-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 05 Jun 2019 02:55:16 +0200 Source: libthrift-java Binary: libthrift-java Architecture: source Version: 0.9.1-2.1~deb9u1 Distribution: stretch Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Andreas Beckmann Description: libthrift-java - Java language support for Thrift Closes: 918736 Changes: libthrift-java (0.9.1-2.1~deb9u1) stretch; urgency=medium . * Non-maintainer upload. * Rebuild for stretch. . libthrift-java (0.9.1-2.1) unstable; urgency=high . * Non-maintainer upload. * Fix CVE-2018-1320: It was discovered that it was possible to bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete. (Closes: #918736) Checksums-Sha1: 2f8644b57303fd19a2641d2db299a261491a7ae7 2203 libthrift-java_0.9.1-2.1~deb9u1.dsc 9b0a6d34e1ba07debc8ea3e6232f07d7bd943b5b 3288 libthrift-java_0.9.1-2.1~deb9u1.debian.tar.xz 279c985f85a6bdcec3bf5d4a5d4e66993f536420 15015 libthrift-java_0.9.1-2.1~deb9u1_source.buildinfo Checksums-Sha256: 0588b44f236fabef34aa13897966648ca3d219c97fc4ef054313fbf7fd349383 2203 libthrift-java_0.9.1-2.1~deb9u1.dsc 002509827e42d6cef130629052cbba9acf729c0f6c675c90bccf0304045665c4 3288 libthrift-java_0.9.1-2.1~deb9u1.debian.tar.xz 5ffbd4f3f04f6107fec1f042b9c2fbefe72c293eaaa851f754c75e19251f1ea5 15015 libthrift-java_0.9.1-2.1~deb9u1_source.buildinfo Files: dfc52f5a6052f663fe3375bd71eadb32 2203 java extra libthrift-java_0.9.1-2.1~deb9u1.dsc 3cc21675499a3adaaa074831ed39453c 3288 java extra libthrift-java_0.9.1-2.1~deb9u1.debian.tar.xz b31117c8f12a8c7b119c8958c3c75270 15015 java extra libthrift-java_0.9.1-2.1~deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAlz3F4wQHGFuYmVAZGVi aWFuLm9yZwAKCRBfsz+TWentCEUQD/4pqsy31r4ISw6FtvPBB+zmXhzziZszwiA9 RwtP8+xOEvEN6DHCS1qajtX0BWuYq+zov+cL0Xzz6xaOTc3xgB2GlZ2v+J4qHnJ4 mSFjJDPKQdU3csSAy/P1aHh3IduLN+roUTmUaBfqZd8Z38WqhHJY5pcn0gzHtGom gd9OhXzPGPJ33gUHlhjCYBRALnE3sl2JO1rJrMDBiUkY09mXKkIRwUNRciEIvjNK Sm2jY0dFMDclVV0z7umE77G+TzTLRKbxAiR5/Kq2DpfZiLADIyASCsWkPBdcbfJC PccMGPHYedb/qbuX4AnvugKaXkNfVcPTQ0e/Bf9Ku7/J86t5qyG412LGPr6ZMLBz V2VkWNlID73Hm3bas1VYKuni2rWxgT67fBu/SB+nQjNIuQuPk9kXHHGaBWzjB3Wz z5saCTbFisc4Jey0K4XOIBij1InjBfH65FiQpE9ojVLbMXkTGes6jiEgTozdQnd9 H4ivqe9t77sKrWsOIC4xpKBUibZUIB8DzERjNnJj1Sh5JHGi6fJ0AsiPeiumIxwT Sp7DKN1A0J0/Q0s98cCNQuuZ0xYFnECPCQK3gAMGK0uE9pbmuWSdgyf5DR/cfcXd 64bjYTsBQZvt9vAq8AlBi48tZ01ZxdvgtwyiB2XPjq4ojJrcfiaMBoAbSbSVPqLG t4aMZ4zu7g== =uhK7 -----END PGP SIGNATURE-----