-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Dec 2024 21:19:02 +0100
Source: openafs
Architecture: source
Version: 1.8.9-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Benjamin Kaduk <kaduk@mit.edu>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 1087406 1087407
Changes:
 openafs (1.8.9-1+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * afs: Properly type afs_osi_suser cred arg
   * Theft of credentials in Unix client PAGs (CVE-2024-10394)
     (Closes: #1087406, #1087407)
   * Fileserver crash and possible information leak on StoreACL/FetchACL
     (CVE-2024-10396) (Closes: #1087406, #1087407)
   * Preallocated buffer overflows in XDR responses (CVE-2024-10397)
     (Closes: #1087406, #1087407)
Checksums-Sha1: 
 68dfccb2fd0858033620dc4717d90c695bcfe752 3940 openafs_1.8.9-1+deb12u1.dsc
 3f28bcc81cc5b9ef9965834315a151210af71704 6747280 openafs_1.8.9.orig.tar.xz
 3483d1b494cce12a44664f3d1029652d6f1087c4 167372 openafs_1.8.9-1+deb12u1.debian.tar.xz
Checksums-Sha256: 
 7bc29d364031e12cf3c998fc74ab976f5672633d4e20354a1ab96a75b9d12638 3940 openafs_1.8.9-1+deb12u1.dsc
 ec57e048e647c8e65d079f0363ce451b7a1ee578ce707f2df1f9a1e2e9f0fa5f 6747280 openafs_1.8.9.orig.tar.xz
 e110ec333768063bdb922d1b96e6ceadacd6149c75f44b42bdc063d7354f8930 167372 openafs_1.8.9-1+deb12u1.debian.tar.xz
Files: 
 65ff20aaa209609da08204ea93626d3c 3940 net optional openafs_1.8.9-1+deb12u1.dsc
 6ab6eb8a47dd0df6a55863036be73b34 6747280 net optional openafs_1.8.9.orig.tar.xz
 ada07afdaf5de9270db0dc7f127e08d3 167372 net optional openafs_1.8.9-1+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdtXrpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EB1UP/2Dj77OwrI42V7SCvwkxRQlQI0xaDw+7
7/tC8oa891zjUZfm2TsD8UXvQ8bjZBD/lNrpP9n6vGdq3Am7jpG6O+K0+yg0g+Kg
YBxSaGRkzRXIz3niOG1ojZpgTAZ60rsLNMr+tOyIdvtC2IoCPEDY4Manqp35c9tc
LrcmE+idojF3HJJ3A0TCvk6Z9seTdyxYqRQp/abTndksBrk4URoi9P9e9/Y8w4Sr
Irw88GDyV7DWMLmXx1fknrHjExEKg4PxpCzc20sPw7pTFs2nPsmzQ8Oyc6uNg5+s
12ygQX5QphofzkhUKgLjbj7s+XRwpOPFPeNNJ4BhfHvLEEIHY3tgio1absKPg9SR
pBpbKyfb72DbYlO9VxuFFJyxQmTYr467YWzJpT61XMirTs/4iwlLXJPciPpweG8A
GsXiiM3ZsKE28qV1hDgPMuRM76XP43+dmsT+qXPqkAE6By3Y3TsdSd5shaAxshMt
rQIZZxqlCeUOwLPXzJ0dNaKmTn2AWFrRM9aA5C/SoUBFnUWvc2NaBiuh8wb5ZB/c
KDUSPmQjZ3Sw7zKDgetCmHI/uYjs5K5fgy9hWkYd2xZC9Dh3gTAKRMMM4/cHrygZ
bxLM7EwFN4xEZ+z05uodib6S+QDnXevyVfTUcQUql7V6kKP4AB9jBFHfMgS2xeEw
jDXbcH+bABOG
=rl96
-----END PGP SIGNATURE-----