Back to sympa PTS page

Accepted sympa 6.2.40~dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted sympa 6.2.40~dfsg-1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 28 Dec 2020 13:53:39 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ktsxv-000Apb-43@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 10 Dec 2020 14:39:54 +0100
Source: sympa
Architecture: source
Version: 6.2.40~dfsg-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Sympa team <sympa@packages.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 952428 961491 971904 976020
Changes:
 sympa (6.2.40~dfsg-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * CVE-2020-10936: Sympa allows privilege escalation through setuid
     wrappers. (Closes: #961491)
   * CVE-2020-26932: restrict access to sympa_newaliases-wrapper (setuid
     root) to group sympa. (Closes: #971904)
   * Ask the user whether they want/need sympa_newaliases-wrapper to
     be setuid root (CVE-2020-26880 mitigation).
   * CVE-2020-9369: prevents creation of temporary files and email
     notifications to listmasters when encountering malformed input
     parameters. (Closes: #952428)
   * CVE-2020-29668: Sympa allows remote attackers to obtain full SOAP API
     access by sending any arbitrary string (except one from an expired
     cookie) as the cookie value to authenticateAndRun. (Closes: #976020).
Checksums-Sha1:
 3cb0e8fa0359a9e57e94dc199c001d3fc7cd527d 2193 sympa_6.2.40~dfsg-1+deb10u1.dsc
 bc9c607f16fb50f19646bcd2c65a8054039cfd97 4119788 sympa_6.2.40~dfsg.orig.tar.xz
 c13e355adcd88526899f37962e090bfb079fb4fd 167588 sympa_6.2.40~dfsg-1+deb10u1.debian.tar.xz
 17958f265b040660333941ead7900e7af046ac66 10207 sympa_6.2.40~dfsg-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 21f8ba16ce0a2d96e86b7ba8a5aa1364006ae1013a481e5c83eeaf4e8b4643a3 2193 sympa_6.2.40~dfsg-1+deb10u1.dsc
 52e4fe24577b25a9b125000f4ca227b0939e3bfb5b79346623a13b5a448eab63 4119788 sympa_6.2.40~dfsg.orig.tar.xz
 f2eff6a42e37ae7c7bae729ade4c992aecd54911dc1bd6c960385c640b81c64e 167588 sympa_6.2.40~dfsg-1+deb10u1.debian.tar.xz
 ffe5d92eeacf0c16b0872c11a2809ece1c13eae8f9c332076ca6fa6ebc75d9ef 10207 sympa_6.2.40~dfsg-1+deb10u1_amd64.buildinfo
Files:
 bcb66853ee9279a87abfb443880107dc 2193 mail optional sympa_6.2.40~dfsg-1+deb10u1.dsc
 d0a0a7e066c68dd0af7299d312d4711d 4119788 mail optional sympa_6.2.40~dfsg.orig.tar.xz
 bee20ef3fd6458512464b09b45fd18b9 167588 mail optional sympa_6.2.40~dfsg-1+deb10u1.debian.tar.xz
 b26c85766d3c683d700f8d8367f20824 10207 mail optional sympa_6.2.40~dfsg-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/b0AoACgkQj/HLbo2J
BZ/eOwf6AsPgD6j7d6udYk2ahUZo77TkkCNqGxi15ST+n3S9Sz1b9gtHTuXCvyxI
zDAGVQhEcwe7+9KnKd6S/LjmEDuDtXznqD8DM/xxp+D1HQAKR+Ox+r14nE3LFx57
KYDU7fh1Ws+ohf0hY+hbZ8FWu/lMrSdtmqhzOH/w75l7r1zAMQkQOnVsNpb6+WJ4
J5v9p29frl7Djky1xMnm/5/G+q3YAd9ECttNWsNycYR6ry8eMqsnvuTinxj1T9NI
4RsM/Nqkn/hJZsbYpdRjyWUJjS17U42Dw2X/9LlzkuKlo6IJDCCBleyIqalL6Ucf
s3aM4rLdXRQ+E7Hg55iu1nxMT1d8Tw==
=SNwU
-----END PGP SIGNATURE-----