-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: amd64 Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: 543820f29c493e211fbc9acf3bb2ab67ceb603fe 18510 condor_8.6.8~dfsg.1-2+deb10u1_amd64-buildd.buildinfo 23ee1c5afafeab7e8b9745f86261e95f39076b16 49852780 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_amd64.deb 8b184eb7aba1361e42a6cd5c65a53f5cb6658e86 328364 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb 2190101da0d9580b1e5c9b5edc604ac018bc7516 3940296 htcondor_8.6.8~dfsg.1-2+deb10u1_amd64.deb 053ba0cde208e52d35d878c211a2af2766771b51 263940 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb 0f25b7179ad663890fc90cf3091c5bacd49381b2 204652 libclassad8_8.6.8~dfsg.1-2+deb10u1_amd64.deb Checksums-Sha256: cdbc430db9c999780977c49be826101492aeae81f7ecb64c23b26c053241fe37 18510 condor_8.6.8~dfsg.1-2+deb10u1_amd64-buildd.buildinfo d239e541890fe3e4ca66aff602bcb7e2ea402b696a5285bbbeb831c635197136 49852780 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_amd64.deb 494146adf94fb87132ed8492454e7e61d171fd42d9ed80b7f1346f53b571d8e4 328364 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb bc965dd09e2900812ad2fcb4f74daeeda1e929472e7d48d45fb559ffd3165922 3940296 htcondor_8.6.8~dfsg.1-2+deb10u1_amd64.deb c19135dfaf80e66a30d93d6652dde9b88d0488d8f5066fb9afaff588b01a22e3 263940 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb aa338db507ded22702c77d12ee6cce4092b70965691d90dcd1343b476d56395e 204652 libclassad8_8.6.8~dfsg.1-2+deb10u1_amd64.deb Files: 2fea324f680b205cb596f7da4298976e 18510 science extra condor_8.6.8~dfsg.1-2+deb10u1_amd64-buildd.buildinfo 6ad9bbdcf3ddb5b22fdf063238483584 49852780 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_amd64.deb fc9aa1f418471602c9967e151277d017 328364 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb f75fe00f8e92edb7d7ad5fc6cefd713b 3940296 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_amd64.deb 06279e44edb76c367ef9579bb8b16e29 263940 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_amd64.deb dee8f2235668dcea65dfafd825ff01f4 204652 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVvgiDm0iTi84B8TiOTy2rP5qAaMFAmKKYTUACgkQOTy2rP5q AaPJGw//QrHCH3ibo+dQzsdT76k0oaPnUZ3HclcG6mCuPFVzEfNCNaCLzysdx64y ClfXVxwne+/sbAhPGFaQ+E0JvSxI73wDr5MmMXSI2XgUd8MlzaskIYqplc9Ub5Hu HhhxsP2B4HN65Y0Tx8Np3k+YvliTL5+irHUXru0agy21Pmi2wt1G66pv4qde1ufP fZhjLt1LdW8zzOH8Y2TSfUaFS9AbX0xchLQUFQ82B7dcqb5WjiML1+dLA0K/dpNf AMXCoE2BY++YJmf339/ZGeedqY5SvDvJhftApAMrnh/waX97ABB3kf7msKMQRe/Q IkMyqjjdjoKjqLNDk7liG4RJ0fBq992E13vRyIeZoc4EojPzbBUJEtw5oYZaEOsW JdkBB/+RHZjGRZr6fKOux2YARqDl/ZMuoYT+apnRMQ2eR11mbrLkGJlzN1sLALA0 m85GagnIeEK92Uy9HZsCTl6yN1+DB029snIZ+PZIalP3tsMOiS463wx/fa8xFg10 xiNfw3TSiQNsXiTAO15akX2EAUHWZASk9a2SRiKdQRIPPS2ANDnhoKCTNVRbxXrd zI58EhND+CDjn5DGWxO/sDw+QOUbEGE1TCKUCIYZXfANifFFPQ7Yedd5zZz4lab1 Lkd/hZ2ZpwCePgEFsPqWn6OqF9YlY3r3aC8nr70c0tuSPpJ7A0Q= =FalR -----END PGP SIGNATURE-----