Accepted yaws 2.0.4+dfsg-1+deb9u1 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Sep 2020 19:03:02 +0200
Source: yaws
Binary: yaws erlang-yaws erlang-yapp yaws-doc yaws-chat yaws-mail yaws-wiki yaws-yapp
Architecture: source amd64 all
Version: 2.0.4+dfsg-1+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian Erlang Packagers <pkg-erlang-devel@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
erlang-yapp - Erlang application for deploying Yaws webserver applications
erlang-yaws - Erlang application which implements HTTP webserver
yaws - High performance HTTP 1.1 webserver written in Erlang
yaws-chat - Chat application for Yaws webserver
yaws-doc - Documentation and examples for Yaws webserver
yaws-mail - Webmail application for Yaws webserver
yaws-wiki - Wiki application for Yaws webserver
yaws-yapp - Provides an easy way to deploy applications for Yaws webserver
Changes:
yaws (2.0.4+dfsg-1+deb9u1) stretch-security; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2020-24379
Reject external resource requests in DAV in order to avoid
XML External Entity (XXE) attackes.
* CVE-2020-24916
Sanitize CGI executable in order to avoid command injection
via CGI requests.
Checksums-Sha1:
e3068a06f47920dcbde01bbbd56e12cc48f0ebd0 2703 yaws_2.0.4+dfsg-1+deb9u1.dsc
d651a0bd64bbea714a867a572d6e45d43b4ce1c7 1186072 yaws_2.0.4+dfsg.orig.tar.xz
5d918e29a8085526570cb40e8cbdf8616517e3e7 29384 yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz
d3a719a05824b81f8a7902bf525578e1199a00f3 80328 erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb
4095028e1eedfe15080fb3bc6a1e2ae2890fbaf7 21240 erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb
c1e07b1b121eaae1bbb5f6268ea9321e63643736 1203582 erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb
b9661d577aa93fc88d6389c5d627c661e555ebe2 75452 yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb
286bbdbd8f3988866529d7f70583c1b61f6fb806 1015922 yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb
bd6fa2d92c926885872288ea49ab4508b91b4606 166636 yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb
a75240cb5679d154f8fcbff7b1c9d1db0a2c5388 201782 yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb
930a2f1b7d99e0efb1178f78edfdad591734a9d2 59234 yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb
dfb57cba40b63fbdba762fca1ca0dc1761793c8d 89132 yaws_2.0.4+dfsg-1+deb9u1_all.deb
100d5c0fe046a1806b2f8ee306f9caff65ae1490 12043 yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
26f44afaf669306a4cc63a758bc1ef71fa599a02ffac9ccaed0a3c95ec3733cc 2703 yaws_2.0.4+dfsg-1+deb9u1.dsc
6d6d2f71e0061529e9ac6dd2babf9a5c53e9ca266543d11c97cb1de427970a0e 1186072 yaws_2.0.4+dfsg.orig.tar.xz
39c953e502ca3be3f23f56f2395360fea9908a208c50fdbe7dedca4787fdae7e 29384 yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz
4c94c847988d59959ec37708ba6d22457de4192c5f65ba8dc2d1448352402185 80328 erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb
63f7998b6350c3c80a29d6c11f0ebc777f9c4ffb2c66511d854d6e5a28920022 21240 erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb
8757e5e7a1295e19918ab9f0a2138001a977fb831f6e4f6410082712c02d2135 1203582 erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb
6496b5efe01fc7a184d5463d7fbd3bf023b8d0f229228167c1e410d05990f3df 75452 yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb
7886c3c35fa7544b465bfe3ee6e24ee81a4f41bd904ff62c45886df9d510e050 1015922 yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb
93965df167c6e84aca45c8b3206123f16478493216b07e3dbbdd2a2d5fae1e40 166636 yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb
bc34e26babfadde9444c3c3fb0fc5b3d7cc32e9e6cc495205335bd94705e27c8 201782 yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb
3cc8f8549719da2317c2b93b7e9d9c9b11da43b048f75c52ffc9abdc2eb62f3b 59234 yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb
19e95932ec24b0c2b50d9aadbb947953c58f8d25de10bd258bf5de70302685a9 89132 yaws_2.0.4+dfsg-1+deb9u1_all.deb
0ffa6517767617ba1889892cb0c6a71b1ec11d641061d2d4c6b9d2dc3b1ab806 12043 yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo
Files:
451faa55b2f232abecc9eee0420cb588 2703 httpd optional yaws_2.0.4+dfsg-1+deb9u1.dsc
c5dfeb58d918448b59971bc40aa6f538 1186072 httpd optional yaws_2.0.4+dfsg.orig.tar.xz
c99abce2a9f99ac98284eeefd70e97af 29384 httpd optional yaws_2.0.4+dfsg-1+deb9u1.debian.tar.xz
0c907a258a742dd351ebd37ec613e799 80328 httpd optional erlang-yapp_2.0.4+dfsg-1+deb9u1_amd64.deb
bdfd5127d0477535b1a3171229019873 21240 debug extra erlang-yaws-dbgsym_2.0.4+dfsg-1+deb9u1_amd64.deb
dc0c870d4c568d1adbbfc7d301ff68ec 1203582 httpd optional erlang-yaws_2.0.4+dfsg-1+deb9u1_amd64.deb
7b04a379ee625a0928f0e1e9f74b32e7 75452 web optional yaws-chat_2.0.4+dfsg-1+deb9u1_all.deb
2bee6288a7602a2ed9f64863cce69c06 1015922 doc optional yaws-doc_2.0.4+dfsg-1+deb9u1_all.deb
e1cee3d6c13e992d46fd85776d296388 166636 web optional yaws-mail_2.0.4+dfsg-1+deb9u1_all.deb
c8cfa1bba50b1a6decf7001551789e97 201782 web optional yaws-wiki_2.0.4+dfsg-1+deb9u1_all.deb
c5876b5d5f5d628aa371318ae1fa89fe 59234 web optional yaws-yapp_2.0.4+dfsg-1+deb9u1_all.deb
111ccbeafb04a49ff6421d24fdfb508a 89132 httpd optional yaws_2.0.4+dfsg-1+deb9u1_all.deb
f03345fe77d6e021da24c7941834eb1a 12043 httpd optional yaws_2.0.4+dfsg-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl9vWzFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR7zGEACE1npvw+qQ/+QEeCpYBwJmA/olyUJT
cBr4nbxDrU+whLXz2kfm655WuOkc/n9HpWq/EHwa4NFce1gp60aDZE9DtLfQ6Xfu
wSnf5+mwGqDEw/2QOcvg6Ch0vAuGIZKt6pmfPl4FzrnGnDc873idbMGr5jiTBeSl
cx9wzvl9eUEuxNUkyj3mBl4OZgz3/GQNvb2Di27FSjOGW+LIPKzyD9KvQ1+Ag0Xw
XyK/xa62Y0+MSs/THZmWHX1skCXFloeS2maukkUtLgGFSABYRoBLPeXCh2eurFHe
J5YnB18yK6b7xK7NVoGVTF75g87AvGjaFeoAoJ5XMvQsd4Qw+QvGOBycG7hWWUtM
KDgIXPRabPVBK9aevcHCRVDBJFal0TOSSCV6zihOST5+JT2YdAr0GSWAGKR2zeEO
VwLs3oWxyhmI4QP+icUKcIjsjr7z8oIXbLAZPFNTqj/q1Yw36GNeSWktUKqXakpM
xiLahY+0UgjZ97MkKL5R7Fd/hIYPTWH+6DTmqnLuAmXAXQuBrFd52I6Z2WIuwm2x
6XFL8w4c2psKbO8scxu0NAC36nZCFwoDfAfG/7iIp6zxY3SMenLGXEzPKm6LR9LZ
vCcjnH5rgq3cXSkyftZ+gGNDzkwPozsFf5YgJVKcdKundCpZ2gwc5f4hijy98yn2
F+WulrTUsYmkuw==
=49ec
-----END PGP SIGNATURE-----