-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 24 Mar 2017 12:19:23 +0100 Source: cgiemail Binary: cgiemail Architecture: source amd64 Version: 1.6-37+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Anibal Monsalve Salazar <anibal@debian.org> Changed-By: Jonas Meurer <mejo@debian.org> Description: cgiemail - CGI Form-to-Mail converter Closes: 852031 Changes: cgiemail (1.6-37+deb7u1) wheezy-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix several security vulnerabilities: (Closes: #852031) * CVE-2017-5613: Format string injection vulnerability in cgiemail. * CVE-2017-5614: Open redirect vulnerability in cgiemail. * CVE-2017-5615: HTTP header injection vulnerability in cgiemail. * CVE-2017-5616: Reflected XSS vulnerability in cgiemail addendum. Checksums-Sha1: c7746bd6673e88513af478081c6c1cad964b673b 1741 cgiemail_1.6-37+deb7u1.dsc f44cd83a3de9f3e8828a7c0552b3bde8d2b863cb 33948 cgiemail_1.6.orig.tar.bz2 be11fe6d62263de259835ca0dc4aea555bfa2b36 29108 cgiemail_1.6-37+deb7u1.debian.tar.bz2 03b40f4cf213c49354670baf2ba2a7685699791f 50498 cgiemail_1.6-37+deb7u1_amd64.deb Checksums-Sha256: bfd566f95bff83542869329374e3d48d189ac0b9229f73a8941ca5857a218cbe 1741 cgiemail_1.6-37+deb7u1.dsc 63e317b13faa660d8f11680f4fb65f4958c695f79944efffe9dc7b58d846b5d5 33948 cgiemail_1.6.orig.tar.bz2 048d435d70320139f9765fc2814c7dc952650408e8e65206506d15e78da510d8 29108 cgiemail_1.6-37+deb7u1.debian.tar.bz2 791d6cf2528710b6e3218800fb2a5386dad07c0ed7e1af4c9e8f900768dda3d5 50498 cgiemail_1.6-37+deb7u1_amd64.deb Files: 159c53fba133fb9e06069e1cd0f3696b 1741 web optional cgiemail_1.6-37+deb7u1.dsc 45ffe878e5ba54344f62c00f2e1efff6 33948 web optional cgiemail_1.6.orig.tar.bz2 2b2f85375e3e46cc955037c22a781dc6 29108 web optional cgiemail_1.6-37+deb7u1.debian.tar.bz2 bf1c305fa3faaa69dbfe193d3ee6e8d4 50498 web optional cgiemail_1.6-37+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELIzSg9Pv30M4kOeDUmLn/0kQSf4FAljVBZ4ACgkQUmLn/0kQ Sf73MRAAthu8QA4PVdC+vbHHgY2sqYjkXrQfBuJyYWT9UteOs2zPnBIQsN8CR177 PNH20xyuD20cnWdHvSU2+DTl7Yikyp9gBGq6THKahXGEpukmgIewMx6+R22Zs7Kd faZ1u1ExfFKWkdvhAED7jR+pOpFZxqqwTHNj+s/7/DEvQFhqPVdtmts0TvdNWXin 5oTCKuGjew2AdxuuYb9X5SUI20Xq6QabIH+2yWeaA1+ehlJCSSML7s/xQ3fGxL8r 5//gZiKJFFuigX8ZUW5vhdpYRyy1yeKwegzPS5AWQ7rEZ1OFX8ImbGOI2F41dN6m er3P+nS0u/b7/LdG/V3IPgh0Jp0IWlNtiyaosdjrLYOTuy+o+K6xZhzf6yFbPmkt 6gxlLuIyRgVUKoR+HY5JDNg+R/PGLVfFyD91AIbKluAS0njvMfEHWsO1BFV1uA7S ANR4swu7QNgLG4L8JW6yq3eG7Q2AcNhoAVgLZv7zKxg2ijCapNdr1SZhdIzeDO2U U+BIXSbEn5T4RECHwAaxNKU6cpLPAuT7cX7EN9YEklwEHRQ55XWORi60r1nD2uWW H4kIeqZVOngCusBoZt/7iNVePfaYnXImT+W6ahMZvrY0t0jgk1McmMAAUXnzBPiV yN+35Nd9VRm6M3pdqnaYmdxMGBNf/K2N7byaMkTjK/krn0WV0uU= =W/Gv -----END PGP SIGNATURE-----