Accepted lava-server 2014.09.1-1+deb8u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Jun 2018 19:03:02 +0200
Source: lava-server
Binary: lava-server lava lava-dev lava-server-doc
Architecture: source all
Version: 2014.09.1-1+deb8u1
Distribution: jessie-security
Urgency: medium
Maintainer: Debian LAVA team <pkg-linaro-lava-devel@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
lava - Linaro Automated Validation Architecture metapackage
lava-dev - Linaro Automated Validation Architecture developer support
lava-server - Linaro Automated Validation Architecture server
lava-server-doc - Linaro Automated Validation Architecture documentation
Changes:
lava-server (2014.09.1-1+deb8u1) jessie-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-12564
Using the feature to add URLs in the submit page, a user might be
able to read any file on the server that is readable by lavaserver
and consists of valid yaml.
So with this patch the feature is disabled again.
Checksums-Sha1:
f25484d4bbb223ef01624e798f360bacdacae796 2594 lava-server_2014.09.1-1+deb8u1.dsc
54e6cee28dbfaaa30e350149a448479025cd0b45 7031042 lava-server_2014.09.1.orig.tar.gz
4274fd2a6e8b85ce057131debfd7e9bd11a3395e 29200 lava-server_2014.09.1-1+deb8u1.debian.tar.xz
a84db75236275c416d65944ac60c9f4ada82ad80 826674 lava-server_2014.09.1-1+deb8u1_all.deb
91db1f4090ca9044bf32fff38a9b89d60b98d2f0 7460 lava_2014.09.1-1+deb8u1_all.deb
63cf6c4ca2a92bc98963588e342a42775d58f43b 9802 lava-dev_2014.09.1-1+deb8u1_all.deb
d87c6bb1e625f980f39bef0b78e8322ba857fd05 5959056 lava-server-doc_2014.09.1-1+deb8u1_all.deb
Checksums-Sha256:
a3c47a7279258cb3ea4f277235e7e743524cacced91c6f97963aa61c07e7356f 2594 lava-server_2014.09.1-1+deb8u1.dsc
afcb585d3e48f05c4d0533c0a88b4916a46ea854a15250379030853258ff7edd 7031042 lava-server_2014.09.1.orig.tar.gz
0ef2d75cf9f12aa9333bcf148242343ab5de695bf1cb3ae2b635b2bcd452e761 29200 lava-server_2014.09.1-1+deb8u1.debian.tar.xz
4d6c0a8ec39da277839c5d93b51c502ce7764b3caa672c15904d351cd1d0a1cc 826674 lava-server_2014.09.1-1+deb8u1_all.deb
e3d51e98843fabb3e21c8ebc8b95c2b6f80452397cad60f91f90887000149419 7460 lava_2014.09.1-1+deb8u1_all.deb
ddc2242919cd719efeadb152e24643a04742ec2442deb6d2107a1cd03c8e6c4c 9802 lava-dev_2014.09.1-1+deb8u1_all.deb
ab725e4e7d1e397084a17abd896be8737aeb3453d90b4d8632e12655572b35e7 5959056 lava-server-doc_2014.09.1-1+deb8u1_all.deb
Files:
1bf19ddf560afbf5c562f52d4852aa74 2594 net optional lava-server_2014.09.1-1+deb8u1.dsc
b9099d7d8b12ffc0be07698fee9050d4 7031042 net optional lava-server_2014.09.1.orig.tar.gz
435ead1a22fac38542221a0176c105aa 29200 net optional lava-server_2014.09.1-1+deb8u1.debian.tar.xz
bdda539f7063efc5e3956010bca98d7a 826674 net optional lava-server_2014.09.1-1+deb8u1_all.deb
8f11b26e70ea4fa904f85a181009d8cf 7460 metapackages optional lava_2014.09.1-1+deb8u1_all.deb
321a13e3abd8d8494fd99c72184335b4 9802 devel optional lava-dev_2014.09.1-1+deb8u1_all.deb
2d447df9554c07202b72e395a261200e 5959056 doc optional lava-server-doc_2014.09.1-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAls1IBxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR0UeD/9oXL83QTwRVglPJqq0mYR9LhXFuuNq
lTbcgFvoPgutSQKUET3egryIkhDfHfOPI1fCSw1fK6weA0oxiHot8btM/XAQ3CxO
RkQ6SEqiUp/y/OiUzAX8m7bYC/Ed8//9uwjk+iP2ElmgIG3OM7duO7UMkph7dBRi
81WXLJY5afziqP0KL2SC35bLEjSto3U0J7wlVtvaxZSlMz4lqB06zI9PGEFdoNYv
72iLrO7BaXgIJV6SkqQ7Rj8a+9+hbTHPEZ8fXZRZodLxYfIff9iQWdsLYiUd7mAX
pybGNH8o/+bGo6x13KdbCx6PP9y4Rw+vtXgMCzQ8Z2h8iPuoP46M9XyghvxVu7uR
17YDm8ST0B/9RG1k7Q4UCuKPjP7k48Chg9/lLVXDDUibPAIrcqsHevUVYGqrrdCo
/KCaGzWF8xsfivDIktL9ZHzHDuiEOYbUeakhedn4+LkhnRB9kIeS/jRB8uaF2w81
rpLrRBxrvkt0215U/K70G1d/SdpQDMKArUO0dwdGuGOx+djchKAKbBIees8j2Bjr
ClDK3cfaV8sZwak/1g9yrwVtdyXSUaQBF93qfRQk/MUwc3xqEsqWFzchUYlF9xgS
7nyKGo0idHSzkqxXIEvPBPKGUxaWyyGeuTTYsTmaICt2HWpIJI0SKxgdG8Wm6mJF
s0J0MhIAyv2Png==
=v/F8
-----END PGP SIGNATURE-----