[SECURITY] [DLA 1662-1] libthrift-java security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : libthrift-java
Version : 0.9.1-2+deb8u1
CVE ID : CVE-2018-1320
Debian Bug : 918736
It was discovered that it was possible to bypass SASL negotiation
isComplete validation in libthrift-java, Java language support for the
Apache Thrift software framework. An assert used to determine if the
SASL handshake had successfully completed could be disabled in
production settings making the validation incomplete.
For Debian 8 "Jessie", this problem has been fixed in version
0.9.1-2+deb8u1.
We recommend that you upgrade your libthrift-java packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlxbRsRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRNmA//afk6MtiKKgapjlAsD+rloK2Wdbe5v84bb39otnjtNkQJZ98sVudb4rZo
Op6OAYLeDpnRmDKEJbas0wVnDBRgdZDGppvpZc/7N231S05pF/eHRxTH6EqHFCy2
kor3Kj5j76xFpya19JubXZ/McSB+SWsIMnZyEl2xyei42OgkrtEw5uXDLCIieduo
zWtJoRjBuPF6a8g3DTvvngxUMpHVAiOViytJwJz//So0Weo9jW3yegZkgzGRZ53k
GCA76HndzLLl45Tv/7xefkQePu59RMXVosgwAdAk2/NoWlR2ug0ZDU+1x5SYa3iL
bRMYlCRMMDQOmJvUJfbbJ9KoYUPhs9N9J2K0oo6d6xsUb91rh2Xk4SsZFwycQwok
q+wAR0EA3wBE/OqXFOFCX+7eGShObpBhrLDuBdQDO3XNsgiaJ1bczrTXxRrbQDvB
HdzWVT59OZ+kSqSSepXPFxGVRZl66/J76jL1FpKYqfzJlW5Hlo1l6zbH7WpHjg0R
+JFo5EK9r7iNSGwazT4Hxa2VfVxZG6SAvcfYRpVDGMsdmLJ55H5SJmzZukD5ZKkJ
k1P/aS/UGUaATAUoDEdaxdTP27JdzjmHEzbWNKGfQYWd0UB+XJdJtidyL/jiZQop
DkKa436uS0H7aZJRz7hvQqRYasjDjdKca34NvrgrI5t4Fbu8FCs=
=nk10
-----END PGP SIGNATURE-----
Reply to: