Accepted sympa 6.2.16~dfsg-3+deb9u5 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 Dec 2020 13:45:15 +0100
Source: sympa
Binary: sympa
Architecture: source
Version: 6.2.16~dfsg-3+deb9u5
Distribution: stretch-security
Urgency: high
Maintainer: Debian Sympa team <pkg-sympa-devel@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
sympa - Modern mailing list manager
Closes: 976020
Changes:
sympa (6.2.16~dfsg-3+deb9u5) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-29668: Sympa allows remote attackers to obtain full SOAP API
access by sending any arbitrary string (except one from an expired
cookie) as the cookie value to authenticateAndRun. (Closes: #976020)
Checksums-Sha1:
f0e6d550d00980cb494628f7c9060a3c417a987c 2160 sympa_6.2.16~dfsg-3+deb9u5.dsc
db33539a853ec97e4539232efa8898e2d606fce6 177632 sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz
d68a2770eaa0a4c401680270e3a655400dad97fa 7333 sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo
Checksums-Sha256:
52ce9742e18cae1f23fed192fc3f99d1e6f7d04ac5660181a4c242eacf120093 2160 sympa_6.2.16~dfsg-3+deb9u5.dsc
1411857e9ce3f6a88eed844020d27f503abec5ff20591054fa1bd4ef66d7063a 177632 sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz
6293bd963657f0f81e9834471cdd117858b354b80771b53554e8a16e8b01b3f7 7333 sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo
Files:
96f6074b26b2682937c14f6e43d081e3 2160 mail optional sympa_6.2.16~dfsg-3+deb9u5.dsc
5f78d29881b22da2eeb0d6acb9c6d9e7 177632 mail optional sympa_6.2.16~dfsg-3+deb9u5.debian.tar.xz
4cfad91a002acebf4d7a22db4a1c22a1 7333 mail optional sympa_6.2.16~dfsg-3+deb9u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/bXsIACgkQj/HLbo2J
BZ94CAf+PPNPKJJvZiEc4CUeGatKsf3Z++/HPnXqzLvrc8i64Aeu9MgySLUKUnua
2F2df2ADcnhaR2rg7vrJWweWcTj60Abp22BY5bXLBr1omQqaxaHVZh5VubdDPZGg
YLuzD2GeQSjo0l2lDQh9CYPUXeHjjXK7u49wMSg66bKKFPoGJpeKgn8VHpeRzM6V
30dvvFwZhi5OECSoLyp2jb0AwhGKGhHIieZ+kLjEur5Q8NufX0s8vvrQRvF0hseb
Pp56sIpYEOKkF0fX97KhN9XUUsSMfY+1qaF9SeymyUOFrTlMj/vmufJThgHrXrzk
pMNpxppu5HLqAvz21rdR0gA3Am0j0Q==
=12iF
-----END PGP SIGNATURE-----