Accepted glusterfs 4.1.4-1 (source amd64) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 20 Sep 2018 11:29:33 +0200
Source: glusterfs
Binary: glusterfs-client glusterfs-server glusterfs-common
Architecture: source amd64
Version: 4.1.4-1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Patrick Matthäi <pmatthaei@debian.org>
Description:
glusterfs-client - clustered file-system (client package)
glusterfs-common - GlusterFS common libraries and translator modules
glusterfs-server - clustered file-system (server package)
Closes: 909215
Changes:
glusterfs (4.1.4-1) unstable; urgency=high
.
* New upstream release.
- This release fixes multiple security issues:
- CVE-2018-10904: Unsanitized file names in debug/io-stats translator can
allow remote attackers to execute arbitrary code.
- CVE-2018-10907: Stack-based buffer overflow in server-rpc-fops.c allows
remote attackers to execute arbitrary code.
- CVE-2018-10911: Improper deserialization in dict.c:dict_unserialize()
can allow attackers to read arbitrary memory.
- CVE-2018-10913: Information Exposure in posix_get_file_contents function
in posix-helpers.c.
- CVE-2018-10914: remote denial of service of gluster volumes via
posix_get_file_contents function in posix-helpers.c.
- CVE-2018-10923: I/O to arbitrary devices on storage server.
- CVE-2018-10926: Device files can be created in arbitrary locations.
- CVE-2018-10927: File status information leak and denial of service.
- CVE-2018-10928: Improper resolution of symlinks allows for privilege
escalation.
- CVE-2018-10929: Arbitrary file creation on storage server allows for
execution of arbitrary code.
- CVE-2018-10930: Files can be renamed outside volume.
Closes: #909215
* Remove extra documentation file from libdir.
Checksums-Sha1:
1132c186cff6c1a0810cefaedc8d564f4c56e28c 2157 glusterfs_4.1.4-1.dsc
5128070adce6597a4134273bd92dd33be41570e9 7801583 glusterfs_4.1.4.orig.tar.gz
5c0340bc38b7b85460582cb712f01e3e20f249ae 17712 glusterfs_4.1.4-1.debian.tar.xz
e82ed4362006f13708723a7b740500311b1ae9c5 37596 glusterfs-client-dbgsym_4.1.4-1_amd64.deb
3c405979fcb02293e542cb70e90e96dbc2a99936 2358740 glusterfs-client_4.1.4-1_amd64.deb
c5945cdb2eba573f91d37ee520925fccc21d0487 18547272 glusterfs-common-dbgsym_4.1.4-1_amd64.deb
42ff39c490937e6c642e7c87771000374f449ab5 5691972 glusterfs-common_4.1.4-1_amd64.deb
a5f4ad5ca23bf9340c0d4a3806ae5fbb7f9ba41f 750984 glusterfs-server-dbgsym_4.1.4-1_amd64.deb
02695590196384f196ed019cbcd2ad3716b629a0 2532168 glusterfs-server_4.1.4-1_amd64.deb
c99a524aec109bee7027154bb30f1d0ae9714b00 10652 glusterfs_4.1.4-1_amd64.buildinfo
Checksums-Sha256:
ba1a6351a063cc0b93bdd0a89d2aec6ca7ff0abf31acdbc06c2af3f76ed79cda 2157 glusterfs_4.1.4-1.dsc
b940b6d1a57e4c6c7f5aa4f4caaa9bf9d2ff17fab496a9e38d7b4382af006d70 7801583 glusterfs_4.1.4.orig.tar.gz
84abbb1ebc1441e5f09330c73ca72ee8b1e58c235fa22014ba8ffd98d73cf945 17712 glusterfs_4.1.4-1.debian.tar.xz
2413bae34ff6b28b8154ce6d439765cb23465d0f0a9d527bdc4acf0c70dca83e 37596 glusterfs-client-dbgsym_4.1.4-1_amd64.deb
bb18964f70579573031311aa35aba94db540f1fadda0b49cfb2aafbe5ccbd915 2358740 glusterfs-client_4.1.4-1_amd64.deb
865997b8a51af3fc696d319c90c8145bb1e0b7a73ccc2c45c330fac5890746dd 18547272 glusterfs-common-dbgsym_4.1.4-1_amd64.deb
02dcb7078f97abfa96ff43779229e3aa2d876bd9e0a9b281dfb617c6e9dc0d89 5691972 glusterfs-common_4.1.4-1_amd64.deb
cab26267c39ce55526c751ce39bea77adb0d3d321918213eec407effa585fe11 750984 glusterfs-server-dbgsym_4.1.4-1_amd64.deb
3912c378dc53948371d193c120f1cf18646e593062949bdab5132e7b69db4060 2532168 glusterfs-server_4.1.4-1_amd64.deb
a42a0724f763c220bbce39e254f3c8278a7fb9edd95c65af8d25cb8cd7919ebc 10652 glusterfs_4.1.4-1_amd64.buildinfo
Files:
7fada2bf7e85516cc7a7a1fefbdfa601 2157 admin optional glusterfs_4.1.4-1.dsc
f367ad03011a41248d4f230f3d391765 7801583 admin optional glusterfs_4.1.4.orig.tar.gz
56f18af3c4dc466ad5bcdc2520b13389 17712 admin optional glusterfs_4.1.4-1.debian.tar.xz
2ea57a41cbf94f61ca2008174dea0f48 37596 debug optional glusterfs-client-dbgsym_4.1.4-1_amd64.deb
6ce1fa45adee3c34da12872aba3dd168 2358740 admin optional glusterfs-client_4.1.4-1_amd64.deb
30e9badb20923d96d432a301154fd582 18547272 debug optional glusterfs-common-dbgsym_4.1.4-1_amd64.deb
aab6e779449e0c7d4753830428c12e77 5691972 admin optional glusterfs-common_4.1.4-1_amd64.deb
891dcd71233ac434c261f2ed46565b8a 750984 debug optional glusterfs-server-dbgsym_4.1.4-1_amd64.deb
64fa26e3a3fcb050ab764aaeb057852d 2532168 admin optional glusterfs-server_4.1.4-1_amd64.deb
1dc638de5bd5eaf9b0147444ec14ca69 10652 admin optional glusterfs_4.1.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEWKA9xYJCWk3IuQ4TEtmwSpDL2OQFAlujd9wACgkQEtmwSpDL
2OSyiA//fzQ+HOaVLVigZreGyjw0QXjAzt1a4PN/txblt0s5Y7mfiY2fXOIHd2GV
p5Oj1G76neTrXHfXXDcDgUuP3umAUFAQ7iXJwWSMeGEuMVrPyUGngvN7zHP0wtAz
wsC7+7HD4aYP6Xvzt+82vZLj+oLhFN7OqulmIS4TKwSrwMK/6C8aCf7XvOZY0jUF
V3IM/kyKWQ2UsdbNyae9+jid2VHqqp4MgQG6KokjMhjTKjrrYBTHBOdvie5OnDwl
N1Z0po07zzUff424YOzk4YlpvwzUImEXNqF49FbSQlLdGEju8KkjE1K2LltpXytF
9R6xOk7yPSNKfAUR4zM+Wq1w6XLIo5UqzKqxLjCk0Nhj5sgQkJone8l8lcXA+vjB
kYDzBMJc7YqcgxfP2IoNzZ0VjWg+P5FmEHiKap3G3173UV4XZmi9glvTEWcJJcMU
s5KvCdAE5h24BfYjeQGB8iKiyVofZ08qufR1G+Hxv++kAKPKa60C6xoGA31JZKQd
m8mX1weuxl5De0B7ek4cofNV0mx4f3JspDxbv6ic/PcJbVnvrykXrrFENf3ihncB
Nm7tO20nn/Im2sciCRx5PYh1XZx281BvRmEUFnU+pLaxj1+Fma6Ccv0NzT3AGnxy
OH0EPhHGQ/BcyXU/HzgB8GIPyT7XzRchq5opgCvcn0VGSI/wyRM=
=EATa
-----END PGP SIGNATURE-----
Reply to: