-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 22 May 2022 15:57:10 +0200 Source: condor Binary: htcondor htcondor-dbg htcondor-dev libclassad-dev libclassad8 Architecture: mips Version: 8.6.8~dfsg.1-2+deb10u1 Distribution: buster-security Urgency: high Maintainer: mips Build Daemon (mips-manda-01) Changed-By: Markus Koschany Description: htcondor - distributed workload management system htcondor-dbg - distributed workload management system - debugging symbols htcondor-dev - distributed workload management system - development files libclassad-dev - HTCondor classads expression language - development library libclassad8 - HTCondor classads expression language - runtime library Changes: condor (8.6.8~dfsg.1-2+deb10u1) buster-security; urgency=high . * Non-maintainer upload. * Fix CVE-2019-18823: HTCondor has Incorrect Access Control. It is possible to use a different authentication method to submit a job than the administrator has specified. If the administrator has configured the READ or WRITE methods to include CLAIMTOBE, then it is possible to impersonate another user to the condor_schedd. (For example to submit or remove jobs) * Fix CVE-2022-26110: When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. Checksums-Sha1: 8f5e7cb4117d141271105148de6bb0dc1c3d88bd 17733 condor_8.6.8~dfsg.1-2+deb10u1_mips-buildd.buildinfo b78ce8202b11754bfa2d16604910644cc9a41199 49566908 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mips.deb 994f6473e8c8abbb4f06d1e400fc09e90a3f87c3 351632 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb 0afb9730d0f85d16de614ddf23ea95e2276be072 3463172 htcondor_8.6.8~dfsg.1-2+deb10u1_mips.deb f65a79b1a781ec2c3b622874cdb57475436304fb 274476 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb 1bf8a5ae19fe3e7fd808d1be044ea6f731ab03c2 176604 libclassad8_8.6.8~dfsg.1-2+deb10u1_mips.deb Checksums-Sha256: 5abdfda8c0664261a4594f85bb7953fe1d4f58fe6d1486c0c907c8e0ff8b8ad8 17733 condor_8.6.8~dfsg.1-2+deb10u1_mips-buildd.buildinfo a8497c178919e0d2387db60e37de7039bded6953d852bcca447d5a5b0de1a139 49566908 htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mips.deb 135109c9cb3c80d187413ae502781454695f806d4b8e4a19fdb3f3d2514a998f 351632 htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb d2756c8b5ff35b7ec7c1eb74cf1cce07a8ec3667fe4de9d90f0e357d7cef0919 3463172 htcondor_8.6.8~dfsg.1-2+deb10u1_mips.deb 7caf27348c3009bd2dfdc4b38cfca3b9eb26d590474fcc194c933fd7edbff301 274476 libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb b8eb9f27183d7b273a4aea404a5022ab6296a4c32bc36d8595fa9b1a74c6c59f 176604 libclassad8_8.6.8~dfsg.1-2+deb10u1_mips.deb Files: 496fc41a4efd0be4b812e6f2f593e7b4 17733 science extra condor_8.6.8~dfsg.1-2+deb10u1_mips-buildd.buildinfo ba04db1b153dc31a70d5891ce69500d0 49566908 debug extra htcondor-dbg_8.6.8~dfsg.1-2+deb10u1_mips.deb 1032ee32057d1a8d321293ca0bd9a900 351632 libdevel extra htcondor-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb dd07a8a09ff5a26c594ac4bf3598c204 3463172 science extra htcondor_8.6.8~dfsg.1-2+deb10u1_mips.deb 7437c6759398942b3984caa1a86680e1 274476 libdevel extra libclassad-dev_8.6.8~dfsg.1-2+deb10u1_mips.deb 20029480f07fb884e61462c9d89c5d7d 176604 libs extra libclassad8_8.6.8~dfsg.1-2+deb10u1_mips.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEevYDcCpw+gxaAIfyzhCNGbK1Cr8FAmKKh5wACgkQzhCNGbK1 Cr9cwxAAtWMfucM8kDas2lzcgn4kmbUw5A/c5z0Qk+1cuSA6Mi64DWmAmhn5AkVZ 1kKZaZl9ToZTlkLElMy6BEv15Vc2W85GXGCmFNKJ/t5q4eiHRfbHlC7H9wmftKBK Jd3xmsFjFAehyoOvK4FVaSmqMDo36R/1eEC9Ct01y7N/bRtjRIzWJksW6/4ZSuwa /xv5VM/4BO07iAqcwSvxOOYAmHG77MhRw2X2lNiyNz55mTgy5jgXLrGsEXUJRTVd hEGPOAX3FGrpZRmOgqw7GHpp/TDmfsoGYQj0dxpEc9rKDTIWtoGdxv2RRynJQ70/ J3kgbAyniHt5CiFmKkXZxlO7l9/0y8Qtn6pnXJnGMom06G7RbffEvLqPCrM9C7DG jyNKXD3xGLvOA0ZsvYLASEyoXJazjssE9tMomWeGf8gx1R39NY10UqqIDRXWNqFz 1i+ReKc4YmJUsoTZAlp8PNoMoe6z0N0yKTjj7T2vKQwy8Yuf2BLpn95LINEgEd3r PxAw4hkjn4CjoxlspGHqpp6HherZOirBex3wJJkFi7XYS6nbq68rCJ3kvtFI8fps dL3SbL0ompmpQSdd8rqqhQBOT8ISGaIqnSi3j6l0I9SwMkltUcFlVWqdYrzTK7lx P4Vou7Cdne2F3ECiUatK+QS9lsuOi9NZzGK0CxSVR1EBJsIF0uc= =RZuz -----END PGP SIGNATURE-----