-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: i386 Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: 9ec27569cbc26ab5fe487f94e2d573f24af28361 18457 condor_8.6.8~dfsg.1-2+deb10u1_i386-buildd.buildinfo 6c4e70456730d7d5316cc364da98f836647a4a36 47713560 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_i386.deb 10d4f9cb068447099cb14e59943cf929a3c76695 357052 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb 92db5cc1c91c595db7b898d40850f9d59785e434 4187856 htcondor_8.6.8~dfsg.1-2+deb10u1_i386.deb 324df24192222c7da33c35ffec31ff435d2b1279 286984 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb 5bfff68910189c679e20bc856cd345c3e0e03fed 225692 libclassad8_8.6.8~dfsg.1-2+deb10u1_i386.deb Checksums-Sha256: b6e28c13ade02072ff8e0ecbb3a07f29ef7530fa60b177aa7cb9bec8a9091a00 18457 condor_8.6.8~dfsg.1-2+deb10u1_i386-buildd.buildinfo fb955303c1a479a659f2ff2dba8f07ad97271d4f7d9758d347c96d7fc7e50d46 47713560 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_i386.deb 34d70fe541a32c39929316bcae5d4087d5c7a726f72dd8ae86fdabe511227cdd 357052 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb ec1a12badc49805d5aad1da68b9b9012ffe11ffa9801e624561705a3c84eb4ad 4187856 htcondor_8.6.8~dfsg.1-2+deb10u1_i386.deb f8fc3d77dadcabca3ede72543dccc85ce57ef78684b731d95a37ebc4825b94cb 286984 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb 21598bc516774f6ff3cb321b411ed8ab7b1131b889e939b3702ad9fbe2be9c42 225692 libclassad8_8.6.8~dfsg.1-2+deb10u1_i386.deb Files: 7a593b335c02645fa9109e4eb66c8685 18457 science extra condor_8.6.8~dfsg.1-2+deb10u1_i386-buildd.buildinfo a707b618be100708492d1207024c612c 47713560 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_i386.deb 35c37c2ebf8a13e020b0a2dc42129c0c 357052 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb 071bbf441d9c8cb282a2e1e27da4714f 4187856 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_i386.deb 60716971ee1245720a4ba5825023a4fd 286984 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_i386.deb 6f5e0368855ba09cc49fa78291ebcb1f 225692 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmKKYaMACgkQSqddLxw5 rsofnw//Xgs4SE4J+cAuMGPW9OFM2yNGh28M7N6ocLw/CAF3nSa9SHA7uapg1oLc CDOwsD9IzVmVRBT67/+l+0MFnKzK9LyKQLHRTafEvXDPu8GmdjSzdndwi3vGk3Zq C+/Q7wK3pNNMpga/GOf8/bHA0YIkj8P+007DMhLkcHp4x6pEi81oAx8cnQSIfGd8 WtAKZMxzElguutLdFXe7fB2dBnVTOR9+45gz4dACUY5ilVwHwOv2UsWCznU8O325 g91cHRPbKVOIyQrriEGAm34ZU+nu1s0peIR2AAVj8SVBhkj0hVMhuT7B00+F1z1y 9F/raLdsB6sXJf11K04BHyqLkyvGLjF1Vd2lPdb4xBnFJ0FxzLs6N/w06yUAuRzH ov9Wxf7fhvd5MOh7n8AvNMYBw3WFzsPQgMysG5z1YZy4ge+0sGcduoFMTF2HQgu3 2+wJP59DqSZobTbbTixtRAr5677XN1Cnflm5tYb00ECgL9XaTqclEwqv431dIVvE PPy+RA0Y0xbAJwuy/sSTfXwDv6LBiD9NOeLjjldXj5LTql8Ck5f0hBNyN2Rt3KVO G+E/yvJSIIwC/xcWPE4qStPcAbgKrRrUhorq1x4TnUKQIbOELPTR4XQ1l+jbCOcr rxLQNNB/FcXl2ObXxzJaHuLP/mxhDLjFwY8thlinS1btC/RKIc4= =5Ke1 -----END PGP SIGNATURE-----