-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: openafs Binary: openafs-client, openafs-fuse, openafs-kpasswd, openafs-fileserver, openafs-dbserver, openafs-doc, openafs-krb5, libkopenafs1, libafsauthent1, libafsrpc1, libopenafs-dev, openafs-modules-source, openafs-modules-dkms, libpam-openafs-kaserver, openafs-dbg Architecture: alpha amd64 arm armel armhf i386 ia64 powerpc powerpcspe ppc64 s390 s390x sparc lpia all Version: 1.6.9-2+deb8u3 Maintainer: Benjamin Kaduk <[email protected]> Uploaders: Russ Allbery <[email protected]>, Sam Hartman <[email protected]> Homepage: http://www.openafs.org/ Standards-Version: 3.9.5 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-k5-afs/openafs.git Vcs-Git: git://anonscm.debian.org/pkg-k5-afs/openafs.git Build-Depends: debhelper (>= 9), autoconf, automake, bison, comerr-dev, cpio, flex, hardening-wrapper, libfuse-dev, libkrb5-dev, libncurses5-dev, libpam0g-dev, libxml2-utils, perl, pkg-config Build-Depends-Indep: dblatex, dkms (>= 2.1.1.1), docbook-xsl, doxygen, xsltproc Package-List: libafsauthent1 deb libs optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,lpia,powerpc,ppc64,s390,s390x,sparc libafsrpc1 deb libs optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,lpia,powerpc,ppc64,s390,s390x,sparc libkopenafs1 deb libs optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,lpia,powerpc,ppc64,s390,s390x,sparc libopenafs-dev deb libdevel extra arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc libpam-openafs-kaserver deb admin extra arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-client deb net optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-dbg deb debug extra arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-dbserver deb net optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-doc deb doc optional arch=all openafs-fileserver deb net optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-fuse deb net extra arch=alpha,amd64,arm,armel,armhf,i386,ia64,lpia,powerpc,ppc64,s390,s390x,sparc openafs-kpasswd deb net extra arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-krb5 deb net optional arch=alpha,amd64,arm,armel,armhf,i386,ia64,powerpc,powerpcspe,ppc64,s390,s390x,sparc openafs-modules-dkms deb kernel extra arch=all openafs-modules-source deb kernel extra arch=all Checksums-Sha1: 8c9395f89ce04bbb047480c385b5635828d7bbd6 6631136 openafs_1.6.9.orig.tar.xz b82da18626d53f922316bccbd6570811fd27a568 140620 openafs_1.6.9-2+deb8u3.debian.tar.xz Checksums-Sha256: 509371a18cf6dee932cf0f58e871e6d4ddf50a05b41eaa635d990a200da39c0e 6631136 openafs_1.6.9.orig.tar.xz 85c7b7bdaddb7b85fc9ac5c0a5267f49ef6deb7034522119072e586cac3628b8 140620 openafs_1.6.9-2+deb8u3.debian.tar.xz Files: f55466b65486ef52fd22c1c0884acea3 6631136 openafs_1.6.9.orig.tar.xz 78ae9553d1e1ea411104b6bbbd722e3b 140620 openafs_1.6.9-2+deb8u3.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCgAGBQJVuhfaAAoJEBC+iYPz1Z1kQL4H/jW5HjLB2sAQGm3ss2v+RaFL CVQeXAaRbjqbLkZXMMzgafbyHlfDYoj35ErBIA1Qg5qrAHIJH4NUe4pPVDFNPBxb ExyFdUQojzHrJrI9sRSD6knQd5F3MhCmBJ89p/ctdEqtY9ER0JEjrzAH6RvBJ4hM YJW+yBtbzecazBp8mMK9SP5W+ROieeJI5g2sA+IflMJCcxV4RKLp6W7oNEkLPoJM 4wjda6/lOW8oy3wE8P+FxnkcB2zSXyDSLxaA4scf1FPAf0NpPCb1ta9Id+97eUEw 1xgNxuViVVO4ep8pWHRmar10GyxipsbKXUnSkOsEd5qenktOgtTlDxGeozyd6bo= =vVn+ -----END PGP SIGNATURE----- Changes: openafs (1.6.9-2+deb8u3) jessie-security; urgency=high * Apply upstream security patches from the 1.6.13 release (thanks to Benjamin Kaduk <[email protected]> for providing the patches): - OPENAFS-SA-2015-001 (CVE-2015-3282): vos leaks stack data onto the wire when creating vldb entries - OPENAFS-SA-2015-002 (CVE-2015-3283): bos commands can be spoofed, including some which alter server state - OPENAFS-SA-2015-003 (CVE-2015-3284): pioctls leak kernel memory contents - OPENAFS-SA-2015-004 (CVE-2015-3285): kernel pioctl support for OSD command parsing can trigger a panic - OPENAFS-SA-2015-006 (CVE-2015-3287): Buffer overflow in OpenAFS vlserver * The patch for OPENAFS-SA-2015-005 is not applied, since that vulnerability is limited to the Solaris kernel module -- Sebastien Delafond <[email protected]> Thu, 30 Jul 2015 11:53:25 +0200