-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 05 Jul 2024 06:15:50 +0200
Source: cockpit
Binary: cockpit-bridge cockpit-bridge-dbgsym cockpit-pcp cockpit-pcp-dbgsym cockpit-tests cockpit-tests-dbgsym cockpit-ws cockpit-ws-dbgsym
Architecture: amd64
Version: 287.1-0+deb12u3
Distribution: bookworm
Urgency: medium
Maintainer: amd64 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Martin Pitt <mpitt@debian.org>
Description:
 cockpit-bridge - Cockpit bridge server-side component
 cockpit-pcp - Cockpit PCP integration
 cockpit-tests - Tests for Cockpit
 cockpit-ws - Cockpit Web Service
Changes:
 cockpit (287.1-0+deb12u3) bookworm; urgency=medium
 .
   * Add 0002-pam-ssh-add-Fix-insecure-killing-of-session-ssh-agen.patch:
     Cockpit’s pam_ssh_add module had a vulnerability when user_readenv is
     enabled in /etc/pam.d/cockpit (which is the default on Debian). This could
     cause a Denial of Service if a locally-authenticated user crafted a
     ~/.pam_environment file: it would kill an arbitrary process on the
     system with root privileges when logging out of a Cockpit session.
     Patch cherry-picked from upstream (08965365ac311f906a5).
     [CVE-2024-6126]
Checksums-Sha1:
 f43cdc4d8b76afff5f3dc43448bacfe4bddc4ccb 724844 cockpit-bridge-dbgsym_287.1-0+deb12u3_amd64.deb
 be266ebcdbb6112145a56b76adef2a58c7e14260 249712 cockpit-bridge_287.1-0+deb12u3_amd64.deb
 91a8ee65407b71773be8912b3db3cb2064642b0b 218152 cockpit-pcp-dbgsym_287.1-0+deb12u3_amd64.deb
 e87bb40cef2c37a0c46aa1ce3cad50a4c6ba4985 76592 cockpit-pcp_287.1-0+deb12u3_amd64.deb
 fe224a42816b4a89becd299e2a95ba70e65e466e 4584 cockpit-tests-dbgsym_287.1-0+deb12u3_amd64.deb
 d86bbe44b1c4e3fec46402f287992781b9af7e59 475116 cockpit-tests_287.1-0+deb12u3_amd64.deb
 fe16c2c87cb958c6f8cff366433c79db278fb249 462540 cockpit-ws-dbgsym_287.1-0+deb12u3_amd64.deb
 1e6e19da095af05aa8ee033a716d7b486c113c06 811168 cockpit-ws_287.1-0+deb12u3_amd64.deb
 853d83cfb02f382a6fc763ec80228fa91f81e1b3 12420 cockpit_287.1-0+deb12u3_amd64-buildd.buildinfo
Checksums-Sha256:
 0c2ed2f176f8c392c334b931924d8138278f5fe36ad3d57e17b5db7919af49e1 724844 cockpit-bridge-dbgsym_287.1-0+deb12u3_amd64.deb
 8fdd58f6c7f07a4a5097ca8c3b5a03e77c81b8721468c7465e67aecf3a2573a3 249712 cockpit-bridge_287.1-0+deb12u3_amd64.deb
 6e133789e80fc067532c3be6e133a6b646c19207a2c6abfaf76f76c92f2062aa 218152 cockpit-pcp-dbgsym_287.1-0+deb12u3_amd64.deb
 5d37d09180b0d0b5eec0251d5145cc9559ef38d156796185b98656337eda7f0d 76592 cockpit-pcp_287.1-0+deb12u3_amd64.deb
 9ef7ec2a7f3091116784532da4c750342f453cbfa8e1bd90ab437cbf997d27ab 4584 cockpit-tests-dbgsym_287.1-0+deb12u3_amd64.deb
 5a2dc55ab338cc386629b676a7a1924a29d74c5c6ba2470cd1be96975138b82d 475116 cockpit-tests_287.1-0+deb12u3_amd64.deb
 c974ee97d85c6d6b0f8d4d58eb32cfac79549e88597426a3d9c495308ee7e0b9 462540 cockpit-ws-dbgsym_287.1-0+deb12u3_amd64.deb
 635816d9b22d0c341d47f515fdcea1f34a69ccf4d1fc33b77995a874b0ab1f4c 811168 cockpit-ws_287.1-0+deb12u3_amd64.deb
 df4459ade40ce806935fddcc87fbbd499cb3a1354bf71ddb0276b344f378866a 12420 cockpit_287.1-0+deb12u3_amd64-buildd.buildinfo
Files:
 51ad8c55afdb69aeea0c6930e614c252 724844 debug optional cockpit-bridge-dbgsym_287.1-0+deb12u3_amd64.deb
 a09ab21edb30cf6c0c50c46793d3634e 249712 admin optional cockpit-bridge_287.1-0+deb12u3_amd64.deb
 f89774a85260ac6dff74f56c61d9f22c 218152 debug optional cockpit-pcp-dbgsym_287.1-0+deb12u3_amd64.deb
 0a923e7126c68b02bb0cd22765d7d3a4 76592 admin optional cockpit-pcp_287.1-0+deb12u3_amd64.deb
 a2e8fc7f1b59b6324a740694a915bafa 4584 debug optional cockpit-tests-dbgsym_287.1-0+deb12u3_amd64.deb
 729c82510962ac6b0ff9793e3d59fa0a 475116 admin optional cockpit-tests_287.1-0+deb12u3_amd64.deb
 9ef4d8ec977af5f8e5d82408f8382234 462540 debug optional cockpit-ws-dbgsym_287.1-0+deb12u3_amd64.deb
 ad3e9ad7ff1e5f58ec3f6f8b82446bef 811168 admin optional cockpit-ws_287.1-0+deb12u3_amd64.deb
 2fce9413e56d79cfbcb994646e57bb2c 12420 admin optional cockpit_287.1-0+deb12u3_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmazEEYACgkQgDm7h4zf
CpIQbhAAh5rk523UHuAi/YixMSw8fmBGfavq+Drky27xl3ZDuiK0ED4elpdxOt0Y
eIwNvxrIu6j1+xh0v/3H1DxUjH6GIuYOH9sei5zGDMQGjnOq2SS3M1Q3yf4dNWNW
+CDUhWRl01MyOkkKSsGik9CMUt4DleXoRKcu95lG1IoON+dszUpjetAVlHNi/Efr
+AjwkVo4PzkHtGbb7iFE57sHrCcAOX/niDMSktGIjgdYK5fh9zxqCVFEaek7zl2N
BI5UyKWWFRRLRFstSgbfPQ2TxFCutUDq/TOSycOl9JfyHbrjtwrOrwMHLMd2anCL
Z9oxm8R/L+QR86GWuoTMZAd2NEjt7CzAceaMZZK0/gB3UcV2gEHa5QDvXq1CV6p8
p2qlAJp8bwioj4ug8q+Vxe9PRT6G5e48TGz2M2G3SCO9GCpuQYpUKga0KJ8BmX0b
EZiAbPL2QQwMl5/tzxf309VCwHxd8C519bFhyXFk0SFpfAQ1xlop9aV50On8dHvd
duzLiKguHNMMzKppZR46ZcbhW2sUuII4BwJKQr9KkDvYTJttW1Vz6yb471XzDR7V
+TbY4TGUl3dly3XzskAsG9k9/ol0UTZkJyz+zx3nEzTDJbVODVImTJ79KSYSxJ7I
JG1/L7rlTATVXTDIdhhYdG6xp1t7Y4TCPrTIMpStaUZW28IwN2M=
=LGbO
-----END PGP SIGNATURE-----