Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted cfrpki 1.4.2-1~deb11u1 (source) into stable-security->embargoed, stable-security
Date: Tue, 11 Jan 2022 21:51:05 +0000
Signed by: Marco d'Itri <md@linux.it>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 26 Dec 2021 14:38:26 +0100
Source: cfrpki
Architecture: source
Version: 1.4.2-1~deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Marco d'Itri <md@linux.it>
Changed-By: Marco d'Itri <md@linux.it>
Changes:
 cfrpki (1.4.2-1~deb11u1) bullseye-security; urgency=high
 .
   * Rebuild for bullseye-security. Fixes:
     - Certificate chain loop.
     - RRDP Gzip bomb (CVE-2021-43174 CVE-2021-3912).
     - RRDP Slowloris (CVE-2021-43173 CVE-2021-3909).
     - ROA with ASCII NUL char (CVE-2021-3910).
     - Malformed ROAs (CVE-2021-3911).
     - Repo contains 100GB of trash.
     - Dot-dot-slash path traversal (CVE-2021-3907).
     - Improper preservation of permissions (CVE-2021-3978).
Checksums-Sha1:
 e7d14c52722c7fd15ae93d07ab6c8bc4d46328fd 1748 cfrpki_1.4.2-1~deb11u1.dsc
 4b2662c7410b49e6c02b9eb8aa457ab5a66bcc72 2092264 cfrpki_1.4.2.orig.tar.xz
 64615487a84b29393491f4f9a1d067570c9aa746 5496 cfrpki_1.4.2-1~deb11u1.debian.tar.xz
 08abdf712d5d2fec0d35849d3b522d74863b0df2 8779 cfrpki_1.4.2-1~deb11u1_amd64.buildinfo
Checksums-Sha256:
 de2d0d2e6cee557f18457f4fb81dc074df5a158add7c23bfa5694bdb61c814c9 1748 cfrpki_1.4.2-1~deb11u1.dsc
 48d1ae5053afa81884ecfcba2bafa6b338304d7f41c97a4cf0a036d66c98eebd 2092264 cfrpki_1.4.2.orig.tar.xz
 2f2f98f435af0ec205166e2046addae8b773511cd6727332af19464ed50033f9 5496 cfrpki_1.4.2-1~deb11u1.debian.tar.xz
 b83d40466e696b26c16a2b08535607faa6bac91d5a40da4ac5c07a0b2c4b416a 8779 cfrpki_1.4.2-1~deb11u1_amd64.buildinfo
Files:
 06637fbb5c09878372708bf8b94ba183 1748 net optional cfrpki_1.4.2-1~deb11u1.dsc
 3e3c595b5fba7fad1036360e148b2f49 2092264 net optional cfrpki_1.4.2.orig.tar.xz
 cb66910f3862553f48a49f990eca3e60 5496 net optional cfrpki_1.4.2-1~deb11u1.debian.tar.xz
 f13e9e883ecd21c2d645b2673b25deeb 8779 net optional cfrpki_1.4.2-1~deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQQnKUXNg20437dCfobLPsM64d7XgQUCYciKMwAKCRDLPsM64d7X
gXNGAP9GWfGuPSDPba6AlpTKOeVeHagKi2stM6sd+zKqniPQNgD/b+qXgH6AQwnV
2ec8E/BJVqXrGrnhcZy4Vk1bAMdwEws=
=hzAv
-----END PGP SIGNATURE-----

News for package cfrpki