-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 18 Sep 2021 23:59:55 +0200 Source: cfrpki Architecture: source Version: 1.3.0-1 Distribution: unstable Urgency: medium Maintainer: Marco d'Itri <md@linux.it> Changed-By: Marco d'Itri <md@linux.it> Closes: 994572 Changes: cfrpki (1.3.0-1) unstable; urgency=medium . * New upstream release. Fixes: + Prevent ROA issuers from making cfrpki emit an invalid VRP "MaxLength" value, hence causing RTR sessions to terminate. (CVE-2021-3761, Closes: #994572) Checksums-Sha1: 5d19885ad085319cedb5a6c41bf433ba52479c07 1670 cfrpki_1.3.0-1.dsc d74acdd1857c41bcaf07284e05b345760b6ff932 2065076 cfrpki_1.3.0.orig.tar.xz 1977f5cb1fba2e48fcc0ee614d955787e0a5e4f3 5192 cfrpki_1.3.0-1.debian.tar.xz cad6bb779f9ce453f22950d1ff75e46c6a996162 8852 cfrpki_1.3.0-1_amd64.buildinfo Checksums-Sha256: 9602ba1cce21afd6dd6d4679171689baf25f1f92d85b16c201e8b4c7ba168425 1670 cfrpki_1.3.0-1.dsc fba61b3a12cc24b6068b67ade787f8ae93574f8c261ec8e0210310747e9857f2 2065076 cfrpki_1.3.0.orig.tar.xz 96a0ebf4319d49e8b241e074d0231aba6327b4631d96d64122f174fd29eeff48 5192 cfrpki_1.3.0-1.debian.tar.xz a20ff103962bfac9c49114f625eaadd7d784242a5b2130529e4625b6929b9b87 8852 cfrpki_1.3.0-1_amd64.buildinfo Files: 3bf3c9f7b4c90ff59e36a8944fdfe2f6 1670 net optional cfrpki_1.3.0-1.dsc 42f004de4882ba40a895921daafeb623 2065076 net optional cfrpki_1.3.0.orig.tar.xz e0099512b83cd78f1102634983ebb784 5192 net optional cfrpki_1.3.0-1.debian.tar.xz 1963f5ba0aba67308f159e4102e4a050 8852 net optional cfrpki_1.3.0-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCYUZonQAKCRDLPsM64d7X gU0eAQDlFn/z/gbCaqcX6TnNhdSQq7B7s2jpWrXfA4icq5dH4gEAwt8rDxD0J76M Qe04AaCWvBhL5Hrl0qIncgLHYpnMPws= =BrXL -----END PGP SIGNATURE-----
