-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 10 Jun 2026 16:29:23 +0200
Source: librabbitmq
Architecture: source
Version: 0.15.0-1+deb13u1
Distribution: trixie-security
Urgency: medium
Maintainer: Florian Ernst <florian@debian.org>
Changed-By: Florian Ernst <florian@debian.org>
Changes:
 librabbitmq (0.15.0-1+deb13u1) trixie-security; urgency=medium
 .
   * [b57bf8d] d/patches/CVE-2026-44235.patch: added from upstream.
     Fix out-of-bounds read via undersized frames in amqp_handle_input
     (GHSA-9mmv-r8g3-qp46, CVE-2026-44235)
   * [890d6c5] d/patches/CVE-2026-44236.patch: added from upstream.
     Fix client crash when server negotiates frame_max below the AMQP
     protocol minimum (GHSA-jh48-qjf5-fx5v, CVE-2026-44236)
Checksums-Sha1:
 f267eb03c3230ceecd541ef27675e913a239c6f7 2116 librabbitmq_0.15.0-1+deb13u1.dsc
 26a1d0f61fa1198cbfd22cb246e88f667bb8299e 131818 librabbitmq_0.15.0.orig.tar.gz
 6de1b67fece394acbf52167d16f57f619a0621ac 7620 librabbitmq_0.15.0-1+deb13u1.debian.tar.xz
 5c7bffff3303953bbde34a5a19ecdcdf13e47e09 8446 librabbitmq_0.15.0-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
 d4a801822790c68a2c37ccb3650798545bc1ed58af31acd697c103f710e11f80 2116 librabbitmq_0.15.0-1+deb13u1.dsc
 7b652df52c0de4d19ca36c798ed81378cba7a03a0f0c5d498881ae2d79b241c2 131818 librabbitmq_0.15.0.orig.tar.gz
 66f27f57957c5a2b453f845155ae8435b851c1e202e6fab922e54e358076186b 7620 librabbitmq_0.15.0-1+deb13u1.debian.tar.xz
 e3a21e879720383e00db5f3c5071794527897d52786778f03053ad80cd2a6098 8446 librabbitmq_0.15.0-1+deb13u1_amd64.buildinfo
Files:
 1841f5eeffad2bc2b626cb6f045b983f 2116 libs optional librabbitmq_0.15.0-1+deb13u1.dsc
 719e96cb3cd9e2c16f3e9cf3b47b8746 131818 libs optional librabbitmq_0.15.0.orig.tar.gz
 8d7d00401122e906c8f1ca9fde18beaa 7620 libs optional librabbitmq_0.15.0-1+deb13u1.debian.tar.xz
 0ea5dcc88d2613fbfd92abd7c203d814 8446 libs optional librabbitmq_0.15.0-1+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoqw5sACgkQEMKTtsN8
TjZZ1Q//WKFHWshMHXSJXC53BBcPXGJmpCGo82JnsQ6+pDlFSjeNE07Wae6MUvM6
+zld01FVTLq2uAQxNd1cA3hRl0Ropo9llHzbAtfIyMUthZbEXvB+gm+NzFGpslXf
g6pPdiFokfQYds4CEddC3L+EJ3tZvYa8ZooiopYuXiLVxdN1LDG1vX8MyDNx90Zg
diTGTON+X7G/yMZPvFoBkiqsoHEwJOyouitOChXn4ZWejgZ2851IRp0lXC/Z8N8F
c8G4Nz9SgnGW4nWJ6FaoUG9mjSGgffPDDkNyoROmShd+deYC4TN+NwQLcbmcx+tv
WGR2eBGKc/XmohopBC38rrjE6twpoydEc2A/oi//nAIvYZCXFToXKMYfduLdA+aF
+aEj6b8zXpGL0vlnNPaXHBHvHVgBcMS48Aon4+FAeONk70+/hX2INVbko8aQCzBt
eh5AxHl+LHQClgjlw8znjk9nXObipNXErJJyluwj8T1w8+gJQyhLl+e8RF+ovK2f
zKmREpF0gp7zAzIZUiAX8/mVOueNeJQRNDbuxzuyQw50A/+951Rt+/9xSm7F+OqV
dgTuGCvQ6OqM3N7ZDWxGWU8pZyGnLQwTHbbatUNWQyTu/Z4JB8c6wWpFGGdIFxps
Yzdt9S4ExyGr8gfwHPN5sv7YPw+ReRwn5n4fAq5QYjAxKDn2Nag=
=fcUw
-----END PGP SIGNATURE-----