-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 29 Dec 2020 15:48:30 +0100 Source: p11-kit Architecture: source Version: 0.23.15-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian GnuTLS Maintainers Changed-By: Salvatore Bonaccorso Changes: p11-kit (0.23.15-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix bounds check in p11_rpc_buffer_get_byte_array (CVE-2020-29362) * Check attribute length against buffer size (CVE-2020-29363) * Check for arithmetic overflows before allocating (CVE-2020-29361) * Follow-up to arithmetic overflow fix (CVE-2020-29361) Checksums-Sha1: 7ef9efcae5b6f7148f9f71fd0652ba8b26595bd9 2607 p11-kit_0.23.15-2+deb10u1.dsc 06a9976d92861e5286fbb0b239821b7a250b177b 1276733 p11-kit_0.23.15.orig.tar.gz db8152056e013d529a128fb3e8e106338eb06c70 879 p11-kit_0.23.15.orig.tar.gz.asc 61e66fae5de47cbdf7ae0f8d2b847117c0fd0715 25496 p11-kit_0.23.15-2+deb10u1.debian.tar.xz Checksums-Sha256: d0c7215905c92f521b7b5a4dd98e2ad85abd40a05430dcf2a17dcc3e21f96389 2607 p11-kit_0.23.15-2+deb10u1.dsc f7c139a0c77a1f0012619003e542060ba8f94799a0ef463026db390680e4d798 1276733 p11-kit_0.23.15.orig.tar.gz e28bd948178e2f91e18fbb4387d7b6532aa44eb92ac4c67a6485bc9cd9c79db8 879 p11-kit_0.23.15.orig.tar.gz.asc 9f90af175ef68fdb3aca71f22074fa1860f88a820e29e1290ee51d606c53b572 25496 p11-kit_0.23.15-2+deb10u1.debian.tar.xz Files: 12020bed00f18b886cfcdd403e45cd0d 2607 libs optional p11-kit_0.23.15-2+deb10u1.dsc c4c3eecfe6bd6e62e436f62b51980749 1276733 libs optional p11-kit_0.23.15.orig.tar.gz 10b360724d517a4e3a07459fc1a24105 879 libs optional p11-kit_0.23.15.orig.tar.gz.asc b0bad11644c18c00ec4afbf7a3e246ee 25496 libs optional p11-kit_0.23.15-2+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/rQr9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EenUP/jPee+xk5iiBAK+TCqd3C5qEdkIKuuCB jbwIf0yzDMAfeR0rJ9mQpMisqmzSoazOx6MCpcNgmizMJQaE2IPIefxAAIEczTyC M/joc1Dz4yBlCKpE4tgFFwGKANuqX87Ht7gWQbRnLIxSWKBtbKKHLojpWQtq9TUq EfjJZS+s01C5rr70vvogu0o8Qd7BuGD0HTwoQaGeevhfJoj9yNypIqI0ZIeLvYFf gGkcFyaTh0y0u3yaJf4PilpkesbHJOMWyx74KadWDiZmtwwhW3qdnIGRjnbqX0yN gP2u7XuEHHvgW77CzRvBgHPNcT1wWDf0/bRDMImHTROO15Y/2vSeIxXoA/Plx5Kk uj7rFC7f3AA/+WUp4BsPY0ODEtc3cOtvRYGEv3BOUPbhoFxcizMVUGQjaOWSsg+W hPDn3REJ0Wd9QQIpTdI3ZNAbhv4agCVivZ4igDArvCCVZYgcOMXDHUIfgkY81oFQ Rjjb4SeCmVNNyowKvMIAoNgMiKQBXwn9HyIwzUZv+w4E2swwuTpg9cuVCLpYXdEp WoYSExMd0k3wRyp4HjXDgykArmxAalxlEdJmMf6LMId4j55MoXoaE2BXXySVqAgD c4XSc6CDlFEoXodJWtJT40xbcA+tw4Ll1GXt2dHsNzqyuvDSnGSU4XCvsW1gg8Pf J1Kw1rxjlsdd =Hlk8 -----END PGP SIGNATURE-----