Accepted glusterfs 4.1.5-1~bpo9+1 (source amd64) into stretch-backports
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 24 Sep 2018 10:55:43 +0200
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 4.1.5-1~bpo9+1
Distribution: stretch-backports
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
glusterfs-client - clustered file-system (client package)
glusterfs-common - GlusterFS common libraries and translator modules
glusterfs-server - clustered file-system (server package)
Closes: 901968 909215
Changes:
glusterfs (4.1.5-1~bpo9+1) stretch-backports; urgency=medium
.
* Rebuild for stretch-backports.
.
glusterfs (4.1.5-1) unstable; urgency=high
.
* New upstream release.
.
glusterfs (4.1.4-1) unstable; urgency=high
.
* New upstream release.
- This release fixes multiple security issues:
- CVE-2018-10904: Unsanitized file names in debug/io-stats translator can
allow remote attackers to execute arbitrary code.
- CVE-2018-10907: Stack-based buffer overflow in server-rpc-fops.c allows
remote attackers to execute arbitrary code.
- CVE-2018-10911: Improper deserialization in dict.c:dict_unserialize()
can allow attackers to read arbitrary memory.
- CVE-2018-10913: Information Exposure in posix_get_file_contents function
in posix-helpers.c.
- CVE-2018-10914: remote denial of service of gluster volumes via
posix_get_file_contents function in posix-helpers.c.
- CVE-2018-10923: I/O to arbitrary devices on storage server.
- CVE-2018-10926: Device files can be created in arbitrary locations.
- CVE-2018-10927: File status information leak and denial of service.
- CVE-2018-10928: Improper resolution of symlinks allows for privilege
escalation.
- CVE-2018-10929: Arbitrary file creation on storage server allows for
execution of arbitrary code.
- CVE-2018-10930: Files can be renamed outside volume.
Closes: #909215
* Remove extra documentation file from libdir.
.
glusterfs (4.1.3-1) unstable; urgency=medium
.
* New upstream release.
* Bump Standards-Version to 4.2.1.
* Adjust lintian overrides.
.
glusterfs (4.1.2-1) unstable; urgency=high
.
* New upstream release.
- Fixes CVE-2018-10841: Access trusted peer group via remote-host command.
Closes: #901968
- Drop patch 02-shell-syntax-error.
- Install new gsyncd.conf file.
* Merge 4.0.2-1~bpo9+1 changelog.
* Remove trailing whitespace from debian/changelog.
* Adjust lintian warnings.
* Bump Standards-Version to 4.1.5.
* Merge patch 03-spelling-errors into 01-spelling-error.
* Adjust lintian overrides.
* Correct patch 04-systemd-fixes. The documentation key is placed in the unit
section now.
Checksums-Sha1:
fd777aa8841617b738501ce47c508af3c4649b7d 2185 glusterfs_4.1.5-1~bpo9+1.dsc
054beafc45576c041fc4c88bdd7f8f4e4a959b45 17728 glusterfs_4.1.5-1~bpo9+1.debian.tar.xz
315ce3af0d3bd9aea87f391a5b92d678fc1513ca 32720 glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb
0724a4f8bccaa934f9b165dafa9ef94f3e50a498 2360978 glusterfs-client_4.1.5-1~bpo9+1_amd64.deb
145336d7b42d4a8b71cde614f391b33fd66a4bd7 16360020 glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb
d9a4ef1f35432e8bed325d348bfad93b449e2f5f 5653554 glusterfs-common_4.1.5-1~bpo9+1_amd64.deb
6a3bf7c4c65e8b4c00f7c6a33fb5e36c8065b077 661998 glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb
78676b040d6ec245df3406baf930596c2c3aeac1 2531366 glusterfs-server_4.1.5-1~bpo9+1_amd64.deb
5de5b45102073d89f275d24cb92ccc1a8b26e8f3 9839 glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo
Checksums-Sha256:
4d175f157443a26ee6baad383bb6fd75600da0db532e487f6b6ddaed3939d82f 2185 glusterfs_4.1.5-1~bpo9+1.dsc
1ce4139e1d0df0b27e2d7fafc394a78616edd1ebc1168ba18efff1bf8e32873a 17728 glusterfs_4.1.5-1~bpo9+1.debian.tar.xz
da6c518b9a37d3105f31f46fa2909767e8d57da89a925564ba68308211acc0f2 32720 glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb
acde8aa2bb7812372865236224a92ac5af40bbbed5ecb0257392b2ad1e7cee27 2360978 glusterfs-client_4.1.5-1~bpo9+1_amd64.deb
67f5a8b96bd59f59fc2eb2dc61cafb8d84a88c0bea22916517891d8eb68700f5 16360020 glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb
4207eea8bbc0e32e9982876cb342e3c32e88847ce97e514bf8fe28cd441ecd80 5653554 glusterfs-common_4.1.5-1~bpo9+1_amd64.deb
40bd13b4e62ca8e50747627f3f700275299dfb7b00b239f19ffd85a444a1bc67 661998 glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb
71354d2d80a79b30cad6d683bb6685318616e48f779ec82904b6480ab7c9227d 2531366 glusterfs-server_4.1.5-1~bpo9+1_amd64.deb
661d99bf8c8d13697df2074387d118860728c27deb7f6833331330af2bca6b69 9839 glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo
Files:
ce5292991b4fdafc358535b131a852c5 2185 admin optional glusterfs_4.1.5-1~bpo9+1.dsc
95e978b90aa3039c239afd2e410c3544 17728 admin optional glusterfs_4.1.5-1~bpo9+1.debian.tar.xz
7483d2a2bc08a8cb8bea00cf0582e6a2 32720 debug extra glusterfs-client-dbgsym_4.1.5-1~bpo9+1_amd64.deb
048a4cce467ee2adab802313b1b58b38 2360978 admin optional glusterfs-client_4.1.5-1~bpo9+1_amd64.deb
9451f39780a0730ec81437f43a4a11eb 16360020 debug extra glusterfs-common-dbgsym_4.1.5-1~bpo9+1_amd64.deb
a36ead6a5ba959dc3f406dd60b1d4b22 5653554 admin optional glusterfs-common_4.1.5-1~bpo9+1_amd64.deb
344ca1f60758e781b0f3aa1d231fba2d 661998 debug extra glusterfs-server-dbgsym_4.1.5-1~bpo9+1_amd64.deb
6bcbe67a5e585d78af9cbee593b18240 2531366 admin optional glusterfs-server_4.1.5-1~bpo9+1_amd64.deb
6260f049e42cf012a8a8cd678d30de97 9839 admin optional glusterfs_4.1.5-1~bpo9+1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAluoqOEACgkQEtmwSpDL
2OR17g//Yv+p0CpqQQDXrjZsEDLVAzGfgcGTJrtNa/FTEHq1RoookHkt3qkJkaXe
6dt922mR3H58t1Oy3XzkHSdPexHRZqipPpQTyz7jSssDkF8doCRiP8NQ6vPMEbxo
iZWE+VBgCXM9wD7lkfRvjmMO3jqBi8iLGs6M4advMs5V1PvkmhN8mR+l5+anXnvi
9S/fGUF9g+it+Ed2JX/hJDN6OMJKnDcFKPqm8qFRQ3alDtHYCbw+qGex34I9mxTI
tLhs8R0PO5gW0yYv2FOjwioQLFl+M9iGVQtxJCWdpY6355h5BYbHFz8DZKsu5pkN
YyUZZTfRyJJJDY0/j51Ko5++4quR2NB2fldA19iJIf4LKDgoFJ/jMSddkd2QTR65
JctggGZ1mFOc2zQMJMPf97fkVk9IstKecAWpAdTeDiVJGuvHXtVlSWtYt/cC93RL
wOciOguB/6Jrh0tKyvwCk1uor4toyBmeSeHJmVdvRiU7pz+RI/yqU5OtZOC6IJBM
UByAYWfyDHGKPC/Z9aO0mRzuZOb+4ynd8+XUp+SA4hAki3N6mKvqkdD+pYb7X1vz
enGKnsn8fGcTmqQ6cpT6bgqLcufndb+m4mnZXGyZc+4t/KV0DT0XRDLMnggS33sT
cZs3q666XZySmyv8FDB8JZwQyisf3zV02KtPW67H47K4gOCMTMQ=
=aN4w
-----END PGP SIGNATURE-----
Reply to: