-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: armel Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: armel Build Daemon (henze) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: 1c74654dc418b66cbb25c8d97cfdec099e929f63 17818 condor_8.6.8~dfsg.1-2+deb10u1_armel-buildd.buildinfo f47f1f2ea6d5f6f6cd7f404f1252755de9dd376f 47736328 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armel.deb a27f73b588552e1a04a6c01d2aec17e764546b3b 295412 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb ce741af842040514018131a59814f7b8f53cb386 3349328 htcondor_8.6.8~dfsg.1-2+deb10u1_armel.deb 4100b4767bef57b2596efd9002d8d55d1c07aea6 236048 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb a6f075e73441256488644d6d89c1569150d187b9 169076 libclassad8_8.6.8~dfsg.1-2+deb10u1_armel.deb Checksums-Sha256: a0ba5227367ba7d5035addadebaf2050b51cdce5b7b62711ba179f75a567cbf8 17818 condor_8.6.8~dfsg.1-2+deb10u1_armel-buildd.buildinfo 10ac680bc762b0c02552a3fa79f931775cc31f68e54ab990907a8656f12c25cf 47736328 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armel.deb 5600bd2314d19b39489b893843395572c9c7bf47fb9b12321d5566db3f5b33ac 295412 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb 6f027843d95bcf4f2c71425dd341e523842a6c9f32cbf3099f40f29e797f6001 3349328 htcondor_8.6.8~dfsg.1-2+deb10u1_armel.deb f10a6a008aa095891d5b31b5c81f54fa488e862ec63e070ecc7d103b2f1124ee 236048 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb 2cde5885933de924f149e02ee0dafcdb3fe07888368e37c1fc20d0cd1faa00f1 169076 libclassad8_8.6.8~dfsg.1-2+deb10u1_armel.deb Files: b7801910be08f2947487933f7059136a 17818 science extra condor_8.6.8~dfsg.1-2+deb10u1_armel-buildd.buildinfo ca29039f8d0775b8d89f355cead63295 47736328 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armel.deb 4a44bcc007839756eb30dd2b8d18612c 295412 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb 368b372c7da4c31c53c9234b4302840c 3349328 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_armel.deb 04c305dc119994b2da0002c6a520da4f 236048 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armel.deb 7cd119af63dc07cf13fcca012afbb82a 169076 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVPHpW6K+Ix5+kJfUTXDEvCvwbI0FAmKKhxcACgkQTXDEvCvw bI2K7w//egbWi6KpbZg6Cvzxq46NmKZpDNZXsYlawwRSCW9J0ahA81QhIBIfPJgE YARNOp7872c9mbpk4VMb816h/2g/SLpAycPGHBG6aLB9yhuQY9cjVUx2YRI6hxOx pvf+jRToAzqDprg0Lsp+J5yXMbh30k88G6ejjqYNBCnV9JyJa5VK5BBIDvZTgkrY HKpXA2kcl9utk66x02UtWsoh1H09Z/GPOafS86QPvaJscyRSG+3vYGu4kG0fcuER Tjnb/LCfUi45r9Q4aSwE4/+Xduf1Up8dX+CvlaKSsppWmln3iSNIZmYmjthBz1Xw pFmOluMtDpt9qfLFDpqL3CpzKQoA3oE5WHiP8FZFg9AmizGFaoRotddLKLcHFK4r Pk8Y/zCEwtAD5+S7mYK95cOc7+A1ndx204fFltPApG7gfix3t/l2LjRvgPDTDJkE NHFI2Px4PLy2PCPsxP+X5yWV+3C541yLr8KANNPa6rlCs8ewisoZ0lzP+oNwyIXZ 7dBnjhPIa3RqgRU7JJWmd8R0XnLJRSgyVYoWuGRbqxtxW6nhYk7mOYy4pZcVy9x3 GpohsbdUuX03eRXi9TKTaA7amg2XE4yT9RlOQsqh1uHjJt+6nC64thKqDPAOI7EB OE+EvWV/wzeGO9GPCmIyKxJNTuiTp11q7VcGg0wtLaxB//8jMWA= =GPWc -----END PGP SIGNATURE-----