-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 24 Sep 2018 10:55:43 +0200 Source: glusterfs Binary: glusterfs-client glusterfs-server glusterfs-common Architecture: source amd64 Version: 4.1.5-1~bpo9+1 Distribution: stretch-backports Urgency: high Maintainer: Patrick Matthäi <pmatthaei@debian.org> Changed-By: Patrick Matthäi <pmatthaei@debian.org> Description: glusterfs-client - clustered file-system (client package) glusterfs-common - GlusterFS common libraries and translator modules glusterfs-server - clustered file-system (server package) Closes: 901968 909215 Changes: glusterfs (4.1.5-1~bpo9+1) stretch-backports; urgency=medium . * Rebuild for stretch-backports. . glusterfs (4.1.5-1) unstable; urgency=high . * New upstream release. . glusterfs (4.1.4-1) unstable; urgency=high . * New upstream release. - This release fixes multiple security issues: - CVE-2018-10904: Unsanitized file names in debug/io-stats translator can allow remote attackers to execute arbitrary code. - CVE-2018-10907: Stack-based buffer overflow in server-rpc-fops.c allows remote attackers to execute arbitrary code. - CVE-2018-10911: Improper deserialization in dict.c:dict_unserialize() can allow attackers to read arbitrary memory. - CVE-2018-10913: Information Exposure in posix_get_file_contents function in posix-helpers.c. - CVE-2018-10914: remote denial of service of gluster volumes via posix_get_file_contents function in posix-helpers.c. - CVE-2018-10923: I/O to arbitrary devices on storage server. - CVE-2018-10926: Device files can be created in arbitrary locations. - CVE-2018-10927: File status information leak and denial of service. - CVE-2018-10928: Improper resolution of symlinks allows for privilege escalation. - CVE-2018-10929: Arbitrary file creation on storage server allows for execution of arbitrary code. - CVE-2018-10930: Files can be renamed outside volume. Closes: #909215 * Remove extra documentation file from libdir. . glusterfs (4.1.3-1) unstable; urgency=medium . * New upstream release. * Bump Standards-Version to 4.2.1. * Adjust lintian overrides. . glusterfs (4.1.2-1) unstable; urgency=high . * New upstream release. - Fixes CVE-2018-10841: Access trusted peer group via remote-host command. Closes: #901968 - Drop patch 02-shell-syntax-error. - Install new gsyncd.conf file. * Merge 4.0.2-1~bpo9+1 changelog. * Remove trailing whitespace from debian/changelog. * Adjust lintian warnings. * Bump Standards-Version to 4.1.5. * Merge patch 03-spelling-errors into 01-spelling-error. * Adjust lintian overrides. * Correct patch 04-systemd-fixes. The documentation key is placed in the unit section now. Checksums-Sha1: fd777aa8841617b738501ce47c508af3c4649b7d 2185 glusterfs_4.1.5-1~bpo9+1.dsc 054beafc45576c041fc4c88bdd7f8f4e4a959b45 17728 glusterfs_4.1.5-1~bpo9+1.debian.tar.xz 315ce3af0d3bd9aea87f391a5b92d678fc1513ca 32720 glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb 0724a4f8bccaa934f9b165dafa9ef94f3e50a498 2360978 glusterfs-client_4.1.5-1~bpo9+1_amd64.deb 145336d7b42d4a8b71cde614f391b33fd66a4bd7 16360020 glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb d9a4ef1f35432e8bed325d348bfad93b449e2f5f 5653554 glusterfs-common_4.1.5-1~bpo9+1_amd64.deb 6a3bf7c4c65e8b4c00f7c6a33fb5e36c8065b077 661998 glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb 78676b040d6ec245df3406baf930596c2c3aeac1 2531366 glusterfs-server_4.1.5-1~bpo9+1_amd64.deb 5de5b45102073d89f275d24cb92ccc1a8b26e8f3 9839 glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo Checksums-Sha256: 4d175f157443a26ee6baad383bb6fd75600da0db532e487f6b6ddaed3939d82f 2185 glusterfs_4.1.5-1~bpo9+1.dsc 1ce4139e1d0df0b27e2d7fafc394a78616edd1ebc1168ba18efff1bf8e32873a 17728 glusterfs_4.1.5-1~bpo9+1.debian.tar.xz da6c518b9a37d3105f31f46fa2909767e8d57da89a925564ba68308211acc0f2 32720 glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb acde8aa2bb7812372865236224a92ac5af40bbbed5ecb0257392b2ad1e7cee27 2360978 glusterfs-client_4.1.5-1~bpo9+1_amd64.deb 67f5a8b96bd59f59fc2eb2dc61cafb8d84a88c0bea22916517891d8eb68700f5 16360020 glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb 4207eea8bbc0e32e9982876cb342e3c32e88847ce97e514bf8fe28cd441ecd80 5653554 glusterfs-common_4.1.5-1~bpo9+1_amd64.deb 40bd13b4e62ca8e50747627f3f700275299dfb7b00b239f19ffd85a444a1bc67 661998 glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb 71354d2d80a79b30cad6d683bb6685318616e48f779ec82904b6480ab7c9227d 2531366 glusterfs-server_4.1.5-1~bpo9+1_amd64.deb 661d99bf8c8d13697df2074387d118860728c27deb7f6833331330af2bca6b69 9839 glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo Files: ce5292991b4fdafc358535b131a852c5 2185 admin optional glusterfs_4.1.5-1~bpo9+1.dsc 95e978b90aa3039c239afd2e410c3544 17728 admin optional glusterfs_4.1.5-1~bpo9+1.debian.tar.xz 7483d2a2bc08a8cb8bea00cf0582e6a2 32720 debug extra glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb 048a4cce467ee2adab802313b1b58b38 2360978 admin optional glusterfs-client_4.1.5-1~bpo9+1_amd64.deb 9451f39780a0730ec81437f43a4a11eb 16360020 debug extra glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb a36ead6a5ba959dc3f406dd60b1d4b22 5653554 admin optional glusterfs-common_4.1.5-1~bpo9+1_amd64.deb 344ca1f60758e781b0f3aa1d231fba2d 661998 debug extra glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb 6bcbe67a5e585d78af9cbee593b18240 2531366 admin optional glusterfs-server_4.1.5-1~bpo9+1_amd64.deb 6260f049e42cf012a8a8cd678d30de97 9839 admin optional glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAluoqOEACgkQEtmwSpDL 2OR17g//Yv+p0CpqQQDXrjZsEDLVAzGfgcGTJrtNa/FTEHq1RoookHkt3qkJkaXe 6dt922mR3H58t1Oy3XzkHSdPexHRZqipPpQTyz7jSssDkF8doCRiP8NQ6vPMEbxo iZWE+VBgCXM9wD7lkfRvjmMO3jqBi8iLGs6M4advMs5V1PvkmhN8mR+l5+anXnvi 9S/fGUF9g+it+Ed2JX/hJDN6OMJKnDcFKPqm8qFRQ3alDtHYCbw+qGex34I9mxTI tLhs8R0PO5gW0yYv2FOjwioQLFl+M9iGVQtxJCWdpY6355h5BYbHFz8DZKsu5pkN YyUZZTfRyJJJDY0/j51Ko5++4quR2NB2fldA19iJIf4LKDgoFJ/jMSddkd2QTR65 JctggGZ1mFOc2zQMJMPf97fkVk9IstKecAWpAdTeDiVJGuvHXtVlSWtYt/cC93RL wOciOguB/6Jrh0tKyvwCk1uor4toyBmeSeHJmVdvRiU7pz+RI/yqU5OtZOC6IJBM UByAYWfyDHGKPC/Z9aO0mRzuZOb+4ynd8+XUp+SA4hAki3N6mKvqkdD+pYb7X1vz enGKnsn8fGcTmqQ6cpT6bgqLcufndb+m4mnZXGyZc+4t/KV0DT0XRDLMnggS33sT cZs3q666XZySmyv8FDB8JZwQyisf3zV02KtPW67H47K4gOCMTMQ= =aN4w -----END PGP SIGNATURE-----