Back to hylafax PTS page

Accepted hylafax 3:6.0.7-3.1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Jan 2021 13:00:13 +0000
Source: hylafax
Architecture: source
Version: 3:6.0.7-3.1
Distribution: unstable
Urgency: medium
Maintainer: Giuseppe Sacco <eppesuig@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 964198 978220
Changes:
 hylafax (3:6.0.7-3.1) unstable; urgency=medium
 .
   * NMU
   * Bug fix: "FTBFS: Incompatible TIFF Library.", thanks to Lucas Nussbaum
     (Closes: #978220).
   * Bug fix: "CVE-2020-15397 CVE-2020-15396", thanks to Moritz Muehlenhoff
     (Closes: #964198):
     - The faxsetup utility
       calls chown on files in user-owned directories.
       By winning a race, a local attacker could use
       this to escalate his privileges to root.
     - Scripts that execute binaries from directories
       writable by unprivileged users (e.g., locations under
       /var/spool/hylafax that are
       writable by the uucp account). This allows these users to
       execute code in the context of the user calling these binaries
       (often root).
Checksums-Sha1:
 8edb27e56eb715f6e8cc8df13e98c1c203449df2 2197 hylafax_6.0.7-3.1.dsc
 226a9908f11a8036e8a952a610ac44caa108abd5 66120 hylafax_6.0.7-3.1.debian.tar.xz
 5185043b64694a472244ef5ae3c4fa426f5191b3 7094 hylafax_6.0.7-3.1_source.buildinfo
Checksums-Sha256:
 4d40e1af063615325bdd81a6301dd1804eeeb8f9d99a1fa8ab9d9ee3c53d9eb5 2197 hylafax_6.0.7-3.1.dsc
 227d13881526c60b9bd1fcb00851cfcc30eab691f332a2b11f98b4eca4a0f75c 66120 hylafax_6.0.7-3.1.debian.tar.xz
 3fbfffe49bcf828a716463619a1b1765d12465c280a6c6d6ab1a89fb7f3c23d0 7094 hylafax_6.0.7-3.1_source.buildinfo
Files:
 4f956cd89a421346db0d3797dc1f6f92 2197 comm extra hylafax_6.0.7-3.1.dsc
 4f58362d0ffa6a47874eda776f16bcab 66120 comm extra hylafax_6.0.7-3.1.debian.tar.xz
 c4f878149b54de04bbd4b22c39baafe6 7094 comm extra hylafax_6.0.7-3.1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAl/+8J8ACgkQADoaLapB
CF/g6A/8Cr6YzOUhwxvscc4rWqRi3ZcJhDl+xCL8rcBO+15XOvQvTcswqm4ZAcg4
VtnXMJpw7poIAdNQfLq4fxhviCL2zVR8XVfs+IDMGktq2xiKPWjWlJzcsUeCO8Z2
avNgUtEeJ1XQ3TDF493xSG7PtligeW/QoteC1Qm6RLNe6CxqJB5rI0nGNyKlwhpB
B4BP0ABlOU/mZSj78x4cIXyOK182O7sFtgjr7utSyt24bnZojIPW02HMQjsJbnFO
S1si36HtNi4cbli6pprDRkD+pDob0KQMzzQHfriBPSELKtbAbIoJmbf32GiTFraJ
xb0I8qVeTA+0+Y4EauBCuW3Jg83BQrInsn7ACyOiz2HGWgQXm0C6pyK19pDSlRyO
NF27eKdFyeDB3Ed71WBgNyMtK3qdpH7eY3POaWMsQaZ6mRHwjRWPNVPPzSCPyLMh
8i0/2TQwjl5ePnDU9pp09Mecf0IYyWnC91R62PfNQShRlzvNbph83rtjmEOlBGqd
a4U5MEFUlfo9sq9+QNg/UrbtCEBzxbzQNEd/2H7DlnYjPtsh+i4zvIjP5lLNS62Z
94aS/yWx3Jl4CpGZ2w5Iuxu96O3T3xSKXrJG0NVz3CS2YNAB2IfI2Hi43AmkjtaD
t8JH8bTuqxxQ9dQ69GDvoOiIeAxMtYi5smU6T+Ne95pgdlY5AmY=
=DD2c
-----END PGP SIGNATURE-----