-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Dec 2020 13:45:15 +0100 Source: sympa Binary: sympa Architecture: source Version: 6.2.16~dfsg-3+deb9u5 Distribution: stretch-security Urgency: high Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: sympa - Modern mailing list manager Closes: 976020 Changes: sympa (6.2.16~dfsg-3+deb9u5) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-29668: Sympa allows remote attackers to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun. (Closes: #976020) Checksums-Sha1: f0e6d550d00980cb494628f7c9060a3c417a987c 2160 sympa_6.2.16~dfsg-3+deb9u5.dsc db33539a853ec97e4539232efa8898e2d606fce6 177632 sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz d68a2770eaa0a4c401680270e3a655400dad97fa 7333 sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo Checksums-Sha256: 52ce9742e18cae1f23fed192fc3f99d1e6f7d04ac5660181a4c242eacf120093 2160 sympa_6.2.16~dfsg-3+deb9u5.dsc 1411857e9ce3f6a88eed844020d27f503abec5ff20591054fa1bd4ef66d7063a 177632 sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz 6293bd963657f0f81e9834471cdd117858b354b80771b53554e8a16e8b01b3f7 7333 sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo Files: 96f6074b26b2682937c14f6e43d081e3 2160 mail optional sympa_6.2.16~dfsg-3+deb9u5.dsc 5f78d29881b22da2eeb0d6acb9c6d9e7 177632 mail optional sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz 4cfad91a002acebf4d7a22db4a1c22a1 7333 mail optional sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/bXsIACgkQj/HLbo2J BZ94CAf+PPNPKJJvZiEc4CUeGatKsf3Z++/HPnXqzLvrc8i64Aeu9MgySLUKUnua 2F2df2ADcnhaR2rg7vrJWweWcTj60Abp22BY5bXLBr1omQqaxaHVZh5VubdDPZGg YLuzD2GeQSjo0l2lDQh9CYPUXeHjjXK7u49wMSg66bKKFPoGJpeKgn8VHpeRzM6V 30dvvFwZhi5OECSoLyp2jb0AwhGKGhHIieZ+kLjEur5Q8NufX0s8vvrQRvF0hseb Pp56sIpYEOKkF0fX97KhN9XUUsSMfY+1qaF9SeymyUOFrTlMj/vmufJThgHrXrzk pMNpxppu5HLqAvz21rdR0gA3Am0j0Q== =12iF -----END PGP SIGNATURE-----