdd2a2d5fae1e40 166636 yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb bc34e26babfadde9444c3c3fb0fc5b3d7cc32e9e6cc495205335bd94705e27c8 201782 yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb 3cc8f8549719da2317c2b93b7e9d9c9b11da43b048f75c52ffc9abdc2eb62f3b 59234 yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb 19e95932ec24b0c2b50d9aadbb947953c58f8d25de10bd258bf5de70302685a9 89132 yaws_2.0.4+dfsg-1+deb9u1_all.deb 0ffa6517767617ba1889892cb0c6a71b1ec11d641061d2d4c6b9d2dc3b1ab806 12043 yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo Files: 451faa55b2f232abecc9eee0420cb588 2703 httpd optional yaws_2.0.4+dfsg-1+deb9u1.dsc c5dfeb58d918448b59971bc40aa6f538 1186072 httpd optional yaws_2.0.4+dfsg.orig.tar.xz c99abce2a9f99ac98284eeefd70e97af 29384 httpd optional yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz 0c907a258a742dd351ebd37ec613e799 80328 httpd optional erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb bdfd5127d0477535b1a3171229019873 21240 debug extra erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb dc0c870d4c568d1adbbfc7d301ff68ec 1203582 httpd optional erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb 7b04a379ee625a0928f0e1e9f74b32e7 75452 web optional yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb 2bee6288a7602a2ed9f64863cce69c06 1015922 doc optional yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb e1cee3d6c13e992d46fd85776d296388 166636 web optional yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb c8cfa1bba50b1a6decf7001551789e97 201782 web optional yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb c5876b5d5f5d628aa371318ae1fa89fe 59234 web optional yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb 111ccbeafb04a49ff6421d24fdfb508a 89132 httpd optional yaws_2.0.4+dfsg-1+deb9u1_all.deb f03345fe77d6e021da24c7941834eb1a 12043 httpd optional yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9vWzFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR7zGEACE1npvw+qQ/+QEeCpYBwJmA/olyUJT cBr4nbxDrU+whLXz2kfm655WuOkc/n9HpWq/EHwa4NFce1gp60aDZE9DtLfQ6Xfu wSnf5+mwGqDEw/2QOcvg6Ch0vAuGIZKt6pmfPl4FzrnGnDc873idbMGr5jiTBeSl cx9wzvl9eUEuxNUkyj3mBl4OZgz3/GQNvb2Di27FSjOGW+LIPKzyD9KvQ1+Ag0Xw XyK/xa62Y0+MSs/THZmWHX1skCXFloeS2maukkUtLgGFSABYRoBLPeXCh2eurFHe J5YnB18yK6b7xK7NVoGVTF75g87AvGjaFeoAoJ5XMvQsd4Qw+QvGOBycG7hWWUtM KDgIXPRabPVBK9aevcHCRVDBJFal0TOSSCV6zihOST5+JT2YdAr0GSWAGKR2zeEO VwLs3oWxyhmI4QP+icUKcIjsjr7z8oIXbLAZPFNTqj/q1Yw36GNeSWktUKqXakpM xiLahY+0UgjZ97MkKL5R7Fd/hIYPTWH+6DTmqnLuAmXAXQuBrFd52I6Z2WIuwm2x 6XFL8w4c2psKbO8scxu0NAC36nZCFwoDfAfG/7iIp6zxY3SMenLGXEzPKm6LR9LZ vCcjnH5rgq3cXSkyftZ+gGNDzkwPozsFf5YgJVKcdKundCpZ2gwc5f4hijy98yn2 F+WulrTUsYmkuw== =49ec -----END PGP SIGNATURE-----
