-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Dec 2024 21:19:02 +0100 Source: openafs Architecture: source Version: 1.8.9-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Benjamin Kaduk Changed-By: Salvatore Bonaccorso Closes: 1087406 1087407 Changes: openafs (1.8.9-1+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * afs: Properly type afs_osi_suser cred arg * Theft of credentials in Unix client PAGs (CVE-2024-10394) (Closes: #1087406, #1087407) * Fileserver crash and possible information leak on StoreACL/FetchACL (CVE-2024-10396) (Closes: #1087406, #1087407) * Preallocated buffer overflows in XDR responses (CVE-2024-10397) (Closes: #1087406, #1087407) Checksums-Sha1: 68dfccb2fd0858033620dc4717d90c695bcfe752 3940 openafs_1.8.9-1+deb12u1.dsc 3f28bcc81cc5b9ef9965834315a151210af71704 6747280 openafs_1.8.9.orig.tar.xz 3483d1b494cce12a44664f3d1029652d6f1087c4 167372 openafs_1.8.9-1+deb12u1.debian.tar.xz Checksums-Sha256: 7bc29d364031e12cf3c998fc74ab976f5672633d4e20354a1ab96a75b9d12638 3940 openafs_1.8.9-1+deb12u1.dsc ec57e048e647c8e65d079f0363ce451b7a1ee578ce707f2df1f9a1e2e9f0fa5f 6747280 openafs_1.8.9.orig.tar.xz e110ec333768063bdb922d1b96e6ceadacd6149c75f44b42bdc063d7354f8930 167372 openafs_1.8.9-1+deb12u1.debian.tar.xz Files: 65ff20aaa209609da08204ea93626d3c 3940 net optional openafs_1.8.9-1+deb12u1.dsc 6ab6eb8a47dd0df6a55863036be73b34 6747280 net optional openafs_1.8.9.orig.tar.xz ada07afdaf5de9270db0dc7f127e08d3 167372 net optional openafs_1.8.9-1+deb12u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdtXrpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EB1UP/2Dj77OwrI42V7SCvwkxRQlQI0xaDw+7 7/tC8oa891zjUZfm2TsD8UXvQ8bjZBD/lNrpP9n6vGdq3Am7jpG6O+K0+yg0g+Kg YBxSaGRkzRXIz3niOG1ojZpgTAZ60rsLNMr+tOyIdvtC2IoCPEDY4Manqp35c9tc LrcmE+idojF3HJJ3A0TCvk6Z9seTdyxYqRQp/abTndksBrk4URoi9P9e9/Y8w4Sr Irw88GDyV7DWMLmXx1fknrHjExEKg4PxpCzc20sPw7pTFs2nPsmzQ8Oyc6uNg5+s 12ygQX5QphofzkhUKgLjbj7s+XRwpOPFPeNNJ4BhfHvLEEIHY3tgio1absKPg9SR pBpbKyfb72DbYlO9VxuFFJyxQmTYr467YWzJpT61XMirTs/4iwlLXJPciPpweG8A GsXiiM3ZsKE28qV1hDgPMuRM76XP43+dmsT+qXPqkAE6By3Y3TsdSd5shaAxshMt rQIZZxqlCeUOwLPXzJ0dNaKmTn2AWFrRM9aA5C/SoUBFnUWvc2NaBiuh8wb5ZB/c KDUSPmQjZ3Sw7zKDgetCmHI/uYjs5K5fgy9hWkYd2xZC9Dh3gTAKRMMM4/cHrygZ bxLM7EwFN4xEZ+z05uodib6S+QDnXevyVfTUcQUql7V6kKP4AB9jBFHfMgS2xeEw jDXbcH+bABOG =rl96 -----END PGP SIGNATURE-----