-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: armhf Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-05) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: c0a214097463d756ff9e13539aa244edde7d686e 18369 condor_8.6.8~dfsg.1-2+deb10u1_armhf-buildd.buildinfo 1ed7b6e3c7ae1bfc78b3907aab56c71bae5e61eb 47941868 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armhf.deb 9b5566cd191c40187e52b10228a15dd5be47444c 297824 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb 330f3461b549006f0c4df815436c0582d178673c 3452328 htcondor_8.6.8~dfsg.1-2+deb10u1_armhf.deb a5cb9fd772656a5c55ec5552c22a87f3ce9332d5 238972 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb ca205364bba778661b78a5119132441af97bfe79 172364 libclassad8_8.6.8~dfsg.1-2+deb10u1_armhf.deb Checksums-Sha256: c247a11dc7c761dd918da07e8af5f9595ec9aa1f88ff8e8a5d2b3fc48ca620d0 18369 condor_8.6.8~dfsg.1-2+deb10u1_armhf-buildd.buildinfo 5c0c712005f05514ed2c8178e2a25c0fc681288c0553a33aef090212af73e39e 47941868 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armhf.deb a5bcecd1c81d81aba3e46a59409d0eb4c27b3d9b3ae7338813f15e186f5930c5 297824 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb 938fb9481656a3f10dc014da3686c057dda4e9049edf3f9cf03dfc6682630a38 3452328 htcondor_8.6.8~dfsg.1-2+deb10u1_armhf.deb f8ee0cbd5190693d10588f7fa55c9854f0676ae4a15a6c7197825947ed3c3648 238972 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb 9c5ae186d40b187efc252154d5d74e3d8d25cc6fed3f3d978c60f37d17ad16d3 172364 libclassad8_8.6.8~dfsg.1-2+deb10u1_armhf.deb Files: 5c74366e706a481e41670276ae777327 18369 science extra condor_8.6.8~dfsg.1-2+deb10u1_armhf-buildd.buildinfo a6da16217940bcb225008c42857ab52c 47941868 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_armhf.deb 076d455d4b3ef0bae0ba21665a99538f 297824 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb 81dd6dd3b3b7591bf4b5046ea32c7de0 3452328 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_armhf.deb efec793814bea90d769eb4b02ebd73a9 238972 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_armhf.deb 805000b7f7deb5d7a5f80ba5de715ede 172364 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEENeV6qeDMB6P9VCdeH0ozZaRgUaAFAmKKap8ACgkQH0ozZaRg UaAJNRAAmKWiSVEpLZkhGFdVnHD5GYl+2UPbc0iL+EPzF8lIg5vsoyr80/jF2Wil /vMUFO6b2dTGFl4sE9otaLnnJfaVe+6WE/dMuOdMvOh1/dBRyUaIWau28A+VG8f/ drxqZOweHiKmNH2+0xgjsPYCj5QuFdr87fgTwhLKkH+s0inTHoPyIU3yslTAJ2Ih NzzN8HeMaV1tcCi6r13Z9r//7qNJHRJjAWYXWWPkGiGsjHmeOCK2w8wV8bvZg3R7 IOgowhmcxOqfD7MlhW18vn5LNsE/vKAEd8OoZr+eeqpGXeYMIzUoCnf1Px3OucVY lg/unS6tWj+fnO1c/g80AVt/NOBz7ZpMrNqzDlQvhTtW0EqvtMb+sZNditBVjarJ reRIqJH4BEEP2vZa+eFHmQeztHyrWoGek52j+unVzCFWducz9bTRi1AkCKYUIUOi vg/D6497s30HIlzgDiYp41D0gQafqDDJOnRSImKFcD4p/1sR4BqzL7qjEsZMZhV5 Ra4VWgIwUBjLKPsF691r2gjK0F4Vf7Bg1Ni8zSvkXcehRlc5wkNkh/ID4IjsN2I6 v46OW+yB/Rno/g+WQUiB6gREyLP4JUJ/VXSbQiOhe/q+FP/hLKewePtJMc6RqHM4 mntb1ZnAa42OLn4gRyCOWMR5uC2t7ys2mfIAK61WvGN7wXi9nTM= =sf4i -----END PGP SIGNATURE-----