-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: arm64 Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: e21e5ad5d256cd6c498cb9baddc781d8603f7d09 18417 condor_8.6.8~dfsg.1-2+deb10u1_arm64-buildd.buildinfo 299d525766636f4c2668195c60b275654ea5a592 48776064 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_arm64.deb 28e655296a9e2de468505f4b204ef0577e00a455 315628 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb 67a7b16c6835492cbaaca3cc1ba031fbb880ad4e 3558800 htcondor_8.6.8~dfsg.1-2+deb10u1_arm64.deb 90da2a7b9c0978db13cc76aa174e6d8df00d8264 247252 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb 181615a010b2c4d67d0757b40e1e9523a0d150f8 181996 libclassad8_8.6.8~dfsg.1-2+deb10u1_arm64.deb Checksums-Sha256: f8d15e4fb612086c8427bace959b60bc32be85f0a70e2167a0b158279ea2fd5c 18417 condor_8.6.8~dfsg.1-2+deb10u1_arm64-buildd.buildinfo 9ea2539c820f9fb892d2b28477a06c1d6c03b24b796e1b84b4da8d6718cfea69 48776064 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_arm64.deb 2416280f4bcf0c7fe532fe08184d858bb687d028d961b715d4a97af5d6ccc938 315628 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb f4cfdbf8bb52ffa4ba4deb21b6663c7a5d096f804db847d58c9fbfd8b867676b 3558800 htcondor_8.6.8~dfsg.1-2+deb10u1_arm64.deb d6465b11a407e71f72892f3c03cec5dbd626a2776e3337a7ec218bfe2ad99acc 247252 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb 0e6e2060e6ec6353780054d7386c47bc1337a7b87924f4e67f03d009be59f267 181996 libclassad8_8.6.8~dfsg.1-2+deb10u1_arm64.deb Files: 6290af37a4e1d523f8f39e9ab84424c8 18417 science extra condor_8.6.8~dfsg.1-2+deb10u1_arm64-buildd.buildinfo d72de00ae51527368d74af40dee84950 48776064 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_arm64.deb 6e8e65b0e00e95daab24727c314ac7a9 315628 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb 3b1826422984267b30c777f0284041f2 3558800 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_arm64.deb 25b3a4be1017eb4fcce4bb1406c9f882 247252 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_arm64.deb 3a1d18815cbaf6f13fd55bc8ed0a99dd 181996 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEk6cQMJtJmFPeb+VMFbDY0NpL5FYFAmKKaWkACgkQFbDY0NpL 5Fbzlw/+Iak3hjihtjRiyJOZHbGx8W1YytA69Gxhvjyr2migljoevwMKx8WdRKXS 0qE2XPccKyBvoZmjA2ZK9+RvdjIRh2Xw7WI+OekzKUPTHomj/lfQRNymwYGXaivf 0ZxQpxhM4xH9VzNR4jVpxVqAazajxmynvaZ96JHYnxUg1oVdkZBcJYWiDV3I+vH/ R+h62K4iy7w/jG5qB1RTX/c1RzjDOybSwhN+8vJ7l6xofMiHL0YvlgXdcC2q1RPR vBfiKRrPz44mkIYeevi+lA7+xm6L5j7ptHxu9SauQZ3jAKaDAlbF9XM3UvtHJrHp gxK8j45uORQeybwqVLtaGoaTXljgkl0x7idzPhXoS+Y5gAldn+tsWfocP+E16i9A SiUDbN+diiKlgMdVcllJCnt3uM0kNpKN5VobVZ4n+eEtMYAPwhDyMRfVz8rZQT+h owOUxQtSePzKk/Nvbxt/fURi1tcRvlG/hkhgyja8oMKLTCaqrRJ5s3s36n2uIB5T c9BDjVwHB7Vw8hS4exTTZzxqZWbKkDHFsDFP1tDzBwbvvRc1GPtTVAoBp4TDpWg+ C2QSYWo1bGxYpS4xeS3NBB0niuW/BaL0xLx+1DDA8FHiuFvFIWFxgQQkKLm4Hph/ z2ly+8BAOMq3/1uwf9N+jPXbQ6mHG8JKjaOKbU4T0u7aDLvKpPI= =RpVC -----END PGP SIGNATURE-----