-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 14 Jun 2026 12:25:46 +0200
Source: librabbitmq
Architecture: source
Version: 0.10.0-1+deb11u2
Distribution: bullseye-security
Urgency: medium
Maintainer: Michael Fladischer <fladi@debian.org>
Changed-By: Florian Ernst <florian@debian.org>
Changes:
librabbitmq (0.10.0-1+deb11u2) bullseye-security; urgency=medium
.
* [a97ae87] d/patches/CVE-2026-44235.patch: added from upstream.
Fix out-of-bounds read via undersized frames in amqp_handle_input
(GHSA-9mmv-r8g3-qp46, CVE-2026-44235)
* [926b831] d/patches/CVE-2026-44236.patch: added from upstream.
Fix client crash when server negotiates frame_max below the AMQP
protocol minimum (GHSA-jh48-qjf5-fx5v, CVE-2026-44236)
Checksums-Sha1:
fc2383dc5032403b77870a6d1be3367f5397d975 2114 librabbitmq_0.10.0-1+deb11u2.dsc
6e39256e23cbcddfd2290b4300afd239b710885b 145361 librabbitmq_0.10.0.orig.tar.gz
666b76ad34acdf5c1c7ccae91708cfc253b81933 12124 librabbitmq_0.10.0-1+deb11u2.debian.tar.xz
66125ce69b6a5789438f7755afe10802a568567f 5392 librabbitmq_0.10.0-1+deb11u2_source.buildinfo
Checksums-Sha256:
b4410d971ceb381b45127eb8f90bd7bb07f188c3388be29877417b5890ff5857 2114 librabbitmq_0.10.0-1+deb11u2.dsc
6455efbaebad8891c59f274a852b75b5cc51f4d669dfc78d2ae7e6cc97fcd8c0 145361 librabbitmq_0.10.0.orig.tar.gz
d9773545de191506f7eba4e27fa4d90c61cd0c98c814266ec6d92c265ccca0be 12124 librabbitmq_0.10.0-1+deb11u2.debian.tar.xz
130310396eab6140fec4526c857387ace99699a5f4ae54dad77379f2aaa7d9d2 5392 librabbitmq_0.10.0-1+deb11u2_source.buildinfo
Files:
1f3c124cd6919423b0f181b06b111ae7 2114 libs optional librabbitmq_0.10.0-1+deb11u2.dsc
6f09f0cb07cea221657a768bd9c7dff7 145361 libs optional librabbitmq_0.10.0.orig.tar.gz
cb180f56e5e1ba046e9b69ce950fdaf3 12124 libs optional librabbitmq_0.10.0-1+deb11u2.debian.tar.xz
f1b2eb2b22b3da8b7a9b6ba3934e08f9 5392 libs optional librabbitmq_0.10.0-1+deb11u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmpEEMgACgkQHpU+J9Qx
Hlin9Q//UJHw+ETVDb7E4NO9UlhFMS5emJeH3nRFYE0XlVeDyBBQ3bG2w8u0EDOo
rLogIXKE5NMyJLQVfAsXCWlP47wopqdizUv175Mu9N8ql+uTuTub77Cw6Y1seYli
NkU98cGDyPX6se14O/o00U0iVHHJOHy3o+ckk5vZjDnRdYB82n/yWpcqZqY+pV2g
B0DaOdwQW2GN0l6f8fGi2LLuvDhS1IpbA4THsaauuHvOTvG/9xo2mKYSoad8ReST
R93NEXrgoJ7qPKfkyfpJ1T48k9+aAnltVqKeia9/EKPHWqOjsNaKKgpeyX682Nfh
T09jd9xmqXjbbdi2THzrp0V6HV9wvyWllo3kp3duWrvGOgMIhuAvrCgkBGfrDrQg
4QzByB4EfqzxnE8JIgdnFmCklycWa4pdGWTMO87ofRnEkvUkc2LOCcvXjTss0rCF
m9mZYZMOgjZ+EttgHxFzoIMVPcSx6UCfBFcjTJb4rdMxzc8eibOMtghYHv93CIRk
2o38j5+fFRGp+x90kK/wZaGwwLgNMlXYCGJc3ws0E3A4WCxiEHooAz5F1B03elCg
pRRCvlU0+8opgkts4RYNyzQUmfEjLk2avpL2Clt1Gq+khEFHMZWP0YE7AOdFW282
Xzr2vHw+5MUcOS7voSAMp20p66ezMt4PSsEeggKWP7l8mCQ+1K8=
=qX79
-----END PGP SIGNATURE-----