[Pkg-utopia-maintainers] cockpit_287.1-0+deb12u3_source.changes ACCEPTED into proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Aug 7 06:32:31 BST 2024
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Jul 2024 06:15:50 +0200
Source: cockpit
Architecture: source
Version: 287.1-0+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: Utopia Maintenance Team <pkg-utopia-maintainers at lists.alioth.debian.org>
Changed-By: Martin Pitt <mpitt at debian.org>
Changes:
cockpit (287.1-0+deb12u3) bookworm; urgency=medium
.
* Add 0002-pam-ssh-add-Fix-insecure-killing-of-session-ssh-agen.patch:
Cockpit’s pam_ssh_add module had a vulnerability when user_readenv is
enabled in /etc/pam.d/cockpit (which is the default on Debian). This could
cause a Denial of Service if a locally-authenticated user crafted a
~/.pam_environment file: it would kill an arbitrary process on the
system with root privileges when logging out of a Cockpit session.
Patch cherry-picked from upstream (08965365ac311f906a5).
[CVE-2024-6126]
Checksums-Sha1:
f99e7ed0e5a7f5d6a0a89d14803c261ca5cc18b9 3048 cockpit_287.1-0+deb12u3.dsc
ea766ae831a83ec0b12c58df18d5574401083cca 22132 cockpit_287.1-0+deb12u3.debian.tar.xz
be5890f48a6fcc27165a60f2290c0cea9a50cb7d 6386 cockpit_287.1-0+deb12u3_source.buildinfo
Checksums-Sha256:
4b39e8ad3e57164304bf6a696b20e5d6bf98f1531959b3e5aabcf71d33bbfc09 3048 cockpit_287.1-0+deb12u3.dsc
af323152c74afb6992914c8896177319c27b67fab4a2b39e522067371450d2e5 22132 cockpit_287.1-0+deb12u3.debian.tar.xz
f0f75c701043179070401a7a31384a7191afee7c1154673a11d84e0b81be3683 6386 cockpit_287.1-0+deb12u3_source.buildinfo
Files:
3451794d3f8374482096051d9cc5bbc7 3048 admin optional cockpit_287.1-0+deb12u3.dsc
3cdcf132e913a82ba664e2c8154c202e 22132 admin optional cockpit_287.1-0+deb12u3.debian.tar.xz
8ff586a10a54305d9640d74e42700745 6386 admin optional cockpit_287.1-0+deb12u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEbEuHi35jHxYFV8PN7nvd5LhrVxMFAmaLjfUACgkQ7nvd5Lhr
VxNBJRAAjg7ilutBenkplE4wXwpDwv3B4F/etHPIV1ChLnRfZMQbd2Y+TofQ7qRB
hGn/ZY58+t6SExNg5zgOfMo+tcSWKXuOfU88c8kDgfwigWQaQwMdGfl66FEguT0L
2sM5VYj+9THaHfbU1aUPqKTPmn0U8eSNRRLh7jAytfFadPLXEBN6Dj4Z1apAwSvW
uFiNrnBK/IBxU7EF0f2RYSgjkV1Gpt5KZ3/SHn/YkUBdrHb/d/o1s2dt6ZrrsHmx
n4rvCJZAG95PZ0CLLjyxcgEpt3oastL0T5a4NMWSUS+7nSZ7P2MVdsIoAodhg1OI
Uz625SdxlpJx6lgB2JFU1XTJxggtfmqHQKdPavyCwWQc04bhQhWKJI7e7RhmxUut
um16OEl9g8KagmPArZeLKTX0Fwnov6r76oIlg9cLbxSnYH9KTQbCyMLkBbk7Sm3y
b4P7cBLbaZEfh6ArbwRB9eF+inwknfpxZvujAsS2wH0EIkvixU9ImjeB/ph6zq0g
M/yVkGGt+mTOgUxEw51Q7MF9CsbNrkq7fr9hn7JUNfGkX+arbc6eFmUf/KSpHoBD
cHdA0nT3J75rU0jPbSqz/bdY/A6JfqZGlYkbpwbKTkTZWYHn9GiaEdTfV57ctoa6
NuKuuoJCE+z3m2/OyCvbOnaL9Q+tx1me2stN7Xk14wR4C/dv03Q=
=u8kx
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-utopia-maintainers/attachments/20240807/e3511f78/attachment-0001.sig>
More information about the Pkg-utopia-maintainers
mailing list