-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Mar 2018 09:37:01 +0100 Source: uwsgi Binary: uwsgi uwsgi-dbg uwsgi-core uwsgi-emperor uwsgi-plugins-all uwsgi-infrastructure-plugins uwsgi-app-integration-plugins uwsgi-plugin-alarm-curl uwsgi-plugin-alarm-xmpp uwsgi-plugin-curl-cron uwsgi-plugin-emperor-pg uwsgi-plugin-rados uwsgi-plugin-rbthreads uwsgi-plugin-fiber uwsgi-plugin-geoip uwsgi-plugin-graylog2 uwsgi-plugin-greenlet-python uwsgi-plugin-jvm-openjdk-7 uwsgi-plugin-jwsgi-openjdk-7 uwsgi-plugin-ldap uwsgi-plugin-lua5.1 uwsgi-plugin-lua5.2 uwsgi-plugin-luajit uwsgi-plugin-psgi uwsgi-plugin-python uwsgi-plugin-python3 uwsgi-plugin-rack-ruby2.1 uwsgi-plugin-router-access uwsgi-plugin-sqlite3 uwsgi-plugin-v8 uwsgi-plugin-php uwsgi-plugin-xslt libapache2-mod-proxy-uwsgi libapache2-mod-proxy-uwsgi-dbg libapache2-mod-uwsgi libapache2-mod-uwsgi-dbg libapache2-mod-ruwsgi libapache2-mod-ruwsgi-dbg python-uwsgidecorators python3-uwsgidecorators uwsgi-extra Architecture: all source Version: 2.0.7-1+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Janos Guljas <janos@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 889753 891639 Description: libapache2-mod-proxy-uwsgi - uwsgi proxy module for Apache2 (mod_uwsgi) libapache2-mod-proxy-uwsgi-dbg - debugging symbols for Apache2 mod_proxy_uwsgi libapache2-mod-ruwsgi - uwsgi module for Apache2 (mod_Ruwsgi) libapache2-mod-ruwsgi-dbg - debugging symbols for Apache2 mod_Ruwsgi libapache2-mod-uwsgi - uwsgi module for Apache2 (mod_uwsgi) libapache2-mod-uwsgi-dbg - debugging symbols for Apache2 mod_uwsgi python-uwsgidecorators - module of decorators for elegant access to uWSGI API (Python 2) python3-uwsgidecorators - module of decorators for elegant access to uWSGI API (Python 3) uwsgi - fast, self-healing application container server uwsgi-app-integration-plugins - plugins for integration of uWSGI and application uwsgi-core - fast, self-healing application container server (core) uwsgi-dbg - debugging symbols for uWSGI server and it's plugins uwsgi-emperor - fast, self-healing application container server (emperor scripts) uwsgi-extra - fast, self-healing application container server (extra files) uwsgi-infrastructure-plugins - infrastructure plugins for uWSGI uwsgi-plugin-alarm-curl - cURL alarm plugin for uWSGI uwsgi-plugin-alarm-xmpp - XMPP alarm plugin for uWSGI uwsgi-plugin-curl-cron - cron cURL plugin for uWSGI uwsgi-plugin-emperor-pg - Emperor PostgreSQL plugin for uWSGI uwsgi-plugin-fiber - Fiber plugin for uWSGI uwsgi-plugin-geoip - GeoIP plugin for uWSGI uwsgi-plugin-graylog2 - graylog2 plugin for uWSGI uwsgi-plugin-greenlet-python - greenlet plugin for uWSGI (Python 2) uwsgi-plugin-jvm-openjdk-7 - Java plugin for uWSGI (OpenJDK 7) uwsgi-plugin-jwsgi-openjdk-7 - JWSGI plugin for uWSGI (OpenJDK 7) uwsgi-plugin-ldap - LDAP plugin for uWSGI uwsgi-plugin-lua5.1 - Lua WSAPI plugin for uWSGI (Lua 5.1) uwsgi-plugin-lua5.2 - Lua WSAPI plugin for uWSGI (Lua 5.2) uwsgi-plugin-luajit - Lua WSAPI plugin for uWSGI (LuaJIT) uwsgi-plugin-php - PHP plugin for uWSGI uwsgi-plugin-psgi - Perl PSGI and Coro::AnyEvent plugins for uWSGI uwsgi-plugin-python - WSGI plugin for uWSGI (Python 2) uwsgi-plugin-python3 - WSGI plugin for uWSGI (Python 3) uwsgi-plugin-rack-ruby2.1 - Rack plugin for uWSGI (${uwsgi:RubyKind}) uwsgi-plugin-rados - Ceph/RADOS storage plugin for uWSGI uwsgi-plugin-rbthreads - Ruby native threads plugin for uWSGI (${uwsgi:RubyDefaultkind}) uwsgi-plugin-router-access - Access router plugin for uWSGI uwsgi-plugin-sqlite3 - SQLite 3 configurations plugin for uWSGI uwsgi-plugin-v8 - JavaScript V8 plugin for uWSGI uwsgi-plugin-xslt - XSLT request plugin for uWSGI uwsgi-plugins-all - all available plugins for uWSGI Changes: uwsgi (2.0.7-1+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Stack-based buffer overflow in uwsgi_expand_path function (CVE-2018-6758) (Closes: #889753) * enforce php default document_root behaviour, to not show external files (CVE-2018-7490) (Closes: #891639) Checksums-Sha1: 2202948e8f7896e5807af6e14ba99f14da9440c3 6460 uwsgi_2.0.7-1+deb8u2.dsc 0e9d1f881736674221d60a5dd5dfcbc25051d48b 772385 uwsgi_2.0.7.orig.tar.gz f9e205211a8338198a61d6674401b85f0203f019 43880 uwsgi_2.0.7-1+deb8u2.debian.tar.xz d1faf9977b12fe76605ac37612548d8a661f307f 24086 python-uwsgidecorators_2.0.7-1+deb8u2_all.deb 3ed8387fd5da00752da3d234e2162366fd57aaa7 24232 python3-uwsgidecorators_2.0.7-1+deb8u2_all.deb 061b57e93494ac65519088c2e3ed72743756c03c 38722 uwsgi-extra_2.0.7-1+deb8u2_all.deb Checksums-Sha256: d3778942a02468db6d9222eef43f789dfe32af6b71951afa865c2e0484887555 6460 uwsgi_2.0.7-1+deb8u2.dsc 2938464d0277909854f55951cf7d114e0616efbd8dd0295da7da99e944cbc72a 772385 uwsgi_2.0.7.orig.tar.gz 94bf1a313e42d641e2e4281fd5908618ddffae141a45345a09adba13f4ae327c 43880 uwsgi_2.0.7-1+deb8u2.debian.tar.xz 8ea69d10929ad0dab545df0cb58d9ec0ff1ad8b96e2af0a5e7606992f932e070 24086 python-uwsgidecorators_2.0.7-1+deb8u2_all.deb 5af80417b95cbcb8a1c6388b16c9526b4900e59642b26812292574fed9a148d4 24232 python3-uwsgidecorators_2.0.7-1+deb8u2_all.deb 97de3106672087332dc70013cb5892d40a9da061ac38ea47a54b11d5faf698d9 38722 uwsgi-extra_2.0.7-1+deb8u2_all.deb Files: 7432368f3243739171098119ae40e733 6460 web extra uwsgi_2.0.7-1+deb8u2.dsc c18da6536f2f47a204814225ba695042 772385 web extra uwsgi_2.0.7.orig.tar.gz 9b94bf2f6a31e9bddf7b55a7d0be7787 43880 web extra uwsgi_2.0.7-1+deb8u2.debian.tar.xz a0cff23a472f9ff01e6a64e8f174c550 24086 python extra python-uwsgidecorators_2.0.7-1+deb8u2_all.deb 8d123dd0b9f1d74ab5a92860e0cd8991 24232 python extra python3-uwsgidecorators_2.0.7-1+deb8u2_all.deb 70a95dddbc3cdc05e59712acaee62bf9 38722 web extra uwsgi-extra_2.0.7-1+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlqs1mxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EylIP/285QN0bP7zVylFqCiRmGacntQyJlqVQ 8Ha/WuJhOQaSirUwv4noyLLCyM+dmyZej7neYCvu45DiD5rbCAW9z2PApBkl6xHn AhTFNjryC5a1Dz5+v7igqaAb23DPsbuCvqYTw+HtojUZ2TAhlb49ep0CCW7Kfd4D hRTyYuBP9tvmCTdapm73UqJbVuuV1ZwPyt0wZchaQ0EtXudQSN3AVEc2JqpK2zy7 OQlBJAJdNr/1B7e0zREknS2uP4KEWinohEMKiBoerEvXYNftFGK0yOUBZzRuUxup ZAP8UUbF2ecZgD0kYlnFUnnA6WgxIEXlhno31flZng0CiDca6P1dKaV8V6hi5rmz /X/VCZwoeX4rtxM+9s8MTcRiJ47bKtwdCr4gw4XDoOlprHfqjGNYa6x5WpmOPVCr 8nLVHEBzoBhWH27BTsgqyAg16IM4TnBZTcMR9O/rf/KX8NovuBCMVEU5OnHeKJbb sur227s37x9qr68YFLpVToF4i9D0wPtjPBgwN1LExcYOHy9OlZ0LchJfgg+w64cq SJ5bzwwYhIwLeUHv9s2fVeVVjDeG0QatIH7Gkppbq+hLHSWSIPq7P2MiViIOZj4v jICNgt+aoBiYAMHbglrXxFHIeKxyRk0PyfX916BQgWXYSyZZSFQTwQ70HEPvzFPB TVcH1RIa8Smq =AUyC -----END PGP SIGNATURE-----