Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted docker-registry 2.6.2~ds1-2+deb10u1 (source) into oldoldstable
Date: Wed, 28 Jun 2023 22:00:21 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 07 Jun 2023 19:44:21 +0000
Source: docker-registry
Architecture: source
Version: 2.6.2~ds1-2+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: pkg-go <pkg-go-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 1035956
Changes:
 docker-registry (2.6.2~ds1-2+deb10u1) buster-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2023-2253: A malicious user can submit an unreasonably
     large value for `n` in '/v2/_catalog' causing the allocation
     of a massive string array, possibly causing a denial of
     service through excessive use of memory (Closes: #1035956)
Checksums-Sha1:
 2685bb0e042c7b51bd3b1d2f6697ab9b7f66a69f 3097 docker-registry_2.6.2~ds1-2+deb10u1.dsc
 91b089dce68831ebf437b9cfe112570059fd6844 790081 docker-registry_2.6.2~ds1.orig.tar.gz
 d24b6687a2ac4a066ba305f0cea7d612f3c95ab4 14008 docker-registry_2.6.2~ds1-2+deb10u1.debian.tar.xz
 b227c6cac04a8ee1e8368615896ea98cd38f9bb9 14003 docker-registry_2.6.2~ds1-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
 8b7390f8ab3244244cd22c8eee80fe4defbca5b0545b72a4bec48faa1103964b 3097 docker-registry_2.6.2~ds1-2+deb10u1.dsc
 b537385de23b2415e771cb7cce05e2cdd4a156f4c55e89f89517ffac97d4c290 790081 docker-registry_2.6.2~ds1.orig.tar.gz
 06738040d53987d60bb68fec388f8d48b8896d5031d1e1744aea6a092627dc6a 14008 docker-registry_2.6.2~ds1-2+deb10u1.debian.tar.xz
 c3d5b95b1513385e541654d44db908427eb9d56f7d144fedf3297a0ce9cf3c37 14003 docker-registry_2.6.2~ds1-2+deb10u1_amd64.buildinfo
Files:
 2d97076cf27adaa3b14c850017328fb2 3097 utils optional docker-registry_2.6.2~ds1-2+deb10u1.dsc
 5c66820011fd960db828d51ae1461e97 790081 utils optional docker-registry_2.6.2~ds1.orig.tar.gz
 623ca2eef912cb0fbe4916b5eeae2276 14008 utils optional docker-registry_2.6.2~ds1-2+deb10u1.debian.tar.xz
 156d922ebbc7d3fff2b40e529fa6b4ea 14003 utils optional docker-registry_2.6.2~ds1-2+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmScqMwRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/UZhAAlEeWP1nmr9a2BibAwXQlK22sLPo8jJRG
G6q6smJ8wIqElxupT0j9LigHfo/DgoV48Hm9jonTAv0XcWD9LDD7TFJSogjZyhcT
NDe/qcbNaKYwQvf5SmwOPdL283bQv+OVjOaxZKWsW3aqKsWMVU5WxKRVsFi/m2tf
BoWabWx4r6EC5f1DhmQFg2s3WoimF62/BFo9THTtDq80xPPojDkbqzq9mFgRyso7
yGicSNZN3Tpr0ShPA3Q3ewkVINf+hEVg6GnIQTGpC6h89gLmq6fr1uC+jYMO44Wh
dSAXEhiJEPV8wwjvNZ8JzQQI0jApPHAWYK0SX0Ll7Ok/jKHj8VYotmWEf9NjwtMK
WUxdD8aivC02FsfP6JVclfNwP/7aLl75egS8cjA9pgolB12dJQkK9O2MNbPWy6V6
Uta61mhYMMXtaQQZnFDW0sXygocMAPcKxDoHvIObYnPs6/q7XyvoS0Rp33mXkem7
todq+l1aTNgv4rnc+lUJ2RfZupAlA/zWGnZ+1mN738fP+4EmEYFpRMKGVudwkrcU
LQ6MhFnBNMapiln5GOKl946KxZzdt5sKrcBbnI50C/1Y4C7mBf+z2qvOHLG6MCGw
NmEobLEJ4NSv2Lcq8KwVStfoltJ5bgqqR2hxQg0KmfnDV8//RLLHPq1MDxsG6HEl
t94hEojWYHk=
=9PFg
-----END PGP SIGNATURE-----

News for package docker-registry