-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 14 Jun 2026 12:12:16 +0200 Source: librabbitmq Architecture: source Version: 0.11.0-1+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Florian Ernst Changed-By: Florian Ernst Changes: librabbitmq (0.11.0-1+deb12u2) bookworm-security; urgency=medium . * [004421c] d/patches/CVE-2026-44235.patch: added from upstream. Fix out-of-bounds read via undersized frames in amqp_handle_input (GHSA-9mmv-r8g3-qp46, CVE-2026-44235) * [2dda700] d/patches/CVE-2026-44236.patch: added from upstream. Fix client crash when server negotiates frame_max below the AMQP protocol minimum (GHSA-jh48-qjf5-fx5v, CVE-2026-44236) Checksums-Sha1: 3a57b5b55d65a611dea49d213cbd6022b1e8b2dd 2130 librabbitmq_0.11.0-1+deb12u2.dsc f1786acb5242ec2f29a0f39f84bcd3c3760eadac 145638 librabbitmq_0.11.0.orig.tar.gz 20e45e692251c0cc9b608664605750d5e3154659 12848 librabbitmq_0.11.0-1+deb12u2.debian.tar.xz 985211612b2222a8adaf6b02804bdcdd1c2ad226 5392 librabbitmq_0.11.0-1+deb12u2_source.buildinfo Checksums-Sha256: df615a7cafa454087e0e95558fa6d8009cda02ddcbb46ccd36807dc395842920 2130 librabbitmq_0.11.0-1+deb12u2.dsc 437d45e0e35c18cf3e59bcfe5dfe37566547eb121e69fca64b98f5d2c1c2d424 145638 librabbitmq_0.11.0.orig.tar.gz 754b02e139f28166ad83808d3205bf6a6fa0488c1d58f21aec52257b6caa7a77 12848 librabbitmq_0.11.0-1+deb12u2.debian.tar.xz 7b874f1db64ad29c71de51f50bb21701ea212d9ed1830356a5661f9a591de688 5392 librabbitmq_0.11.0-1+deb12u2_source.buildinfo Files: 41bb03c370ba0489eba344889038b85b 2130 libs optional librabbitmq_0.11.0-1+deb12u2.dsc e7d9896577aea6351811d7c1d7f0a68a 145638 libs optional librabbitmq_0.11.0.orig.tar.gz 0a1b74366167bb94ef9f331eb797db51 12848 libs optional librabbitmq_0.11.0-1+deb12u2.debian.tar.xz cb915420df241b293578f3fce9c18e29 5392 libs optional librabbitmq_0.11.0-1+deb12u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmpEELkACgkQHpU+J9Qx HlhO0hAAtLH6M5M2lQto/df0SI/RFtiblSNGpIkZ4cxNafJx+wGyJJ/3mi5HHK4j OA14lIC96Iv23DqdqpE7K9NOIgqcYmWixSQncbnBx+pjs1aFvqPeR47zJISL6fAs VigtLItLi4W+AevF+M2gVdcKIlkn0qmx0MJCzPWRZHhB0jriXhsNhQrMWBONZ00a lSGF6zKwQbaEGF8Lc782MXLWetlphqeUPrlg4+UDgWR96GsmOsQIs0c8hVl5h1C9 SERHaZkFDcLHFUJzlmNpZ9ZJbbY5sWkYuxnojTdR2HRjem22+6DTjx7ye7wiGYWy TTEJRt9FEmG07gTB3Ss5cSIvdrbmZjQahOCKbZk0q25lYqohWZud7IG3QIzOHm9V r8gbtXTQK5BnkiwgmkCOE3jr/YtrMWtYVDW22+F8W96s7CiurnvRXspg5OGsNjey pcXJd4YKLho02tuzxVBiAq//OQtu9eA5jxHo+9+L7P5CP+SaQ7/1z808OhLUMvox h/CxFMm4Vhr4Lh+bjE3l0Lh+Tt0Zd4/0bTjeabFV4s7u8WLBcoUftKfzOvzcrsVk 7e51119HLO5ukQDquHnZvCeI72TdN8Z1h1B9voTOC5aIgaCqw0OkM8mUYNQIjllD 3uwtSKr/tbzDHFU5/sW2/wa8A2+6flrPduDxCX/id3Eow6Bl0Gs= =Ba2k -----END PGP SIGNATURE-----