Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted mbedtls 2.16.9-0~deb10u1 (source) into oldstable
Date: Sun, 25 Dec 2022 23:00:22 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Dec 2022 23:43:33 CET
Source: mbedtls
Architecture: source
Version: 2.16.9-0~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: James Cowgill <jcowgill@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 e3e31cdc4ae691e711f16ae45b6e4eacbc67291b 2400 mbedtls_2.16.9-0~deb10u1.dsc
 696b997ff8d97f1ec2b502fa8446cf40000e9d5e 2668292 mbedtls_2.16.9.orig.tar.gz
 95ea88df7fe807404f498adf9267d6dc34461258 19072 mbedtls_2.16.9-0~deb10u1.debian.tar.xz
 3d843d3006cb162b0e7b8a87da3f8545d0870354 10998 mbedtls_2.16.9-0~deb10u1_amd64.buildinfo
Checksums-Sha256:
 678e0879d1854d46e194b64c00ec71cb68cc92d5dc7212ac27c80788dcb984d5 2400 mbedtls_2.16.9-0~deb10u1.dsc
 fc17ff7d8c11d08f23ae2800a18269408ad2c24ea6bb8b9363e41a01c2425697 2668292 mbedtls_2.16.9.orig.tar.gz
 2006cbc7118c68688fe14ccc15672fd5b6b3538a9b81f906f30607a597e95346 19072 mbedtls_2.16.9-0~deb10u1.debian.tar.xz
 8c37eb68ccb94b8760a22bfb78f39f819014f1939d1847ed1640fae4e28f2be4 10998 mbedtls_2.16.9-0~deb10u1_amd64.buildinfo
Changes:
 mbedtls (2.16.9-0~deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2019-16910, CVE-2019-18222, CVE-2020-10932, CVE-2020-10941,
     CVE-2020-16150, CVE-2020-36421, CVE-2020-36422, CVE-2020-36423,
     CVE-2020-36424, CVE-2020-36425, CVE-2020-36426, CVE-2020-36475,
     CVE-2020-36476, CVE-2020-36478, CVE-2021-24119, CVE-2021-43666,
     CVE-2021-44732, CVE-2022-35409.
     Multiple security vulnerabilities have been discovered in mbedtls,
     a lightweight crypto and SSL/TLS library, which may allow attackers to
     obtain sensitive information like the RSA private key or cause a
     denial of service (application or server crash).
Files:
 b81e4775bb422b82d3463cd5115939c0 2400 libs optional mbedtls_2.16.9-0~deb10u1.dsc
 82ae1332c2e9e917be6eb8e1ed27ecbc 2668292 libs optional mbedtls_2.16.9.orig.tar.gz
 099679cefd86b2c18f1f7e2410b8f0d2 19072 libs optional mbedtls_2.16.9-0~deb10u1.debian.tar.xz
 fbe0663945621fa04a0ab4a28059ff3c 10998 libs optional mbedtls_2.16.9-0~deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmOo0nVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hkvj8QAJksYBLfSpecWu5nsaxQcRNNqChpB7yTI9RH
Lewk937hKGZ16g2bAjXTB8igYc6Z7jaPRc2qHGxoiHbFTozKhEY5U8xZumNr9SpF
lwFAKO1mwDWl42j+pXIXPRmMPqGtvoSaqH/ePO+rwCtqRfVnXzj7wCNBuBf27xdq
L6O2gqqcrYzAiLUPQkQT67iu63BR7H8GnP0KpqFKsUTPBhpKDD2K7bFVjQSjjVnO
Wb4s0PpNyrvdl2rJ5nsBvjb6qhsg6w4pXloK9uq6mEh8GME+/b6HsSe+njE1ANHL
kFlgvbVm17sPN6x6COuLJsmdPL6Ov9YQgBtYpVBu9dGGDLmEPf9G9d69lULeLxXn
j/HUuaR7cooA9L5JLSO1z0F55t5dcDAG+bmXpr6AOOQttoteBqYgQD2BmVeLNScc
MOy9MfVVmDWJEC8ov72zR1Qnzqf8VKE4bzjzQrbUr2mFzxqak8585YTgab3fZ0iu
6wxXRE3KdU8fzbVjnShQr2TxjPioTY9ZCYu9JFqg6/FxyOv1hXWPhTGpRBKDRn7W
r5yYooIYOSXXf7fkGBpE5oJs13pSqTVsJIY9w+yU18mdDcqX7iIsqeml63nL8Ce0
41ulLzclIJmR5k98flUPfb1udMxP94tHJcIh0CfceZEZvn+x8Rfn8zqh7HuV7yht
YIFEyUVM
=1j7X
-----END PGP SIGNATURE-----
News for package mbedtls
