Accepted needrestart 3.7-3.1 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted needrestart 3.7-3.1 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 19 Nov 2024 16:22:25 +0000
Message-id: <[🔎] E1tDQzh-006OHq-Cp@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 12 Nov 2024 20:31:52 +0100
Source: needrestart
Architecture: source
Version: 3.7-3.1
Distribution: unstable
Urgency: high
Maintainer: Patrick Matthäi <pmatthaei@debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Changes:
 needrestart (3.7-3.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Address local privilege escalation vulnerabilities from any unprivileged
     user to root (CVE-2024-48990, CVE-2024-48992, CVE-2024-48991,
     CVE-2024-11003):
     - core: prevent race condition on /proc/$PID/exec evaluation
     - interp: do not set PYTHONPATH environment variable to prevent a LPE
     - interp: do not set RUBYLIB environment variable to prevent a LPE
     - interp: chdir into empty directory to prevent python parsing arbitrary
       files
     - interp: drop usage of Module::ScanDeps to prevent LPE
   * debian/control: Drop Depends on libmodule-scandeps-perl
Checksums-Sha1:
 2710b82de9837964290df21c96658b1a63c88ac0 1982 needrestart_3.7-3.1.dsc
 6d3dcffffa2778c377e686aa116737df9b150512 15232 needrestart_3.7-3.1.debian.tar.xz
 300406719ea2581e92cba886514f78334a9ef745 6220 needrestart_3.7-3.1_source.buildinfo
Checksums-Sha256:
 096e153ddddb21bf463694e1d212d0c9dbc466b2eea4e8270de5fa54ef1918ad 1982 needrestart_3.7-3.1.dsc
 178aebb01fd6afb5087c3e8daaf1d9ee4506acc6d6546d043c09ef067420f9fa 15232 needrestart_3.7-3.1.debian.tar.xz
 745e8e874bc64d4587283ebdb074f2af05d60666d014f17d197d7fb3caa10713 6220 needrestart_3.7-3.1_source.buildinfo
Files:
 ea0bace28198b4644407a0e1f6ac032f 1982 admin optional needrestart_3.7-3.1.dsc
 af88feb200222b567d38e7be210021c9 15232 admin optional needrestart_3.7-3.1.debian.tar.xz
 a3067ac9c75f7ad346f2f8e2c7cd3afa 6220 admin optional needrestart_3.7-3.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmc4xKBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89Eo08P/R/akwptptm+n0wIidInnjnm6bE63xFH
h0TRTv1rFQn7LmCr5/ASB6avWM+mEVlC5Wc7cMUcoZrkhAgh4b299M7XpGO3UtHD
AS6rHf4m/dnvOLTw6Vo51GLEB0MLkbbpK1lgyPmmzLa0QACGwyYbX6zEYilzfFx7
Wnn5XdaXbNU8BIh1FTpzIrN38L/GeMjCJbe2QJNvL9NQCyoht8OKgRpvQBCM4o4x
dQCpoEjg6DhdSEZ7ku+MYQQ4VGlcSU+PCzfkBCruDX7fopP74MsO6pS40PGbf9Du
+QkFeA3Aw86FKSSqRal9b/JQUotV4kEqXndvO6aoh/2DxnfnYiSkOpkGYYNx2PV4
1JmOerXxKCuuomYVRiNL+lochZD1UaieEio4gewYQ2dpMrZSMeYy8dvUI7oHuWyM
QM3FVgbfHrpuWP+Kn3dwGAGucxyZKzaBKWj9Ce0puk8qdZsgr1bq5Qu9gwUhVzQI
dGV0PaJUXtcfWcUeeR/NivkGMpsCcYxLyEYUUFpbG/oTYLlXk8K1hBh/S471ier/
n+JkfEaBwkce1XOLtoFMAcPLuIunJV0ByAXNZ4zcsJKgLrfzTD3AMr8b8ody6WR7
QlF1rNy08LXogqbCcHANhUGj/4NnUP/nTnvmz9oS9Td2WnVUS0JYUUOuSdh5T7g+
H6lZg6Ok2TGJ
=8sev
-----END PGP SIGNATURE-----

Attachment: pgpFC9m3UCPuJ.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted libmodule-scandeps-perl 1.35-2 (source) into unstable
Next by Date: Accepted python-scrapy 2.12.0-1 (source) into unstable
Previous by thread: Accepted libmodule-scandeps-perl 1.35-2 (source) into unstable
Next by thread: Accepted python-scrapy 2.12.0-1 (source) into unstable
Index(es):
- Date
- Thread