Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted packagekit 1.1.5-2+deb9u2 (source) into oldstable
Date: Wed, 07 Oct 2020 18:30:12 +0000
Signed by: Roberto C. Sanchez <roberto@familiasanchez.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Oct 2020 14:16:11 -0400
Source: packagekit
Binary: packagekit packagekit-tools packagekit-docs libpackagekit-glib2-18 libpackagekit-glib2-dev gir1.2-packagekitglib-1.0 packagekit-gtk3-module gstreamer1.0-packagekit packagekit-command-not-found
Architecture: source
Version: 1.1.5-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Matthias Klumpp <mak@debian.org>
Changed-By: Roberto C. Sánchez <roberto@debian.org>
Description:
 gir1.2-packagekitglib-1.0 - GObject introspection data for the PackageKit GLib library
 gstreamer1.0-packagekit - GStreamer plugin to install codecs using PackageKit
 libpackagekit-glib2-18 - Library for accessing PackageKit using GLib
 libpackagekit-glib2-dev - Library for accessing PackageKit using GLib (development files)
 packagekit - Provides a package management service
 packagekit-command-not-found - Offer to install missing programs automatically
 packagekit-docs - Documentation for PackageKit
 packagekit-gtk3-module - Install fonts automatically using PackageKit
 packagekit-tools - Provides PackageKit command-line tools
Changes:
 packagekit (1.1.5-2+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2020-16121: PackageKit incorrectly handled certain methods.  A
     local local attacker could use this issue to learn the MIME type of any
     file on the system.
   * Fix CVE-2020-16122: PackageKit incorrectly handled local deb packages.
     A local user could possibly use this issue to install untrusted packages,
     contrary to expectations.
Checksums-Sha1:
 2dfcaaddff46ee1dc84c6a5cdc901883b4de4b98 3130 packagekit_1.1.5-2+deb9u2.dsc
 b7805e8ddd6cee697575afe0931f10ab2e09aed0 1418292 packagekit_1.1.5.orig.tar.xz
 f2e48222e510f6ae088f6661081fd58061480891 24212 packagekit_1.1.5-2+deb9u2.debian.tar.xz
 fef096216f272eb62d65f040be01e1e4603177bb 22657 packagekit_1.1.5-2+deb9u2_amd64.buildinfo
Checksums-Sha256:
 3932e4f50c3fbe6ea01445d8c3874a2435e19a112d1fb00ce472f9a8868d0baf 3130 packagekit_1.1.5-2+deb9u2.dsc
 50f448ced5b460bd79ba0c97e9fe080153eaeecad909eee108284e3f5fc7b70c 1418292 packagekit_1.1.5.orig.tar.xz
 91ffed2a5179459bac30d5a3679a9fa92b68de92b43f9489dab2cb01f24eb1d0 24212 packagekit_1.1.5-2+deb9u2.debian.tar.xz
 0b9af0e944e634af054c0b7cbe7f338d2ba85bc80fbbf041e10fa47425b6d110 22657 packagekit_1.1.5-2+deb9u2_amd64.buildinfo
Files:
 49dc38967c779622cdf0172d278d7efd 3130 admin optional packagekit_1.1.5-2+deb9u2.dsc
 5777afc107bab4ed55efb5e1bc312630 1418292 admin optional packagekit_1.1.5.orig.tar.xz
 48080713c418c2ebc9f33f2c1e4c02c5 24212 admin optional packagekit_1.1.5-2+deb9u2.debian.tar.xz
 ccc39bc151fb685d650e5a04d01f2268 22657 admin optional packagekit_1.1.5-2+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl9+CLsACgkQLNd4Xt2n
sg+loQ//bdPmmEFyFUGR64Ak+wTx6H99AX7I6FgjHOCXAJLLb3ebvLfbcTP5H5dh
kkbF20RKWl2pXqbmPGMsu9GZxsMpUEzILGa1IgaaNqQ1krCiqRfyBROCSFpdJKj9
SH2vxJLq7nRRhqdinM3ZJMU14mW/un7lYLTeIalQbUmTIamBKiv4SSGCwUgvRpg2
M2uc44So/6QpQwV4gkT53yyGbnAC55FnNq3Y4+ZGUewHxlWguL25Uy23YK5W3clR
eYpHmi08gDn4JjstOmzFM5QW+EnxRTBs9Ec2FWjwgNyszd919d4QCD3j7xCPqUQ+
9bveUOguPYp8lvLw7d0Kw9LmhAlIJw8q2/qWTMgH899Zti/kiiUtktIt6zbM9gkK
IhgzHMIrNesRkKF0MbHq5HjfyijLihQOJaE1YUi/9kEdpWtLyghDlCJKihj6ZyAh
TUe9d+j2SUZJ2LU525aMlgo9UtkTHIm4E5Ecoi/55wqb1MNpGiqRl1YidYuwNOni
Dpi/ldk7ZbuuAQ8sy812NHmR7w/BTulvHuou/FN/wRlgPuHpOmNGaD3GB23YdAjx
RAZPgVq/AazIxEjFBAs5BC72m8A2h3EDE6j16PJs+MtpVmVZDGH6MzE9Q36nicpD
bxqggIE32DEnfAs7vq3JhVQxUqWhDa1Wtia4C+i0MMiKaeVJXiw=
=0dxN
-----END PGP SIGNATURE-----
News for package packagekit
