Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted needrestart 3.5-4+deb11u4 (source) into oldstable-security
Date: Tue, 19 Nov 2024 16:20:23 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Nov 2024 12:33:05 +0100
Source: needrestart
Architecture: source
Version: 3.5-4+deb11u4
Distribution: bullseye-security
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 needrestart (3.5-4+deb11u4) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address local privilege escalation vulnerabilities from any unprivileged
     user to root (CVE-2024-48990, CVE-2024-48992, CVE-2024-48991,
     CVE-2024-11003):
     - core: prevent race condition on /proc/$PID/exec evaluation
     - interp: do not set PYTHONPATH environment variable to prevent a LPE
     - interp: do not set RUBYLIB environment variable to prevent a LPE
     - interp: chdir into empty directory to prevent python parsing arbitrary
       files
     - interp: drop usage of Module::ScanDeps to prevent LPE
   * debian/control: Drop Depends on libmodule-scandeps-perl
Checksums-Sha1:
 0fbf01ea2cb573ddf23eafffc3a92cc4ae7b1333 1954 needrestart_3.5-4+deb11u4.dsc
 b4ded0313f657486da140975853eac831b2d9410 15012 needrestart_3.5-4+deb11u4.debian.tar.xz
 36fdfa273f8c4c9af859f38a8e3aba5d2a0492ec 6244 needrestart_3.5-4+deb11u4_source.buildinfo
Checksums-Sha256:
 50eea0535a190653ffa906ba03da7ddc54861ebcbf77c371c7970c941a3139be 1954 needrestart_3.5-4+deb11u4.dsc
 b9cad5f5937d694840b539dd92ce33fd81e5326368d4c851ed8b83d34b143bfb 15012 needrestart_3.5-4+deb11u4.debian.tar.xz
 58579fdcb23a7684dd206bab5eefb2d8c79a8bb86eaf7f54ca9055300a6717df 6244 needrestart_3.5-4+deb11u4_source.buildinfo
Files:
 9d3aab2070034e63580eb6dfc5b3bea1 1954 admin optional needrestart_3.5-4+deb11u4.dsc
 9873080b8477c7921b5bd46e8354c4f6 15012 admin optional needrestart_3.5-4+deb11u4.debian.tar.xz
 133d8577edf783bf16968131ae9c3e54 6244 admin optional needrestart_3.5-4+deb11u4_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc4xXJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E8pcQAI1bd6GyamvlociQMFFJixNGWsDTgSeM
J9ds4OOzBUkuDbcI8R0sv4OyP67c3LjmOb9kTAnFMIktVMi7dW1Wegmc8p/his3p
900JYSp5mxOOetfW2yxl8V5mE6ST1owLjsF5wZEwxXlS0HJXUKHvNF1izVMZbmZp
5h63Mey78lkzTgOUQOHXJKEKQsLjMr9FLK9nJrbZG8BhKyupjPoattwvw5Ymy18I
XxBUq0qi30ulrC2DWgtURwNQV/aX+if3liyFH6nrFIsCaMuw8eeYwnqS4j2i7ggo
VJUSL7Is8Vwijb6xMLb18zUSRqmZvc4EWRve2N9KqWuVtICyvmFi9Z7oGlUK7FRf
EsQBPcdUir1WJATOykbSQQdllIVKg+GGTx0E2wszI0e5K8r3DcL6NYvDhIxJtxAM
oi/UvnOQJY8gYSW2+qEL/JVG9fRex9Awkbwm2AoBsCdFTOeSjhVNG35Q1u9w/e1m
Wia+PVOubz5ZuJsfq7GZs2RvgG5DcvyfqRLwSABihUUYuDCjYHGk/nwBNuh9887Z
ehQN8Zhez9gCyYofoFwj4IhkchbEi/oZ2S45fPOHiNM07+17eqOC9uY7Drr/3U0o
eTU+frEyPUo1F103FdhnFUY9ubaq4re08+QHU49zjfLH0OS3dJ7Cczr9NqYEU3B1
PpI2Dw5BGQ/d
=SHqL
-----END PGP SIGNATURE-----

News for package needrestart