Accepted openafs 1.6.20-2+deb9u2 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 21 Sep 2018 21:06:09 +0200
Source: openafs
Binary: openafs-client openafs-fuse openafs-kpasswd openafs-fileserver openafs-dbserver openafs-doc openafs-krb5 libkopenafs1 libafsauthent1 libafsrpc1 libopenafs-dev openafs-modules-source openafs-modules-dkms libpam-openafs-kaserver
Architecture: source
Version: 1.6.20-2+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Benjamin Kaduk <kaduk@mit.edu>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 908616
Description:
libafsauthent1 - AFS distributed file system runtime library (authentication)
libafsrpc1 - AFS distributed file system runtime library (RPC layer)
libkopenafs1 - AFS distributed file system runtime library (PAGs)
libopenafs-dev - AFS distributed filesystem development libraries
libpam-openafs-kaserver - AFS distributed filesystem kaserver PAM module
openafs-client - AFS distributed filesystem client support
openafs-dbserver - AFS distributed filesystem database server
openafs-doc - AFS distributed filesystem documentation
openafs-fileserver - AFS distributed filesystem file server
openafs-fuse - AFS distributed file system experimental FUSE client
openafs-kpasswd - AFS distributed filesystem old password changing
openafs-krb5 - AFS distributed filesystem Kerberos 5 integration
openafs-modules-dkms - AFS distributed filesystem kernel module DKMS source
openafs-modules-source - AFS distributed filesystem kernel module source
Changes:
openafs (1.6.20-2+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Volume-level data replacement via unauthenticated butc connections
(CVE-2018-16947) (Closes: #908616)
* Information leakage from uninitialized RPC output variables
(CVE-2018-16948) (Closes: #908616)
* Denial of service due to excess resource consumption (CVE-2018-16949)
(Closes: #908616)
Checksums-Sha1:
72ddecd763724698e91bea1db332c7dde4c823dd 4049 openafs_1.6.20-2+deb9u2.dsc
440f93287c5eb88649532504a26b8d0fbea716ee 153260 openafs_1.6.20-2+deb9u2.debian.tar.xz
Checksums-Sha256:
9a5ddfecce5a6b2c5b7f849baa3d7cd634c6f4389b27cafb52106e533fbece44 4049 openafs_1.6.20-2+deb9u2.dsc
e43e6c8d589493de136a319731d425c51a01b981ca5ed44e9f36073d2e5a8b9a 153260 openafs_1.6.20-2+deb9u2.debian.tar.xz
Files:
c6e04c222acdece498c2bfb48c37509d 4049 net optional openafs_1.6.20-2+deb9u2.dsc
70b9b174205490105ffab0940ec2ad66 153260 net optional openafs_1.6.20-2+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlulSfVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E6S8P+QFT9YEKDwuKQ6AuIWVdUwbAonA9t5uo
UwXOYYw9mGk4A0E/DzHyGYOQwyGt/s8ufBy09qfIz+oiTH/yRzuebnJgwqAqveQK
vtBUcm4hXsikMrMrt6bAHEtNjXVgGRafeBswB6EXu2ZChS8M89vEYLKGS/uWlATk
S9FMhUkq7wiUSbDbhCalFJ3rKFHgU72G70CHHEK9hEU9ORsu0WscUhetdrT3MEHu
hAjAb3ADtPXQpxBsLTaM0WoTQmQOExLX8KuWpuvwa6RfUKhLvJ2bJUeYrt846m7B
h37NKNSZmEqwXE2thHOLTvVIUeuMR4O/34gQRJs9IGQMP91OOWZP3wvs/Fo3BBs6
/e7PVpqBaxKVtEv54M0hTnoE4ZBf7Zkzq7XxdB04VHqHo8AagKljzpO/5ud9r6Au
Q6LNz0jMNVBdMlTmXAE0birItCZbXuDiJD5KZsGAe+0/6BDLhVVvDCIB0f56SZvF
roGJfKvZZ8jPm4GvK4IdhXX0r1IRS8nG6NBqJb+B315tF4ntLmgCpFtKEFIh0Nf5
Igi0OAvMie28g7jMJgQohuhRKaYIA9nTAn0uYSTOAPaOYlt6i+yAW8gfptsm0IVq
/irDrwmk7vkpnbVJjbxYwIKUrujdJpHxQeUm0J3RRw131iP4pWlzzWHfcmsuBK/i
2RFn8Nh8KmcL
=okna
-----END PGP SIGNATURE-----