-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Feb 2021 20:36:53 +0100 Source: libzstd Architecture: source Version: 1.3.8+dfsg-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Med Packaging Team <debian-med-packaging@lists.alioth.debian.org> Changed-By: Étienne Mollier <etienne.mollier@mailoo.org> Closes: 981404 Changes: libzstd (1.3.8+dfsg-3+deb10u1) buster-security; urgency=high . * Team upload. * When a file with restricted permissions is compressed, the resulting file inherits the umask of the user for the time of the compression. This will usually lead to surprising and too relaxed permissions. This update adds fix-file-permissions-on-compression.patch to make sure the compressed file is not group or world readable for the duration of the compression. Closes: #981404 Checksums-Sha1: 909d33d6118457384ba8e90fe7b319ed70f58706 2292 libzstd_1.3.8+dfsg-3+deb10u1.dsc 4283d7fd3abb54208784456b8883c4c90d760940 1299276 libzstd_1.3.8+dfsg.orig.tar.xz 4ebdb2e9974bd2945008da1a3bc6d8fc1e0ca4bc 10864 libzstd_1.3.8+dfsg-3+deb10u1.debian.tar.xz 7fefa795f057209c4624f79555b2e960f9b52311 7563 libzstd_1.3.8+dfsg-3+deb10u1_amd64.buildinfo Checksums-Sha256: 6ce2a1aafcde927492ac01e89488dc1640fc1dab8be8ded1947b3c06a421d98c 2292 libzstd_1.3.8+dfsg-3+deb10u1.dsc 03851f2c26ffbf1d43633df3f98966f3c62e698e91ef4dc90523915bc934e5f7 1299276 libzstd_1.3.8+dfsg.orig.tar.xz 0109ff8e2b23662da58fe018959844c264985345a9b03bdb2213b760de87611b 10864 libzstd_1.3.8+dfsg-3+deb10u1.debian.tar.xz 32ffe444a0584d9622510c11222e27f9dad7b0c4bc4436eb83917ea1b2e6bea4 7563 libzstd_1.3.8+dfsg-3+deb10u1_amd64.buildinfo Files: 83019be1592cf47a45a3b206c96a776a 2292 libs optional libzstd_1.3.8+dfsg-3+deb10u1.dsc be6c01a65c48b62e151dd0972a36e995 1299276 libs optional libzstd_1.3.8+dfsg.orig.tar.xz aa6dfd0f7bcf8b7bee01613540800fe1 10864 libs optional libzstd_1.3.8+dfsg-3+deb10u1.debian.tar.xz bc263ca409b530dcf48154928f71690b 7563 libs optional libzstd_1.3.8+dfsg-3+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEsaUesned0BdDzBm6HPeSERtSKLAFAmAhotsACgkQHPeSERtS KLBNnQ//eMzoHIEaIcfFb7KrxETltbOTWnXG5ml6CjV/gIrtGe+aLshUJTa8Uek9 ABaVXd1ij9yh81f6Hx1MsKYk66EbYz33TVV3UwjTgDjysKqH9g2SgZ6Gm3Wb1EQE NOAu0BNTTtdw6KPI7Rn3URMR6Ab6rnu93OXOo8uL8f0lqVhWqnu8Vvw+pBoVBnT5 SH4Q98GdIjxitKvBIuTKGcqCgV25lUb+Ccg6QmkWDrRRL/ESxGrC4cj487aoVLem v2WxQpQlyOrI7/SMsG24Tf1Bp+wMCiDptiv/LVkJOQF3YtQWtAv+EUNQDAg3+OAv H/Z3qq+qIGx6+yS/yAPPd8CchZVMAG6Gi/25PniwJ9/BPjIXBUL3vj8DabyoEJyN cWkd+SavLPjPtkvPZCdA1NqK0V0UtMp0/ET111pTfdGXxdKxLhrL1IOHyymH4FZ6 +aqNbc90fophz8+DtjxvWPN7MH+llrako1TS3tvuJuGOQdjLtjE1zowo10KTDeJd D8lI8eRQ6bD+CdlUC6o2RJ5lWh2oiRaOx1wDSHdGij4jYDxtuVV3C7HlT0tFyYiP p2HZe+fz0ekMTTjJkJjoqsGw80n6yM6UocMfDphnqrPlNAR9GcEUFXy8eeny3i4v H3CZSV6OfaxSK7N/KCCqPWDKj9VScGC5R4wp4CqIiTmByxapXdY= =9+fx -----END PGP SIGNATURE-----