News for package bzr

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 3.0 (quilt)
Source: bzr
Binary: bzr, python-bzrlib, python-bzrlib-dbg, python-bzrlib.tests, bzr-doc
Architecture: any all
Version: 2.7.0+bzr6619-7+deb9u1
Maintainer: Debian Bazaar Maintainers <pkg-bazaar-maint@lists.alioth.debian.org>
Uploaders: Wouter van Heyst <larstiq@larstiq.dyndns.org>, Andrew Starr-Bochicchio <asb@debian.org>, Jelmer Vernooij <jelmer@debian.org>, Vincent Ladeuil <v.ladeuil+lp@free.fr>
Homepage: http://bazaar-vcs.org
Standards-Version: 3.9.8
Vcs-Browser: http://bzr.debian.org/loggerhead/pkg-bazaar/bzr/2.7
Vcs-Bzr: http://anonscm.debian.org/bzr/pkg-bazaar/bzr/2.7
Testsuite: autopkgtest
Testsuite-Triggers: ca-certificates, python-lzma, python-medusa, python-meliae, python-pycurl, python-subunit
Build-Depends: bash-completion, ca-certificates, cython-dbg | python-pyrex, debhelper (>= 9), fdupes, python (>= 2.6.6-3), python-all-dbg (>= 2.6.6-3), python-all-dev (>= 2.6.6-3), python-configobj (>= 4.7.2+ds-2), python-docutils, python-lzma-dbg [!m68k !powerpcspe !sh4], python-medusa, python-meliae-dbg, python-paramiko (<< 1.12.0) | python-paramiko (>= 1.14.1), python-pycurl-dbg, python-sphinx (>= 1.0.7+dfsg), python-subunit, python-testtools (>= 0.9.5~)
Package-List:
 bzr deb vcs optional arch=all
 bzr-doc deb doc optional arch=all
 python-bzrlib deb python optional arch=any
 python-bzrlib-dbg deb debug extra arch=any
 python-bzrlib.tests deb python optional arch=all
Checksums-Sha1:
 8bf0b1d7867528e078484cf53a2ab6b879f36b18 10945598 bzr_2.7.0+bzr6619.orig.tar.gz
 be438b1b7afbd84b8af8bb6133cdbf99c375a0ce 92072 bzr_2.7.0+bzr6619-7+deb9u1.debian.tar.xz
Checksums-Sha256:
 a0192999245457fbd564702518bc96453ac0f9b38ea031a466679839b346fa14 10945598 bzr_2.7.0+bzr6619.orig.tar.gz
 c59743abd33483852c1fdc0647a96599e8b7adccde266b32fc78f639e369584d 92072 bzr_2.7.0+bzr6619-7+deb9u1.debian.tar.xz
Files:
 a310bda70f391bbc299d0b9d38c1b41a 10945598 bzr_2.7.0+bzr6619.orig.tar.gz
 8728b74bdea6ba958aca5c16b3a985b9 92072 bzr_2.7.0+bzr6619-7+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlocfvZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EnL0QAJjAbPuR9L1cCtc5KZ1hdnVVjy+eEa2M
X7nthcwcjnGl9xkx6qBBBb71Oy7o2PdTKzmiWC4maKyv2QwD96St4S6KmLWLFirG
m0yFFobC4BfGU6yH9Q2UKbd9L3C51hJ5YnMc32IHbUJw0RHJn5zk/lvN9+jbC6JH
RJwFsTQzaDmnSIPLA6wkqe+9Ks3flUGK6ydq72L3FvMvtvc32oqffE/c16OGG1Qf
D3QJK4pVZCUbSiUB+eYj3xKaiuIKB/FPXeNNvsp+pruRl19/Fb7f5bTFknocEodX
NDbLYUg37xdmds4Ns9ZiWiryOa+IPGgb5b4ZSdMHw0ggkedbclG/RqJys66rnxcI
wNwzDGL9Zz3QbotibSmNVX5kek4Qe+vTmdWcweGoYUirY1Yb7gxbkcHSk42AUm0R
eoYj6ntxZSwb7be12VnyFXgK2eQlM91KPY97j+bcJpW4UCEgsuz0gU9gtgkxeiV4
ZxetUnuMYk8H1pc8K4JAhUNxTkjq+jm/T1iVXL/x01iWqRnrFfUlMfyQRnmuUFqr
VFx8COv0U3bQSii52ncYVVw+8mdGJgPb7mQdu0oF0BNKn34/PDTCGZODEsNmYhzh
2sxZpKeGKFKE4Mj+RbmjjLJMVWZU60b/k7+m3n++0YvlgURii2cOovHNlHewR5gl
Ndd6adaxcAdN
=3Ktv
-----END PGP SIGNATURE-----

<span id="changes">Changes:</span>
bzr (2.7.0+bzr6619-7+deb9u1) stretch-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * Use 'localhost' rather than '127.0.0.1' in SSL certificates, as the latter
    trips up pycurl (Closes: #868966)
  * Ship a refreshed copy of the ssl certs used in testsuite
  * Prevent SSH command line options from being specified in bzr+ssh:// URLs
    (CVE-2017-14176) (Closes: #874429)

 -- Salvatore Bonaccorso <carnil@debian.org>  Mon, 27 Nov 2017 21:12:18 +0100