-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Nov 2023 08:15:30 -0500 Source: glewlwyd Binary: glewlwyd glewlwyd-dbgsym Architecture: amd64 Version: 2.5.2-2+deb11u3 Distribution: bullseye Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Nicolas Mora Description: glewlwyd - Single-Sign-On server with multiple factor authentication Changes: glewlwyd (2.5.2-2+deb11u3) bullseye; urgency=medium . * d/patches: Fix CVE-2022-27240 possible buffer overflow during webauthn signature assertion * d/patches: Fix CVE-2022-29967 static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal * d/glewlwyd-common.install: copy bootstrap, jquery, fork-awesome instead of linking it * d/patches: Fix CVE-2023-49208: possible buffer overflow during FIDO2 signature validation in webauthn registration Checksums-Sha1: 66767345289243701f22f3c1ac4dea4b45d9ed6d 1010340 glewlwyd-dbgsym_2.5.2-2+deb11u3_amd64.deb 4a5a2f9b1980a5e845661a56ff2c8a25cacfa6bd 8772 glewlwyd_2.5.2-2+deb11u3_amd64-buildd.buildinfo 31cc93ae4d2d16dac497d6b8ffcb0fa5f8784f3a 475408 glewlwyd_2.5.2-2+deb11u3_amd64.deb Checksums-Sha256: 7ef758778c2dd4a51544a00b898ae6edfcd3ec6925b143ed71ae8d32af51eac5 1010340 glewlwyd-dbgsym_2.5.2-2+deb11u3_amd64.deb bba3daa301a20e2d53dbe12ce473e92d2a4c75a357f184f0f6ac76acd1d305a9 8772 glewlwyd_2.5.2-2+deb11u3_amd64-buildd.buildinfo 628c1c2f0ce72eb2d12fc52da70b6659f262c2e669026438415fff13429089eb 475408 glewlwyd_2.5.2-2+deb11u3_amd64.deb Files: 12e6e773c757eb08f9688206c9a15462 1010340 debug optional glewlwyd-dbgsym_2.5.2-2+deb11u3_amd64.deb ba80d169650c5a0b918d45f6bbea5d9b 8772 web optional glewlwyd_2.5.2-2+deb11u3_amd64-buildd.buildinfo bb8823714a8394e45ccd35500f0c9bcc 475408 web optional glewlwyd_2.5.2-2+deb11u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4Unr4QHS5Yi4rr9Q3KGKEAtjIVgFAmaXC2EACgkQ3KGKEAtj IVhH6Q//f2oL1l0zCHpi8PByEOPeZvl6pXnJPun6duYes/Qb1sFSqXBVUaQ3b6KF bPCMUxApZwnqaCC0N6xLre0u78mvTGQ3RJmos1zZmC5Rvd9mfBu4pQfFBoBPhIoB 9FUKCPs5k/bNlW19h64JSCKm/I3PSJM4dV7BQNqgnVRR3xZu3n7CAoHyIO1+SGt8 O4ki6UeCPjtKDkBLepaxIY0lS2hxA/QBbJsm1tnmaZTrtQ0vTycMbe970QsuF4ls f68iJfcM601qbq2D3rLfhIOgiZUJ/q6g1yxbrokl1pOuoN56FdiMO1S9Uzn9ekO/ TAg14/xjEVvw42vB/zB4q4tmDa04D13bve0xXbULQVwWkkpMa8tMrkH+fLobi0a5 lmzv6zsT7yuZJLBw1BJF93VuBJjePuNoLXcQm6TiJAzPMZEeuhjX/xJu/dTeCG1X Uk/JsHnFQB2mXHqK8eMHI2N+znFggpBQsDLEzxZmC4IBXouPUDuK+OMVRfdQ1c43 PuVcaRiIBInP+pZBtSf2gtvRMhZYBx/rlN7IRxeSFWUf5zX0QREJirc/oNrXez6U 16HNXp7oWQCIyauBYTR2xI5mwrz9bwybmXB3reatBO2dK/3cw5+KJ/vW3uSDy68m PQVn90qktiAIYtwqIY6i4pWauQvfltBztBFCtg/xCCFKdgY4MyM= =kadU -----END PGP SIGNATURE-----