-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Jul 2018 19:48:38 +0200 Source: sympa Binary: sympa Architecture: source Version: 6.2.16~dfsg-3+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 863631 Description: sympa - Modern mailing list manager Changes: sympa (6.2.16~dfsg-3+deb9u1) stretch-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Salvatore Bonaccorso ] * Directory traversal vulnerability (CVE-2018-1000550) . [ Emmanuel Bouthenot ] * Fix shell function used to prefill debconf questions from Sympa configuration file in debian/config. Values reinjected to Sympa config file were false and led to serious configurations issues. (Closes: #863631) Checksums-Sha1: 2a96a78c1f5a46a2e358db3ab9b9bc193437f766 2660 sympa_6.2.16~dfsg-3+deb9u1.dsc 356132e8b2ae8cca3b715b4f59abe90b95ebd935 8908449 sympa_6.2.16~dfsg.orig.tar.gz 2b401769eacd9d46852257f833cf41938be4fd27 174380 sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz Checksums-Sha256: d43c27226f5e8c215525a85ebfe2569a7d1a3411f1feabe1f434379a96fa4c53 2660 sympa_6.2.16~dfsg-3+deb9u1.dsc 5ea891c64b448ea94354e3d0edb21a6c3aae4a3881cae75963ebf98e50106839 8908449 sympa_6.2.16~dfsg.orig.tar.gz 2184ecc4eb541b5950ccd452b085f21cbc24a7f108b5d0760f1f0d39595f4d62 174380 sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz Files: c755a43c59d2bb3d62acfe58472d083a 2660 mail optional sympa_6.2.16~dfsg-3+deb9u1.dsc 96ddbf2919894d5ada244be92e00c7cd 8908449 mail optional sympa_6.2.16~dfsg.orig.tar.gz dd94f2fd30a0bdff0b27f2d302cf4983 174380 mail optional sympa_6.2.16~dfsg-3+deb9u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltbXTZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETaMP/0bHEZ++RgKbcO4jlAIw5CkQYNT4p7DR hQL0WCsCBMnZL1sozaMVMhDzYZGvv2XcnT5sEzA+2B8XmdoXnMnxVegmdZzt28iw WgTPtofPlxY6P3G2U6/gLvpWQKf0adgZKy78/g6mR7FDGqxhReAfCzvtDfUl+39R KxsiT6AoNBNBcHUYX0DXwor3UvsgI+XymtBsJHIoCybUG5RuqQlc1HRrXxOteuqM gGPOXndF2Pk5KqJf/QU0EjO0vN/GvH2bKICijV4bTUTM4uadzZI89nGYbotzPprC iyM/jaByKvLpwqB4FF8vNCXfnHcTrXi4a6Pv3LsLYWf729KdEtQBqY8VDr3g4yg5 lwqe+c3a3P8Q4S4fEGNKcc8TNdF1BJZrdAJznyV2y21993xH3i5JSfmzCkMdPA6o IV/FrjMIK0xTk7itLYFSSoC3jjohH61eJvvpiPdvLR5FZ64IPKOJf2jLP9zw8O9u 9MNgu71BG3J5GYnmmhSdszJ7eBise1rv97Sny7luLFZ+Lft5RMy+4BKyoI1TEGF2 fEp5WQUdPGk17SVnmWG2kcquSy6cvLrRSzZ+0LgO3o862Ga7WGaeG3lMxr20MT+U 2xnrpHOckmimRm+yaP4W/jgQmQlMXgaU0TznDFZ4ya4f+iZmAqx1N2wMEDXpe9ve nA+Zf7A53Xab =Jnfx -----END PGP SIGNATURE-----