[Pkg-auth-maintainers] libntlm_1.5-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Jul 9 20:32:09 BST 2020
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 May 2020 21:18:56 +0200
Source: libntlm
Architecture: source
Version: 1.5-1+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian Authentication Maintainers <pkg-auth-maintainers at lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk at debian.org>
Closes: 942145
Changes:
libntlm (1.5-1+deb10u1) buster; urgency=medium
.
* Non-maintainer upload
* Fix buffer overflow. CVE-2019-17455:
Libntlm through 1.5 relies on a fixed buffer size for
tSmbNtlmAuthRequest, tSmbNtlmAuthChallenge, and tSmbNtlmAuthResponse
read and write operations, as demonstrated by a stack-based buffer
over-read in buildSmbNtlmAuthRequest in smbutil.c for a crafted
NTLM request.
Closes: #942145
* Add regression test for CVE-2019-17455
Checksums-Sha1:
5aedf84bc904d30a4e89a9c9c07128e65d26ffd5 2279 libntlm_1.5-1+deb10u1.dsc
60dbb6c47c8a41d10f6cbbefa570944f362b7842 62220 libntlm_1.5-1+deb10u1.debian.tar.xz
d4978e0c8d418ed24903dbde59d25602bb67b49a 5634 libntlm_1.5-1+deb10u1_source.buildinfo
Checksums-Sha256:
0845c08eea8400b7f53c27051b21b5647af39565ccb17f70b91e401b51eb3af2 2279 libntlm_1.5-1+deb10u1.dsc
6f2a2d9790814488b7a7d65ff98384f58992fe7ef4d01de81d6f5ff947757a15 62220 libntlm_1.5-1+deb10u1.debian.tar.xz
25c99872a6a2171ed99619fb66c739d5317bc13994e3258676bffce8878f87a1 5634 libntlm_1.5-1+deb10u1_source.buildinfo
Files:
2537947dd84372bc51cda5d96b03f973 2279 libs optional libntlm_1.5-1+deb10u1.dsc
e369cdfb973fa86be0bc0ce36df20b75 62220 libs optional libntlm_1.5-1+deb10u1.debian.tar.xz
6fab559ac887becd29d91e1ecb7ab928 5634 libs optional libntlm_1.5-1+deb10u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl7/lVUACgkQ0+Fzg8+n
/wZ9TA//W+pNTOAvHZwrntd2ubv6iIl0Mj+pxW0nxU+LedlbKNBzRnaAHpMVtfA4
VjuI168ygiP8VAkje8r/Cdmit2udZjDnxtjeL1KXTI/i1yIalew48unPxAgxENPg
chZyMEYbO9B10B37ZjZcJISchyDjEi2brXwqJMGSQFKYLF5dRbfjLs7Q1CdU7Xmd
OnJQcIBdKLHIA/174tQiGFf0l9WZRkGPu3u5wUEhlWZKXTzGtR3W3cH3GySeOLrT
dbbQlBZq0uqPF2mn07JQNSXzEasUlvTcrpr00UjSIi+l2achnPBoKf0rJPuP39+l
lBwsLWn7OZ35SU0Ji9ahD8suQVGw1oB2m/bSBEZohJR+Ri3u+f0XKcIn6feIaTw5
xyr4JW3RSXflPw6TP2Li+XOvUrjgprtmG0zHivI6ncVuH9JeuHXx3lr0EEuOjOjN
mm0W3BkDW4lAftLKLVCb/TdfSEUQLSZPP/9tNvXidAyYbOFDFfUAXkkyFsdROyK1
eLM6Z7w9r5IGbAuq0pOb/dNdiqKlZbcxbv/lgVMfEKf74+l0seuY5IaTdy12P3BS
bC2+DdeOPnoDzCB+TGuO3YAAf61X0s/08X4EqZtX1z42Ip9nveOUlR2NdBW/gcfI
W6Docn9qn+bcWRuybDbrA/Qagu5e1Flkpxq2qGagoYadPJZRmzY=
=zpKq
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-auth-maintainers
mailing list