========================================= Sat, 28 Oct 2006 - Debian 3.1r4 released ========================================= stable/main/binary-sparc/libssl0.9.6_0.9.6m-1sarge4_sparc.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-s390/libssl0.9.6_0.9.6m-1sarge4_s390.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-powerpc/libssl0.9.6_0.9.6m-1sarge4_powerpc.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-mipsel/libssl0.9.6_0.9.6m-1sarge4_mipsel.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-mips/libssl0.9.6_0.9.6m-1sarge4_mips.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-m68k/libssl0.9.6_0.9.6m-1sarge4_m68k.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-ia64/libssl0.9.6_0.9.6m-1sarge4_ia64.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-hppa/libssl0.9.6_0.9.6m-1sarge4_hppa.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-arm/libssl0.9.6_0.9.6m-1sarge4_arm.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-alpha/libssl0.9.6_0.9.6m-1sarge4_alpha.deb openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/source/openssl096_0.9.6m-1sarge4.diff.gz stable/main/binary-i386/libssl0.9.6_0.9.6m-1sarge4_i386.deb stable/main/source/openssl096_0.9.6m-1sarge4.dsc openssl096 (0.9.6m-1sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-sparc/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_sparc.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-s390/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_s390.deb stable/main/binary-s390/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_s390.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-powerpc/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_powerpc.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-mipsel/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mipsel.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-mips/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_mips.deb stable/main/binary-mips/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_mips.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-m68k/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_m68k.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-ia64/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_ia64.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-hppa/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_hppa.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-arm/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_arm.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-alpha/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_alpha.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/source/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.diff.gz stable/main/binary-i386/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8c.1_i386.deb stable/main/binary-i386/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1_i386.deb stable/main/source/mozilla-thunderbird_1.0.2-2.sarge1.0.8c.1.dsc stable/main/binary-i386/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8c.1_i386.deb stable/main/binary-i386/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8c.1_i386.deb stable/main/binary-i386/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8c.1_i386.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8c.1) stable-security; urgency=critical * various security issues addressed (aka 1.5.0.7 backports): 0001-no-mfsa-CVE-2006-2788-321598.txt 0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 0007-MFSA2006-61-CVE-2006-4568-343168.txt 0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 0026-GetDepth-without-DEBUG-in-BlockFrame.txt 0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/source/mindi-kernel_2.4.27-2sarge3.diff.gz stable/main/source/mindi-kernel_2.4.27-2sarge3.dsc stable/main/binary-i386/mindi-kernel_2.4.27-2sarge3_i386.deb mindi-kernel (2.4.27-2sarge3) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/source/kernel-source-2.6.8_2.6.8-16sarge5.diff.gz stable/main/binary-all/kernel-doc-2.6.8_2.6.8-16sarge5_all.deb stable/main/binary-all/kernel-source-2.6.8_2.6.8-16sarge5_all.deb stable/main/source/kernel-source-2.6.8_2.6.8-16sarge5.dsc stable/main/binary-all/kernel-patch-debian-2.6.8_2.6.8-16sarge5_all.deb stable/main/binary-all/kernel-tree-2.6.8_2.6.8-16sarge5_all.deb kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/source/kernel-source-2.4.27_2.4.27-10sarge4.dsc stable/main/source/kernel-source-2.4.27_2.4.27-10sarge4.diff.gz stable/main/binary-all/kernel-doc-2.4.27_2.4.27-10sarge4_all.deb stable/main/binary-all/kernel-patch-debian-2.4.27_2.4.27-10sarge4_all.deb stable/main/binary-all/kernel-source-2.4.27_2.4.27-10sarge4_all.deb stable/main/binary-all/kernel-tree-2.4.27_2.4.27-10sarge4_all.deb kernel-source-2.4.27 (2.4.27-10sarge4) stable-security; urgency=high * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-powerpc/kernel-build-2.6.8-3-powerpc-smp_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-power4_2.6.8-12sarge5_powerpc.deb stable/main/source/kernel-patch-powerpc-2.6.8_2.6.8-12sarge5.tar.gz stable/main/binary-powerpc/kernel-build-2.6.8-3-power4_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-power3-smp_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-powerpc-smp_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-powerpc_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-power3_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-build-2.6.8-3-power3_2.6.8-12sarge5_powerpc.deb stable/main/source/kernel-patch-powerpc-2.6.8_2.6.8-12sarge5.dsc stable/main/binary-powerpc/kernel-build-2.6.8-3-powerpc_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-headers-2.6.8-3_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-image-2.6.8-3-power4-smp_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-build-2.6.8-3-power4-smp_2.6.8-12sarge5_powerpc.deb stable/main/binary-powerpc/kernel-build-2.6.8-3-power3-smp_2.6.8-12sarge5_powerpc.deb kernel-patch-powerpc-2.6.8 (2.6.8-12sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-powerpc/kernel-image-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-image-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-build-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-headers-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-patch-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb stable/main/source/kernel-patch-powerpc-2.4.27_2.4.27-10sarge4.tar.gz stable/main/binary-powerpc/kernel-build-2.4.27-powerpc-small_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-patch-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-headers-2.4.27-nubus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-build-2.4.27-apus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-image-2.4.27-powerpc-smp_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-headers-2.4.27-apus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-build-2.4.27-powerpc-smp_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-image-2.4.27-powerpc-small_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-image-2.4.27-apus_2.4.27-10sarge4_powerpc.deb stable/main/source/kernel-patch-powerpc-2.4.27_2.4.27-10sarge4.dsc stable/main/binary-powerpc/kernel-patch-2.4.27-apus_2.4.27-10sarge4_powerpc.deb stable/main/binary-powerpc/kernel-build-2.4.27-powerpc_2.4.27-10sarge4_powerpc.deb kernel-patch-powerpc-2.4.27 (2.4.27-10sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/source/kernel-patch-2.4.27-s390_2.4.27-2sarge1.dsc stable/main/binary-all/kernel-patch-2.4.27-s390_2.4.27-2sarge1_all.deb stable/main/source/kernel-patch-2.4.27-s390_2.4.27-2sarge1.diff.gz kernel-patch-2.4.27-s390 (2.4.27-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Use kernel-tree-2.4.27-10sarge2 * Regenerate linux-2.4.27-s390.diff to apply to updated source tree * Build fix for 206_s390-sacf-fix.diff (CAN-2004-0887) from new kernel-tree. stable/main/binary-sparc/mips-tools_2.4.27-10.sarge4.040815-1_sparc.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-s390/mips-tools_2.4.27-10.sarge4.040815-1_s390.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-powerpc/mips-tools_2.4.27-10.sarge4.040815-1_powerpc.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-mipsel/kernel-image-2.4.27-xxs1500_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-image-2.4.27-r5k-lasat_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-image-2.4.27-r5k-cobalt_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-image-2.4.27-r4k-kn04_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/mips-tools_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-image-2.4.27-r3k-kn02_2.4.27-10.sarge4.040815-1_mipsel.deb stable/main/binary-mipsel/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-1_mipsel.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-mips/mips-tools_2.4.27-10.sarge4.040815-1_mips.deb stable/main/binary-mips/kernel-image-2.4.27-sb1-swarm-bn_2.4.27-10.sarge4.040815-1_mips.deb stable/main/binary-mips/kernel-image-2.4.27-r4k-ip22_2.4.27-10.sarge4.040815-1_mips.deb stable/main/binary-mips/kernel-image-2.4.27-r5k-ip22_2.4.27-10.sarge4.040815-1_mips.deb stable/main/binary-mips/kernel-headers-2.4.27_2.4.27-10.sarge4.040815-1_mips.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-sparc/libdevmapper1.01_1.01.00-4sarge1_sparc.deb stable/main/binary-sparc/libdevmapper1.01-udeb_1.01.00-4sarge1_sparc.udeb stable/main/binary-sparc/dmsetup_1.01.00-4sarge1_sparc.deb stable/main/binary-sparc/dmsetup-udeb_1.01.00-4sarge1_sparc.udeb stable/main/binary-sparc/libdevmapper-dev_1.01.00-4sarge1_sparc.deb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-s390/dmsetup_1.01.00-4sarge1_s390.deb stable/main/binary-s390/dmsetup-udeb_1.01.00-4sarge1_s390.udeb stable/main/binary-s390/libdevmapper1.01_1.01.00-4sarge1_s390.deb stable/main/binary-s390/libdevmapper-dev_1.01.00-4sarge1_s390.deb stable/main/binary-s390/libdevmapper1.01-udeb_1.01.00-4sarge1_s390.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-mipsel/libdevmapper-dev_1.01.00-4sarge1_mipsel.deb stable/main/binary-mipsel/dmsetup_1.01.00-4sarge1_mipsel.deb stable/main/binary-mipsel/libdevmapper1.01-udeb_1.01.00-4sarge1_mipsel.udeb stable/main/binary-mipsel/libdevmapper1.01_1.01.00-4sarge1_mipsel.deb stable/main/binary-mipsel/dmsetup-udeb_1.01.00-4sarge1_mipsel.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-mips/libdevmapper-dev_1.01.00-4sarge1_mips.deb stable/main/binary-mips/dmsetup-udeb_1.01.00-4sarge1_mips.udeb stable/main/binary-mips/libdevmapper1.01_1.01.00-4sarge1_mips.deb stable/main/binary-mips/dmsetup_1.01.00-4sarge1_mips.deb stable/main/binary-mips/libdevmapper1.01-udeb_1.01.00-4sarge1_mips.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-m68k/libdevmapper1.01_1.01.00-4sarge1_m68k.deb stable/main/binary-m68k/dmsetup-udeb_1.01.00-4sarge1_m68k.udeb stable/main/binary-m68k/libdevmapper-dev_1.01.00-4sarge1_m68k.deb stable/main/binary-m68k/libdevmapper1.01-udeb_1.01.00-4sarge1_m68k.udeb stable/main/binary-m68k/dmsetup_1.01.00-4sarge1_m68k.deb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-ia64/dmsetup_1.01.00-4sarge1_ia64.deb stable/main/binary-ia64/dmsetup-udeb_1.01.00-4sarge1_ia64.udeb stable/main/binary-ia64/libdevmapper-dev_1.01.00-4sarge1_ia64.deb stable/main/binary-ia64/libdevmapper1.01-udeb_1.01.00-4sarge1_ia64.udeb stable/main/binary-ia64/libdevmapper1.01_1.01.00-4sarge1_ia64.deb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-i386/dmsetup-udeb_1.01.00-4sarge1_i386.udeb stable/main/binary-i386/dmsetup_1.01.00-4sarge1_i386.deb stable/main/binary-i386/libdevmapper1.01-udeb_1.01.00-4sarge1_i386.udeb stable/main/binary-i386/libdevmapper1.01_1.01.00-4sarge1_i386.deb stable/main/binary-i386/libdevmapper-dev_1.01.00-4sarge1_i386.deb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-hppa/dmsetup_1.01.00-4sarge1_hppa.deb stable/main/binary-hppa/libdevmapper1.01_1.01.00-4sarge1_hppa.deb stable/main/binary-hppa/libdevmapper-dev_1.01.00-4sarge1_hppa.deb stable/main/binary-hppa/libdevmapper1.01-udeb_1.01.00-4sarge1_hppa.udeb stable/main/binary-hppa/dmsetup-udeb_1.01.00-4sarge1_hppa.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-arm/dmsetup-udeb_1.01.00-4sarge1_arm.udeb stable/main/binary-arm/dmsetup_1.01.00-4sarge1_arm.deb stable/main/binary-arm/libdevmapper1.01_1.01.00-4sarge1_arm.deb stable/main/binary-arm/libdevmapper-dev_1.01.00-4sarge1_arm.deb stable/main/binary-arm/libdevmapper1.01-udeb_1.01.00-4sarge1_arm.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-alpha/dmsetup_1.01.00-4sarge1_alpha.deb stable/main/binary-alpha/libdevmapper1.01_1.01.00-4sarge1_alpha.deb stable/main/binary-alpha/libdevmapper-dev_1.01.00-4sarge1_alpha.deb stable/main/binary-alpha/libdevmapper1.01-udeb_1.01.00-4sarge1_alpha.udeb stable/main/binary-alpha/dmsetup-udeb_1.01.00-4sarge1_alpha.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/source/devmapper_1.01.00-4sarge1.diff.gz stable/main/binary-powerpc/dmsetup_1.01.00-4sarge1_powerpc.deb stable/main/source/devmapper_1.01.00-4sarge1.dsc stable/main/binary-powerpc/libdevmapper1.01-udeb_1.01.00-4sarge1_powerpc.udeb stable/main/binary-powerpc/libdevmapper-dev_1.01.00-4sarge1_powerpc.deb stable/main/binary-powerpc/libdevmapper1.01_1.01.00-4sarge1_powerpc.deb stable/main/binary-powerpc/dmsetup-udeb_1.01.00-4sarge1_powerpc.udeb devmapper (2:1.01.00-4sarge1) stable; urgency=low * Non-maintainer upload. * LVM devices are created with root:disk ownership and 0660 permissions, which are used by all other disk block devices. This allows backups of LVM logical volumes with tools such as amanda, which run as user backup, a member of the disk group. stable/main/binary-ia64/libsqldbc7.5.00-dev_7.5.00.24-4_ia64.deb stable/main/binary-ia64/libsqlod7.5.00_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-lserver_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-server-7.5.00_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-loadercli_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-sqlcli_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-webtools_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python2.3-maxdb_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python2.4-maxdb_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python-maxdb_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python2.4-maxdb-loader_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-dbmcli_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python2.3-maxdb-loader_7.5.00.24-4_ia64.deb stable/main/binary-ia64/libsqldbc7.5.00_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-server-dbg-7.5.00_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-server_7.5.00.24-4_ia64.deb stable/main/binary-ia64/libsqlod7.5.00-dev_7.5.00.24-4_ia64.deb stable/main/binary-ia64/maxdb-dbanalyzer_7.5.00.24-4_ia64.deb stable/main/binary-ia64/python-maxdb-loader_7.5.00.24-4_ia64.deb maxdb-7.5.00 (7.5.00.24-4) stable-security; urgency=high * Fix for remotely exploitable buffer overflow. (CVE-2006-4305) stable/main/binary-i386/python-maxdb-loader_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-loadercli_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-webtools_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-lserver_7.5.00.24-4_i386.deb stable/main/binary-i386/libsqlod7.5.00_7.5.00.24-4_i386.deb stable/main/binary-i386/python2.4-maxdb-loader_7.5.00.24-4_i386.deb stable/main/binary-i386/libsqldbc7.5.00-dev_7.5.00.24-4_i386.deb stable/main/source/maxdb-7.5.00_7.5.00.24-4.dsc stable/main/binary-i386/python-maxdb_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-server-dbg-7.5.00_7.5.00.24-4_i386.deb stable/main/source/maxdb-7.5.00_7.5.00.24-4.diff.gz stable/main/binary-i386/libsqldbc7.5.00_7.5.00.24-4_i386.deb stable/main/binary-i386/python2.4-maxdb_7.5.00.24-4_i386.deb stable/main/binary-i386/libsqlod7.5.00-dev_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-server_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-sqlcli_7.5.00.24-4_i386.deb stable/main/binary-i386/python2.3-maxdb-loader_7.5.00.24-4_i386.deb stable/main/binary-i386/python2.3-maxdb_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-dbmcli_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-dbanalyzer_7.5.00.24-4_i386.deb stable/main/binary-i386/maxdb-server-7.5.00_7.5.00.24-4_i386.deb maxdb-7.5.00 (7.5.00.24-4) stable-security; urgency=high * Fix for remotely exploitable buffer overflow. (CVE-2006-4305) stable/main/binary-all/migrationtools_46-1sarge1_all.deb stable/main/source/migrationtools_46-1sarge1.diff.gz stable/main/source/migrationtools_46-1sarge1.dsc migrationtools (46-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix multiple insecure temporary files. stable/main/binary-sparc/mozilla-firefox-dom-inspector_1.0.4-2sarge11_sparc.deb stable/main/binary-sparc/mozilla-firefox_1.0.4-2sarge11_sparc.deb stable/main/binary-sparc/mozilla-firefox-gnome-support_1.0.4-2sarge11_sparc.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-s390/mozilla-firefox_1.0.4-2sarge11_s390.deb stable/main/binary-s390/mozilla-firefox-gnome-support_1.0.4-2sarge11_s390.deb stable/main/binary-s390/mozilla-firefox-dom-inspector_1.0.4-2sarge11_s390.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-powerpc/mozilla-firefox-dom-inspector_1.0.4-2sarge11_powerpc.deb stable/main/binary-powerpc/mozilla-firefox-gnome-support_1.0.4-2sarge11_powerpc.deb stable/main/binary-powerpc/mozilla-firefox_1.0.4-2sarge11_powerpc.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-mipsel/mozilla-firefox-gnome-support_1.0.4-2sarge11_mipsel.deb stable/main/binary-mipsel/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mipsel.deb stable/main/binary-mipsel/mozilla-firefox_1.0.4-2sarge11_mipsel.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-mips/mozilla-firefox-gnome-support_1.0.4-2sarge11_mips.deb stable/main/binary-mips/mozilla-firefox-dom-inspector_1.0.4-2sarge11_mips.deb stable/main/binary-mips/mozilla-firefox_1.0.4-2sarge11_mips.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-m68k/mozilla-firefox-gnome-support_1.0.4-2sarge11_m68k.deb stable/main/binary-m68k/mozilla-firefox_1.0.4-2sarge11_m68k.deb stable/main/binary-m68k/mozilla-firefox-dom-inspector_1.0.4-2sarge11_m68k.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-ia64/mozilla-firefox-dom-inspector_1.0.4-2sarge11_ia64.deb stable/main/binary-ia64/mozilla-firefox-gnome-support_1.0.4-2sarge11_ia64.deb stable/main/binary-ia64/mozilla-firefox_1.0.4-2sarge11_ia64.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-hppa/mozilla-firefox-gnome-support_1.0.4-2sarge11_hppa.deb stable/main/binary-hppa/mozilla-firefox-dom-inspector_1.0.4-2sarge11_hppa.deb stable/main/binary-hppa/mozilla-firefox_1.0.4-2sarge11_hppa.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-arm/mozilla-firefox_1.0.4-2sarge11_arm.deb stable/main/binary-arm/mozilla-firefox-gnome-support_1.0.4-2sarge11_arm.deb stable/main/binary-arm/mozilla-firefox-dom-inspector_1.0.4-2sarge11_arm.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-alpha/mozilla-firefox_1.0.4-2sarge11_alpha.deb stable/main/binary-alpha/mozilla-firefox-gnome-support_1.0.4-2sarge11_alpha.deb stable/main/binary-alpha/mozilla-firefox-dom-inspector_1.0.4-2sarge11_alpha.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-i386/mozilla-firefox_1.0.4-2sarge11_i386.deb stable/main/source/mozilla-firefox_1.0.4-2sarge11.diff.gz stable/main/binary-i386/mozilla-firefox-gnome-support_1.0.4-2sarge11_i386.deb stable/main/source/mozilla-firefox_1.0.4-2sarge11.dsc stable/main/binary-i386/mozilla-firefox-dom-inspector_1.0.4-2sarge11_i386.deb mozilla-firefox (1.0.4-2sarge11) stable-security; urgency=critical * content/base/src/nsGenericElement.cpp: Patch from Alexander Sack to fix JavaScript regression that seems to affect Google Maps. (Closes: #385248, #385515) stable/main/binary-sparc/libnss-dev_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-dev_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-chatzilla_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-js-debugger_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-mailnews_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-calendar_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-browser_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/libnspr-dev_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-dom-inspector_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/libnspr4_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/mozilla-psm_1.7.8-1sarge7.3.1_sparc.deb stable/main/binary-sparc/libnss3_1.7.8-1sarge7.3.1_sparc.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-s390/mozilla-psm_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-dev_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-mailnews_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/libnss-dev_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/libnss3_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/libnspr4_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-calendar_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-chatzilla_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-dom-inspector_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/libnspr-dev_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-browser_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla_1.7.8-1sarge7.3.1_s390.deb stable/main/binary-s390/mozilla-js-debugger_1.7.8-1sarge7.3.1_s390.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-powerpc/libnss3_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-chatzilla_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/libnspr4_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-browser_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-js-debugger_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-psm_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/libnspr-dev_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-calendar_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-mailnews_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-dom-inspector_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/mozilla-dev_1.7.8-1sarge7.3.1_powerpc.deb stable/main/binary-powerpc/libnss-dev_1.7.8-1sarge7.3.1_powerpc.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-mipsel/libnspr-dev_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-mailnews_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/libnspr4_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/libnss-dev_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-calendar_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-chatzilla_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/libnss3_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-js-debugger_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-psm_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-browser_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-dev_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mipsel.deb stable/main/binary-mipsel/mozilla_1.7.8-1sarge7.3.1_mipsel.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-mips/mozilla-js-debugger_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/libnspr4_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/libnss3_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-chatzilla_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/libnspr-dev_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-mailnews_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-dom-inspector_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-browser_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-calendar_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-dev_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/mozilla-psm_1.7.8-1sarge7.3.1_mips.deb stable/main/binary-mips/libnss-dev_1.7.8-1sarge7.3.1_mips.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-m68k/libnss3_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-js-debugger_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-browser_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/libnspr-dev_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-psm_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-dev_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/libnspr4_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-chatzilla_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/libnss-dev_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-mailnews_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-calendar_1.7.8-1sarge7.3.1_m68k.deb stable/main/binary-m68k/mozilla-dom-inspector_1.7.8-1sarge7.3.1_m68k.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-ia64/mozilla-js-debugger_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-dev_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-dom-inspector_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/libnspr4_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-calendar_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-chatzilla_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/libnss-dev_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-psm_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/libnss3_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-browser_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/mozilla-mailnews_1.7.8-1sarge7.3.1_ia64.deb stable/main/binary-ia64/libnspr-dev_1.7.8-1sarge7.3.1_ia64.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-hppa/mozilla-js-debugger_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-dom-inspector_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-mailnews_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-browser_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/libnspr-dev_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-psm_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/libnss3_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/libnss-dev_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-dev_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-chatzilla_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/mozilla-calendar_1.7.8-1sarge7.3.1_hppa.deb stable/main/binary-hppa/libnspr4_1.7.8-1sarge7.3.1_hppa.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-arm/mozilla-psm_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-js-debugger_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/libnss3_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/libnspr4_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-chatzilla_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-browser_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-mailnews_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/libnspr-dev_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/libnss-dev_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-dom-inspector_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-calendar_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla_1.7.8-1sarge7.3.1_arm.deb stable/main/binary-arm/mozilla-dev_1.7.8-1sarge7.3.1_arm.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-alpha/mozilla-js-debugger_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-mailnews_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/libnspr-dev_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-dev_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/libnss-dev_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-chatzilla_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/libnspr4_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-psm_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-dom-inspector_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-calendar_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla-browser_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/mozilla_1.7.8-1sarge7.3.1_alpha.deb stable/main/binary-alpha/libnss3_1.7.8-1sarge7.3.1_alpha.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-i386/libnspr-dev_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/libnss3_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-browser_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-dom-inspector_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-psm_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-dev_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/libnspr4_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla_1.7.8-1sarge7.3.1_i386.deb stable/main/source/mozilla_1.7.8-1sarge7.3.1.dsc stable/main/source/mozilla_1.7.8-1sarge7.3.1.diff.gz stable/main/binary-i386/mozilla-mailnews_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-calendar_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/libnss-dev_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-chatzilla_1.7.8-1sarge7.3.1_i386.deb stable/main/binary-i386/mozilla-js-debugger_1.7.8-1sarge7.3.1_i386.deb mozilla (2:1.7.8-1sarge7.3.1) stable-security; urgency=critical * fixes various security issues. Patches are: 3_0001-no-mfsa-CVE-2006-2788-321598.txt 3_0002-MFSA2006-57-Part-1-2-CVE-2006-4565-346090.txt 3_0003-MFSA2006-57-Part-2-2-CVE-2006-4566-346794.txt 3_0004-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-1-3-350640.txt 3_0005-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-2-3-351079.txt 3_0006-MFSA2006-60-CVE-2006-4340-CVE-2006-4339-Part-3-3-351848.txt 3_0007-MFSA2006-61-CVE-2006-4568-343168.txt 3_0008-MFSA-2006-63-CVE-2006-4570-346984-mail-only.txt 3_0009-MFSA2006-64-CVE-2006-4571-346980-grant-cellmap-patch.txt 3_0010-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-1-4-345967.txt 3_0011-MFSA2006-64-CVE-2006-4571-Section-3-5-Part-3-4-348532.txt 3_0012-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-1-20-268575.txt 3_0013-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-2-20-306940.txt 3_0014-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-3-20-307826.txt 3_0015-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-5-20-337419.txt 3_0016-MFSA2006-64-CVS-2006-4571-Section-4-5-Part-6-20-337883.txt 3_0018-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8a-20-348049.txt 3_0019-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8b-20-348049.txt 3_0020-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8c-20-348049.txt 3_0021-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-8d-20-348049.txt 3_0022-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-9-20-205735.txt 3_0023-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-12-20-348062.txt 3_0024-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-17-20-349201.txt 3_0025-MFSA2006-64-CVE-2006-4571-Section-5-5-344085.txt 3_0026-GetDepth-without-DEBUG-in-BlockFrame.txt 3_0028-MFSA2006-64-CVE-2006-4571-Section-4-5-Part-7-20-347355-without-svg-bug.txt stable/main/binary-sparc/mysql-server-4.1_4.1.11a-4sarge7_sparc.deb stable/main/binary-sparc/libmysqlclient14_4.1.11a-4sarge7_sparc.deb stable/main/binary-sparc/libmysqlclient14-dev_4.1.11a-4sarge7_sparc.deb stable/main/binary-sparc/mysql-client-4.1_4.1.11a-4sarge7_sparc.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-s390/libmysqlclient14-dev_4.1.11a-4sarge7_s390.deb stable/main/binary-s390/mysql-server-4.1_4.1.11a-4sarge7_s390.deb stable/main/binary-s390/libmysqlclient14_4.1.11a-4sarge7_s390.deb stable/main/binary-s390/mysql-client-4.1_4.1.11a-4sarge7_s390.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-powerpc/mysql-client-4.1_4.1.11a-4sarge7_powerpc.deb stable/main/binary-powerpc/libmysqlclient14_4.1.11a-4sarge7_powerpc.deb stable/main/binary-powerpc/mysql-server-4.1_4.1.11a-4sarge7_powerpc.deb stable/main/binary-powerpc/libmysqlclient14-dev_4.1.11a-4sarge7_powerpc.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-mipsel/mysql-server-4.1_4.1.11a-4sarge7_mipsel.deb stable/main/binary-mipsel/mysql-client-4.1_4.1.11a-4sarge7_mipsel.deb stable/main/binary-mipsel/libmysqlclient14-dev_4.1.11a-4sarge7_mipsel.deb stable/main/binary-mipsel/libmysqlclient14_4.1.11a-4sarge7_mipsel.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-mips/mysql-client-4.1_4.1.11a-4sarge7_mips.deb stable/main/binary-mips/libmysqlclient14_4.1.11a-4sarge7_mips.deb stable/main/binary-mips/libmysqlclient14-dev_4.1.11a-4sarge7_mips.deb stable/main/binary-mips/mysql-server-4.1_4.1.11a-4sarge7_mips.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-m68k/libmysqlclient14_4.1.11a-4sarge7_m68k.deb stable/main/binary-m68k/mysql-client-4.1_4.1.11a-4sarge7_m68k.deb stable/main/binary-m68k/mysql-server-4.1_4.1.11a-4sarge7_m68k.deb stable/main/binary-m68k/libmysqlclient14-dev_4.1.11a-4sarge7_m68k.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-ia64/mysql-client-4.1_4.1.11a-4sarge7_ia64.deb stable/main/binary-ia64/libmysqlclient14-dev_4.1.11a-4sarge7_ia64.deb stable/main/binary-ia64/mysql-server-4.1_4.1.11a-4sarge7_ia64.deb stable/main/binary-ia64/libmysqlclient14_4.1.11a-4sarge7_ia64.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-hppa/libmysqlclient14-dev_4.1.11a-4sarge7_hppa.deb stable/main/binary-hppa/mysql-client-4.1_4.1.11a-4sarge7_hppa.deb stable/main/binary-hppa/libmysqlclient14_4.1.11a-4sarge7_hppa.deb stable/main/binary-hppa/mysql-server-4.1_4.1.11a-4sarge7_hppa.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-arm/libmysqlclient14-dev_4.1.11a-4sarge7_arm.deb stable/main/binary-arm/libmysqlclient14_4.1.11a-4sarge7_arm.deb stable/main/binary-arm/mysql-server-4.1_4.1.11a-4sarge7_arm.deb stable/main/binary-arm/mysql-client-4.1_4.1.11a-4sarge7_arm.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-alpha/libmysqlclient14-dev_4.1.11a-4sarge7_alpha.deb stable/main/binary-alpha/libmysqlclient14_4.1.11a-4sarge7_alpha.deb stable/main/binary-alpha/mysql-client-4.1_4.1.11a-4sarge7_alpha.deb stable/main/binary-alpha/mysql-server-4.1_4.1.11a-4sarge7_alpha.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/source/mysql-dfsg-4.1_4.1.11a-4sarge7.dsc stable/main/binary-all/mysql-common-4.1_4.1.11a-4sarge7_all.deb stable/main/binary-i386/libmysqlclient14-dev_4.1.11a-4sarge7_i386.deb stable/main/source/mysql-dfsg-4.1_4.1.11a-4sarge7.diff.gz stable/main/binary-i386/mysql-server-4.1_4.1.11a-4sarge7_i386.deb stable/main/binary-i386/mysql-client-4.1_4.1.11a-4sarge7_i386.deb stable/main/binary-i386/libmysqlclient14_4.1.11a-4sarge7_i386.deb mysql-dfsg-4.1 (4.1.11a-4sarge7) stable-security; urgency=low * SECURITY: MySQL when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have permissions. (CVE-2006-4226). Closes: #384798 * SECURITY: Certain SQL queries could crash the server and prevent master-slave replication from continue until manual intervention was taken. (CVE-2006-4380). Closes: #383165 stable/main/binary-sparc/zope2.7_2.7.5-2sarge3_sparc.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-s390/zope2.7_2.7.5-2sarge3_s390.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-powerpc/zope2.7_2.7.5-2sarge3_powerpc.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-mipsel/zope2.7_2.7.5-2sarge3_mipsel.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-mips/zope2.7_2.7.5-2sarge3_mips.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-m68k/zope2.7_2.7.5-2sarge3_m68k.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-ia64/zope2.7_2.7.5-2sarge3_ia64.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-hppa/zope2.7_2.7.5-2sarge3_hppa.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-arm/zope2.7_2.7.5-2sarge3_arm.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-alpha/zope2.7_2.7.5-2sarge3_alpha.deb zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-i386/zope2.7_2.7.5-2sarge3_i386.deb stable/main/source/zope2.7_2.7.5-2sarge3.dsc stable/main/source/zope2.7_2.7.5-2sarge3.diff.gz zope2.7 (2.7.5-2sarge3) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'csv_table' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. stable/main/binary-all/usermin-gnupg_1.110-3.1_all.deb stable/main/binary-all/usermin_1.110-3.1_all.deb stable/main/binary-all/usermin-postgresql_1.110-3.1_all.deb stable/main/binary-all/usermin-usermount_1.110-3.1_all.deb stable/main/binary-all/usermin-htaccess_1.110-3.1_all.deb stable/main/binary-all/usermin-cron_1.110-3.1_all.deb stable/main/binary-all/usermin-procmail_1.110-3.1_all.deb stable/main/binary-all/usermin-htpasswd_1.110-3.1_all.deb stable/main/source/usermin_1.110-3.1.diff.gz stable/main/binary-all/usermin-cshrc_1.110-3.1_all.deb stable/main/binary-all/usermin-man_1.110-3.1_all.deb stable/main/binary-all/usermin-mailbox_1.110-3.1_all.deb stable/main/binary-all/usermin-schedule_1.110-3.1_all.deb stable/main/binary-all/usermin-at_1.110-3.1_all.deb stable/main/binary-all/usermin-spamassassin_1.110-3.1_all.deb stable/main/binary-all/usermin-shell_1.110-3.1_all.deb stable/main/binary-all/usermin-fetchmail_1.110-3.1_all.deb stable/main/binary-all/usermin-quota_1.110-3.1_all.deb stable/main/binary-all/usermin-mysql_1.110-3.1_all.deb stable/main/binary-all/usermin-forward_1.110-3.1_all.deb stable/main/binary-all/usermin-commands_1.110-3.1_all.deb stable/main/source/usermin_1.110-3.1.dsc stable/main/binary-all/usermin-plan_1.110-3.1_all.deb stable/main/binary-all/usermin-proc_1.110-3.1_all.deb stable/main/binary-all/usermin-tunnel_1.110-3.1_all.deb stable/main/binary-all/usermin-changepass_1.110-3.1_all.deb stable/main/binary-all/usermin-ssh_1.110-3.1_all.deb stable/main/binary-all/usermin-updown_1.110-3.1_all.deb stable/main/binary-all/usermin-chfn_1.110-3.1_all.deb usermin (1.110-3.1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Hendrik Weimer to prevent unauthorised setting of the root shell [chfn/save.cgi, CVE-2006-4246, Bug#374609] stable/main/source/trac_0.8.1-3sarge5.diff.gz stable/main/binary-all/trac_0.8.1-3sarge5_all.deb stable/main/source/trac_0.8.1-3sarge5.dsc trac (0.8.1-3sarge5) stable-security; urgency=high * Non-maintainer Upload by the Security Team * Backported upstream patch to fix file disclosure [trac/wikimacros/rst.py, debian/patches/12_CVE-2006-3695.patch] stable/main/source/systemimager_3.2.3-6sarge3.dsc stable/main/binary-all/systemimager-boot-i386-standard_3.2.3-6sarge3_all.deb stable/main/binary-all/systemimager-server-flamethrowerd_3.2.3-6sarge3_all.deb stable/main/source/systemimager_3.2.3-6sarge3.tar.gz stable/main/binary-all/systemimager-common_3.2.3-6sarge3_all.deb stable/main/binary-all/systemimager-server_3.2.3-6sarge3_all.deb stable/main/binary-all/systemimager-client_3.2.3-6sarge3_all.deb stable/main/binary-all/systemimager-doc_3.2.3-6sarge3_all.deb stable/main/binary-all/systemimager-boot-ia64-standard_3.2.3-6sarge3_all.deb systemimager (3.2.3-6sarge3) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-sparc/streamripper_1.61.7-1sarge1_sparc.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-s390/streamripper_1.61.7-1sarge1_s390.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-powerpc/streamripper_1.61.7-1sarge1_powerpc.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-mipsel/streamripper_1.61.7-1sarge1_mipsel.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-mips/streamripper_1.61.7-1sarge1_mips.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-m68k/streamripper_1.61.7-1sarge1_m68k.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-ia64/streamripper_1.61.7-1sarge1_ia64.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-hppa/streamripper_1.61.7-1sarge1_hppa.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-arm/streamripper_1.61.7-1sarge1_arm.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-alpha/streamripper_1.61.7-1sarge1_alpha.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/source/streamripper_1.61.7-1sarge1.diff.gz stable/main/source/streamripper_1.61.7-1sarge1.dsc stable/main/binary-i386/streamripper_1.61.7-1sarge1_i386.deb streamripper (1.61.7-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix bufferoverflows in lib/http.c [CVE-2006-3124] stable/main/binary-sparc/sensible-mda_8.13.4-3sarge3_sparc.deb stable/main/binary-sparc/sendmail-bin_8.13.4-3sarge3_sparc.deb stable/main/binary-sparc/rmail_8.13.4-3sarge3_sparc.deb stable/main/binary-sparc/libmilter0_8.13.4-3sarge3_sparc.deb stable/main/binary-sparc/libmilter-dev_8.13.4-3sarge3_sparc.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-s390/sendmail-bin_8.13.4-3sarge3_s390.deb stable/main/binary-s390/libmilter-dev_8.13.4-3sarge3_s390.deb stable/main/binary-s390/libmilter0_8.13.4-3sarge3_s390.deb stable/main/binary-s390/sensible-mda_8.13.4-3sarge3_s390.deb stable/main/binary-s390/rmail_8.13.4-3sarge3_s390.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-powerpc/rmail_8.13.4-3sarge3_powerpc.deb stable/main/binary-powerpc/sendmail-bin_8.13.4-3sarge3_powerpc.deb stable/main/binary-powerpc/libmilter0_8.13.4-3sarge3_powerpc.deb stable/main/binary-powerpc/libmilter-dev_8.13.4-3sarge3_powerpc.deb stable/main/binary-powerpc/sensible-mda_8.13.4-3sarge3_powerpc.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-mipsel/sensible-mda_8.13.4-3sarge3_mipsel.deb stable/main/binary-mipsel/sendmail-bin_8.13.4-3sarge3_mipsel.deb stable/main/binary-mipsel/rmail_8.13.4-3sarge3_mipsel.deb stable/main/binary-mipsel/libmilter0_8.13.4-3sarge3_mipsel.deb stable/main/binary-mipsel/libmilter-dev_8.13.4-3sarge3_mipsel.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-mips/rmail_8.13.4-3sarge3_mips.deb stable/main/binary-mips/libmilter-dev_8.13.4-3sarge3_mips.deb stable/main/binary-mips/libmilter0_8.13.4-3sarge3_mips.deb stable/main/binary-mips/sendmail-bin_8.13.4-3sarge3_mips.deb stable/main/binary-mips/sensible-mda_8.13.4-3sarge3_mips.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-m68k/libmilter0_8.13.4-3sarge3_m68k.deb stable/main/binary-m68k/libmilter-dev_8.13.4-3sarge3_m68k.deb stable/main/binary-m68k/rmail_8.13.4-3sarge3_m68k.deb stable/main/binary-m68k/sensible-mda_8.13.4-3sarge3_m68k.deb stable/main/binary-m68k/sendmail-bin_8.13.4-3sarge3_m68k.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-ia64/rmail_8.13.4-3sarge3_ia64.deb stable/main/binary-ia64/sensible-mda_8.13.4-3sarge3_ia64.deb stable/main/binary-ia64/sendmail-bin_8.13.4-3sarge3_ia64.deb stable/main/binary-ia64/libmilter0_8.13.4-3sarge3_ia64.deb stable/main/binary-ia64/libmilter-dev_8.13.4-3sarge3_ia64.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-hppa/rmail_8.13.4-3sarge3_hppa.deb stable/main/binary-hppa/libmilter-dev_8.13.4-3sarge3_hppa.deb stable/main/binary-hppa/sendmail-bin_8.13.4-3sarge3_hppa.deb stable/main/binary-hppa/sensible-mda_8.13.4-3sarge3_hppa.deb stable/main/binary-hppa/libmilter0_8.13.4-3sarge3_hppa.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-arm/libmilter-dev_8.13.4-3sarge3_arm.deb stable/main/binary-arm/sensible-mda_8.13.4-3sarge3_arm.deb stable/main/binary-arm/sendmail-bin_8.13.4-3sarge3_arm.deb stable/main/binary-arm/libmilter0_8.13.4-3sarge3_arm.deb stable/main/binary-arm/rmail_8.13.4-3sarge3_arm.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-alpha/libmilter-dev_8.13.4-3sarge3_alpha.deb stable/main/binary-alpha/rmail_8.13.4-3sarge3_alpha.deb stable/main/binary-alpha/sendmail-bin_8.13.4-3sarge3_alpha.deb stable/main/binary-alpha/libmilter0_8.13.4-3sarge3_alpha.deb stable/main/binary-alpha/sensible-mda_8.13.4-3sarge3_alpha.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-all/sendmail-doc_8.13.4-3sarge3_all.deb stable/main/binary-all/sendmail_8.13.4-3sarge3_all.deb stable/main/binary-i386/sensible-mda_8.13.4-3sarge3_i386.deb stable/main/source/sendmail_8.13.4-3sarge3.dsc stable/main/binary-i386/libmilter0_8.13.4-3sarge3_i386.deb stable/main/binary-i386/libmilter-dev_8.13.4-3sarge3_i386.deb stable/main/binary-all/sendmail-base_8.13.4-3sarge3_all.deb stable/main/binary-all/sendmail-cf_8.13.4-3sarge3_all.deb stable/main/binary-i386/sendmail-bin_8.13.4-3sarge3_i386.deb stable/main/source/sendmail_8.13.4-3sarge3.diff.gz stable/main/binary-i386/rmail_8.13.4-3sarge3_i386.deb sendmail (8.13.4-3sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch to fix denial of service, Bug#385054, CVE-2006-4434, debian/patches/8.13/8.13.4/z_CVE-2006-4434.patch stable/main/binary-sparc/libruby1.8-dbg_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libopenssl-ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/ruby1.8-dev_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libgdbm-ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libdbm-ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libtcltk-ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libreadline-ruby1.8_1.8.2-7sarge4_sparc.deb stable/main/binary-sparc/libruby1.8_1.8.2-7sarge4_sparc.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-s390/ruby1.8-dev_1.8.2-7sarge4_s390.deb stable/main/binary-s390/ruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libdbm-ruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libtcltk-ruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libreadline-ruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libruby1.8-dbg_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libopenssl-ruby1.8_1.8.2-7sarge4_s390.deb stable/main/binary-s390/libgdbm-ruby1.8_1.8.2-7sarge4_s390.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-powerpc/libruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libgdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libruby1.8-dbg_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libreadline-ruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libdbm-ruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/ruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/ruby1.8-dev_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libtcltk-ruby1.8_1.8.2-7sarge4_powerpc.deb stable/main/binary-powerpc/libopenssl-ruby1.8_1.8.2-7sarge4_powerpc.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-mipsel/libtcltk-ruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libreadline-ruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libruby1.8-dbg_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/ruby1.8-dev_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libopenssl-ruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libgdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/libdbm-ruby1.8_1.8.2-7sarge4_mipsel.deb stable/main/binary-mipsel/ruby1.8_1.8.2-7sarge4_mipsel.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-mips/libopenssl-ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/ruby1.8-dev_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libgdbm-ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libdbm-ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libreadline-ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libtcltk-ruby1.8_1.8.2-7sarge4_mips.deb stable/main/binary-mips/libruby1.8-dbg_1.8.2-7sarge4_mips.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-m68k/libdbm-ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libgdbm-ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libopenssl-ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libreadline-ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libtcltk-ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/ruby1.8-dev_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/ruby1.8_1.8.2-7sarge4_m68k.deb stable/main/binary-m68k/libruby1.8-dbg_1.8.2-7sarge4_m68k.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-ia64/ruby1.8-dev_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libdbm-ruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libopenssl-ruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libgdbm-ruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libreadline-ruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libtcltk-ruby1.8_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/libruby1.8-dbg_1.8.2-7sarge4_ia64.deb stable/main/binary-ia64/ruby1.8_1.8.2-7sarge4_ia64.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-hppa/libopenssl-ruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libdbm-ruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/ruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libruby1.8-dbg_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libreadline-ruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/ruby1.8-dev_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libtcltk-ruby1.8_1.8.2-7sarge4_hppa.deb stable/main/binary-hppa/libgdbm-ruby1.8_1.8.2-7sarge4_hppa.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-arm/libgdbm-ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libruby1.8-dbg_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libopenssl-ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libdbm-ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libreadline-ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/ruby1.8-dev_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libtcltk-ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/ruby1.8_1.8.2-7sarge4_arm.deb stable/main/binary-arm/libruby1.8_1.8.2-7sarge4_arm.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-alpha/ruby1.8-dev_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/ruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libtcltk-ruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libruby1.8-dbg_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libopenssl-ruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libreadline-ruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libdbm-ruby1.8_1.8.2-7sarge4_alpha.deb stable/main/binary-alpha/libgdbm-ruby1.8_1.8.2-7sarge4_alpha.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-all/ruby1.8-examples_1.8.2-7sarge4_all.deb stable/main/binary-i386/libreadline-ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-all/irb1.8_1.8.2-7sarge4_all.deb stable/main/binary-all/rdoc1.8_1.8.2-7sarge4_all.deb stable/main/source/ruby1.8_1.8.2-7sarge4.diff.gz stable/main/binary-i386/libdbm-ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-all/ruby1.8-elisp_1.8.2-7sarge4_all.deb stable/main/source/ruby1.8_1.8.2-7sarge4.dsc stable/main/binary-i386/libruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-i386/libopenssl-ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-i386/libgdbm-ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-i386/ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-all/ri1.8_1.8.2-7sarge4_all.deb stable/main/binary-i386/libtcltk-ruby1.8_1.8.2-7sarge4_i386.deb stable/main/binary-i386/libruby1.8-dbg_1.8.2-7sarge4_i386.deb stable/main/binary-i386/ruby1.8-dev_1.8.2-7sarge4_i386.deb ruby1.8 (1.8.2-7sarge4) stable-security; urgency=high * akira yamada - added debian/patches/903_JVN-83768862.patch and debian/patches/904_JVN-13947696.patch from Kobayashi Noritada (closes: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. stable/main/binary-all/python2.1-textwrap_0.3.7-2sarge1_all.deb stable/main/source/python-docutils_0.3.7-2sarge1.diff.gz stable/main/source/python-docutils_0.3.7-2sarge1.dsc stable/main/binary-all/python2.1-difflib_0.3.7-2sarge1_all.deb stable/main/binary-all/python2.2-textwrap_0.3.7-2sarge1_all.deb stable/main/binary-all/python2.2-docutils_0.3.7-2sarge1_all.deb stable/main/binary-all/python-roman_0.3.7-2sarge1_all.deb stable/main/binary-all/python-docutils_0.3.7-2sarge1_all.deb stable/main/binary-all/python2.3-docutils_0.3.7-2sarge1_all.deb stable/main/binary-all/python2.4-docutils_0.3.7-2sarge1_all.deb python-docutils (0.3.7-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported changes from 0.3.9 to support new settings file_insertion_enabled and raw_enabled, needed to fix CVE-2006-3695 in trac [docutils/parsers/rst/__init__.py, docutils/parsers/rst/directives/misc.py, docutils/parsers/rst/directives/images.py, docutils/parsers/rst/directives/tables.py] stable/main/binary-sparc/libssl0.9.7_0.9.7e-3sarge4_sparc.deb stable/main/binary-sparc/libssl-dev_0.9.7e-3sarge4_sparc.deb stable/main/binary-sparc/openssl_0.9.7e-3sarge4_sparc.deb stable/main/binary-sparc/libcrypto0.9.7-udeb_0.9.7e-3sarge4_sparc.udeb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-s390/libssl0.9.7_0.9.7e-3sarge4_s390.deb stable/main/binary-s390/openssl_0.9.7e-3sarge4_s390.deb stable/main/binary-s390/libssl-dev_0.9.7e-3sarge4_s390.deb stable/main/binary-s390/libcrypto0.9.7-udeb_0.9.7e-3sarge4_s390.udeb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-powerpc/libssl0.9.7_0.9.7e-3sarge4_powerpc.deb stable/main/binary-powerpc/openssl_0.9.7e-3sarge4_powerpc.deb stable/main/binary-powerpc/libcrypto0.9.7-udeb_0.9.7e-3sarge4_powerpc.udeb stable/main/binary-powerpc/libssl-dev_0.9.7e-3sarge4_powerpc.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-mipsel/openssl_0.9.7e-3sarge4_mipsel.deb stable/main/binary-mipsel/libssl0.9.7_0.9.7e-3sarge4_mipsel.deb stable/main/binary-mipsel/libcrypto0.9.7-udeb_0.9.7e-3sarge4_mipsel.udeb stable/main/binary-mipsel/libssl-dev_0.9.7e-3sarge4_mipsel.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-mips/libssl-dev_0.9.7e-3sarge4_mips.deb stable/main/binary-mips/libssl0.9.7_0.9.7e-3sarge4_mips.deb stable/main/binary-mips/libcrypto0.9.7-udeb_0.9.7e-3sarge4_mips.udeb stable/main/binary-mips/openssl_0.9.7e-3sarge4_mips.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-m68k/libcrypto0.9.7-udeb_0.9.7e-3sarge4_m68k.udeb stable/main/binary-m68k/libssl0.9.7_0.9.7e-3sarge4_m68k.deb stable/main/binary-m68k/openssl_0.9.7e-3sarge4_m68k.deb stable/main/binary-m68k/libssl-dev_0.9.7e-3sarge4_m68k.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-ia64/libssl0.9.7_0.9.7e-3sarge4_ia64.deb stable/main/binary-ia64/libcrypto0.9.7-udeb_0.9.7e-3sarge4_ia64.udeb stable/main/binary-ia64/openssl_0.9.7e-3sarge4_ia64.deb stable/main/binary-ia64/libssl-dev_0.9.7e-3sarge4_ia64.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-hppa/openssl_0.9.7e-3sarge4_hppa.deb stable/main/binary-hppa/libssl0.9.7_0.9.7e-3sarge4_hppa.deb stable/main/binary-hppa/libssl-dev_0.9.7e-3sarge4_hppa.deb stable/main/binary-hppa/libcrypto0.9.7-udeb_0.9.7e-3sarge4_hppa.udeb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-arm/openssl_0.9.7e-3sarge4_arm.deb stable/main/binary-arm/libcrypto0.9.7-udeb_0.9.7e-3sarge4_arm.udeb stable/main/binary-arm/libssl-dev_0.9.7e-3sarge4_arm.deb stable/main/binary-arm/libssl0.9.7_0.9.7e-3sarge4_arm.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-alpha/libcrypto0.9.7-udeb_0.9.7e-3sarge4_alpha.udeb stable/main/binary-alpha/libssl-dev_0.9.7e-3sarge4_alpha.deb stable/main/binary-alpha/openssl_0.9.7e-3sarge4_alpha.deb stable/main/binary-alpha/libssl0.9.7_0.9.7e-3sarge4_alpha.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/source/openssl_0.9.7e-3sarge4.diff.gz stable/main/binary-i386/libcrypto0.9.7-udeb_0.9.7e-3sarge4_i386.udeb stable/main/binary-i386/openssl_0.9.7e-3sarge4_i386.deb stable/main/binary-i386/libssl-dev_0.9.7e-3sarge4_i386.deb stable/main/source/openssl_0.9.7e-3sarge4.dsc stable/main/binary-i386/libssl0.9.7_0.9.7e-3sarge4_i386.deb openssl (0.9.7e-3sarge4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correct patch for CVE-2006-2940 to avoid the possibility of dereferencing an uninitialized pointer. stable/main/binary-sparc/ssh-krb5_3.8.1p1-7sarge1_sparc.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-s390/ssh-krb5_3.8.1p1-7sarge1_s390.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-powerpc/ssh-krb5_3.8.1p1-7sarge1_powerpc.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-mipsel/ssh-krb5_3.8.1p1-7sarge1_mipsel.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-mips/ssh-krb5_3.8.1p1-7sarge1_mips.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-m68k/ssh-krb5_3.8.1p1-7sarge1_m68k.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-ia64/ssh-krb5_3.8.1p1-7sarge1_ia64.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-hppa/ssh-krb5_3.8.1p1-7sarge1_hppa.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-arm/ssh-krb5_3.8.1p1-7sarge1_arm.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-alpha/ssh-krb5_3.8.1p1-7sarge1_alpha.deb openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/source/openssh-krb5_3.8.1p1-7sarge1.dsc stable/main/binary-i386/ssh-krb5_3.8.1p1-7sarge1_i386.deb stable/main/source/openssh-krb5_3.8.1p1-7sarge1.diff.gz openssh-krb5 (3.8.1p1-7sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix potential code injection through double free() in fatal() signal handler. (CVE-2006-5051) * Fix CPU exhaustion vulnerability in CRC attack detection. (CVE-2006-4924) stable/main/binary-sparc/mailman_2.1.5-8sarge5_sparc.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-s390/mailman_2.1.5-8sarge5_s390.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-mipsel/mailman_2.1.5-8sarge5_mipsel.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-mips/mailman_2.1.5-8sarge5_mips.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-m68k/mailman_2.1.5-8sarge5_m68k.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-ia64/mailman_2.1.5-8sarge5_ia64.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-i386/mailman_2.1.5-8sarge5_i386.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-hppa/mailman_2.1.5-8sarge5_hppa.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-arm/mailman_2.1.5-8sarge5_arm.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-alpha/mailman_2.1.5-8sarge5_alpha.deb mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/source/mailman_2.1.5-8sarge5.dsc stable/main/binary-powerpc/mailman_2.1.5-8sarge5_powerpc.deb stable/main/source/mailman_2.1.5-8sarge5.diff.gz mailman (2.1.5-8sarge5) stable-security; urgency=high * Security update: log injection CVE-2006-4624 stable/main/binary-sparc/xfs-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/reiserfs-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/source/linux-kernel-di-sparc_0.64sarge2.dsc stable/main/binary-sparc/ext3-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ext3-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/kernel-image-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/nic-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/firmware-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/cdrom-core-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ipv6-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/reiserfs-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/loop-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ppp-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ppp-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/md-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/scsi-core-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ipv6-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/nic-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/scsi-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/firewire-core-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/cdrom-core-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/scsi-core-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/source/linux-kernel-di-sparc_0.64sarge2.tar.gz stable/main/binary-sparc/xfs-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/loop-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/ide-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/md-modules-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/scsi-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/kernel-image-2.4.27-3-sparc32-di_0.64sarge2_sparc.udeb stable/main/binary-sparc/usb-modules-2.4.27-3-sparc64-di_0.64sarge2_sparc.udeb linux-kernel-di-sparc (0.64sarge2) stable; urgency=low * Rebuild because of missing modules in 0.64sarge1 for sparc32. stable/main/binary-sparc/libwmf-bin_0.2.8.3-2sarge1_sparc.deb stable/main/binary-sparc/libwmf0.2-7_0.2.8.3-2sarge1_sparc.deb stable/main/binary-sparc/libwmf-dev_0.2.8.3-2sarge1_sparc.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-s390/libwmf0.2-7_0.2.8.3-2sarge1_s390.deb stable/main/binary-s390/libwmf-bin_0.2.8.3-2sarge1_s390.deb stable/main/binary-s390/libwmf-dev_0.2.8.3-2sarge1_s390.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-powerpc/libwmf-bin_0.2.8.3-2sarge1_powerpc.deb stable/main/binary-powerpc/libwmf0.2-7_0.2.8.3-2sarge1_powerpc.deb stable/main/binary-powerpc/libwmf-dev_0.2.8.3-2sarge1_powerpc.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-mipsel/libwmf0.2-7_0.2.8.3-2sarge1_mipsel.deb stable/main/binary-mipsel/libwmf-bin_0.2.8.3-2sarge1_mipsel.deb stable/main/binary-mipsel/libwmf-dev_0.2.8.3-2sarge1_mipsel.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-mips/libwmf-bin_0.2.8.3-2sarge1_mips.deb stable/main/binary-mips/libwmf0.2-7_0.2.8.3-2sarge1_mips.deb stable/main/binary-mips/libwmf-dev_0.2.8.3-2sarge1_mips.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-m68k/libwmf-bin_0.2.8.3-2sarge1_m68k.deb stable/main/binary-m68k/libwmf-dev_0.2.8.3-2sarge1_m68k.deb stable/main/binary-m68k/libwmf0.2-7_0.2.8.3-2sarge1_m68k.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-ia64/libwmf-bin_0.2.8.3-2sarge1_ia64.deb stable/main/binary-ia64/libwmf0.2-7_0.2.8.3-2sarge1_ia64.deb stable/main/binary-ia64/libwmf-dev_0.2.8.3-2sarge1_ia64.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-hppa/libwmf0.2-7_0.2.8.3-2sarge1_hppa.deb stable/main/binary-hppa/libwmf-bin_0.2.8.3-2sarge1_hppa.deb stable/main/binary-hppa/libwmf-dev_0.2.8.3-2sarge1_hppa.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-arm/libwmf-dev_0.2.8.3-2sarge1_arm.deb stable/main/binary-arm/libwmf0.2-7_0.2.8.3-2sarge1_arm.deb stable/main/binary-arm/libwmf-bin_0.2.8.3-2sarge1_arm.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-alpha/libwmf-dev_0.2.8.3-2sarge1_alpha.deb stable/main/binary-alpha/libwmf0.2-7_0.2.8.3-2sarge1_alpha.deb stable/main/binary-alpha/libwmf-bin_0.2.8.3-2sarge1_alpha.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-i386/libwmf-dev_0.2.8.3-2sarge1_i386.deb stable/main/binary-i386/libwmf0.2-7_0.2.8.3-2sarge1_i386.deb stable/main/binary-all/libwmf-doc_0.2.8.3-2sarge1_all.deb stable/main/source/libwmf_0.2.8.3-2sarge1.dsc stable/main/source/libwmf_0.2.8.3-2sarge1.diff.gz stable/main/binary-i386/libwmf-bin_0.2.8.3-2sarge1_i386.deb libwmf (0.2.8.3-2sarge1) stable-security; urgency=high * NMU by the Security Team: * Fix integer overflow in player.c (CVE-2006-3376) stable/main/binary-sparc/libmusicbrainz4-dev_2.1.1-3sarge1_sparc.deb stable/main/binary-sparc/libmusicbrainz4_2.1.1-3sarge1_sparc.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-s390/libmusicbrainz4-dev_2.1.1-3sarge1_s390.deb stable/main/binary-s390/libmusicbrainz4_2.1.1-3sarge1_s390.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-mipsel/libmusicbrainz4-dev_2.1.1-3sarge1_mipsel.deb stable/main/binary-mipsel/libmusicbrainz4_2.1.1-3sarge1_mipsel.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-mips/libmusicbrainz4-dev_2.1.1-3sarge1_mips.deb stable/main/binary-mips/libmusicbrainz4_2.1.1-3sarge1_mips.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-m68k/libmusicbrainz4_2.1.1-3sarge1_m68k.deb stable/main/binary-m68k/libmusicbrainz4-dev_2.1.1-3sarge1_m68k.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-ia64/libmusicbrainz4-dev_2.1.1-3sarge1_ia64.deb stable/main/binary-ia64/libmusicbrainz4_2.1.1-3sarge1_ia64.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-i386/libmusicbrainz4_2.1.1-3sarge1_i386.deb stable/main/binary-i386/libmusicbrainz4-dev_2.1.1-3sarge1_i386.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-hppa/libmusicbrainz4-dev_2.1.1-3sarge1_hppa.deb stable/main/binary-hppa/libmusicbrainz4_2.1.1-3sarge1_hppa.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-arm/libmusicbrainz4-dev_2.1.1-3sarge1_arm.deb stable/main/binary-arm/libmusicbrainz4_2.1.1-3sarge1_arm.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-alpha/libmusicbrainz4-dev_2.1.1-3sarge1_alpha.deb stable/main/binary-alpha/libmusicbrainz4_2.1.1-3sarge1_alpha.deb libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/source/libmusicbrainz-2.1_2.1.1-3sarge1.dsc stable/main/binary-powerpc/libmusicbrainz4_2.1.1-3sarge1_powerpc.deb stable/main/binary-powerpc/libmusicbrainz4-dev_2.1.1-3sarge1_powerpc.deb stable/main/source/libmusicbrainz-2.1_2.1.1-3sarge1.diff.gz libmusicbrainz-2.1 (2.1.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/02-CVE-2006-4197.patch] stable/main/binary-sparc/python2.1-musicbrainz_2.0.2-10sarge1_sparc.deb stable/main/binary-sparc/python2.2-musicbrainz_2.0.2-10sarge1_sparc.deb stable/main/binary-sparc/python-musicbrainz_2.0.2-10sarge1_sparc.deb stable/main/binary-sparc/python2.3-musicbrainz_2.0.2-10sarge1_sparc.deb stable/main/binary-sparc/libmusicbrainz2-dev_2.0.2-10sarge1_sparc.deb stable/main/binary-sparc/libmusicbrainz2_2.0.2-10sarge1_sparc.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-s390/python2.2-musicbrainz_2.0.2-10sarge1_s390.deb stable/main/binary-s390/python-musicbrainz_2.0.2-10sarge1_s390.deb stable/main/binary-s390/python2.1-musicbrainz_2.0.2-10sarge1_s390.deb stable/main/binary-s390/libmusicbrainz2_2.0.2-10sarge1_s390.deb stable/main/binary-s390/python2.3-musicbrainz_2.0.2-10sarge1_s390.deb stable/main/binary-s390/libmusicbrainz2-dev_2.0.2-10sarge1_s390.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-mipsel/python2.2-musicbrainz_2.0.2-10sarge1_mipsel.deb stable/main/binary-mipsel/python2.1-musicbrainz_2.0.2-10sarge1_mipsel.deb stable/main/binary-mipsel/python-musicbrainz_2.0.2-10sarge1_mipsel.deb stable/main/binary-mipsel/libmusicbrainz2_2.0.2-10sarge1_mipsel.deb stable/main/binary-mipsel/libmusicbrainz2-dev_2.0.2-10sarge1_mipsel.deb stable/main/binary-mipsel/python2.3-musicbrainz_2.0.2-10sarge1_mipsel.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-mips/libmusicbrainz2-dev_2.0.2-10sarge1_mips.deb stable/main/binary-mips/libmusicbrainz2_2.0.2-10sarge1_mips.deb stable/main/binary-mips/python2.2-musicbrainz_2.0.2-10sarge1_mips.deb stable/main/binary-mips/python2.3-musicbrainz_2.0.2-10sarge1_mips.deb stable/main/binary-mips/python2.1-musicbrainz_2.0.2-10sarge1_mips.deb stable/main/binary-mips/python-musicbrainz_2.0.2-10sarge1_mips.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-m68k/python2.3-musicbrainz_2.0.2-10sarge1_m68k.deb stable/main/binary-m68k/python-musicbrainz_2.0.2-10sarge1_m68k.deb stable/main/binary-m68k/libmusicbrainz2_2.0.2-10sarge1_m68k.deb stable/main/binary-m68k/python2.1-musicbrainz_2.0.2-10sarge1_m68k.deb stable/main/binary-m68k/libmusicbrainz2-dev_2.0.2-10sarge1_m68k.deb stable/main/binary-m68k/python2.2-musicbrainz_2.0.2-10sarge1_m68k.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-ia64/libmusicbrainz2-dev_2.0.2-10sarge1_ia64.deb stable/main/binary-ia64/python-musicbrainz_2.0.2-10sarge1_ia64.deb stable/main/binary-ia64/python2.1-musicbrainz_2.0.2-10sarge1_ia64.deb stable/main/binary-ia64/python2.3-musicbrainz_2.0.2-10sarge1_ia64.deb stable/main/binary-ia64/libmusicbrainz2_2.0.2-10sarge1_ia64.deb stable/main/binary-ia64/python2.2-musicbrainz_2.0.2-10sarge1_ia64.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-i386/python2.3-musicbrainz_2.0.2-10sarge1_i386.deb stable/main/binary-i386/python2.2-musicbrainz_2.0.2-10sarge1_i386.deb stable/main/binary-i386/python-musicbrainz_2.0.2-10sarge1_i386.deb stable/main/binary-i386/libmusicbrainz2_2.0.2-10sarge1_i386.deb stable/main/binary-i386/python2.1-musicbrainz_2.0.2-10sarge1_i386.deb stable/main/binary-i386/libmusicbrainz2-dev_2.0.2-10sarge1_i386.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-hppa/python-musicbrainz_2.0.2-10sarge1_hppa.deb stable/main/binary-hppa/libmusicbrainz2-dev_2.0.2-10sarge1_hppa.deb stable/main/binary-hppa/python2.2-musicbrainz_2.0.2-10sarge1_hppa.deb stable/main/binary-hppa/libmusicbrainz2_2.0.2-10sarge1_hppa.deb stable/main/binary-hppa/python2.1-musicbrainz_2.0.2-10sarge1_hppa.deb stable/main/binary-hppa/python2.3-musicbrainz_2.0.2-10sarge1_hppa.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-arm/libmusicbrainz2_2.0.2-10sarge1_arm.deb stable/main/binary-arm/python2.1-musicbrainz_2.0.2-10sarge1_arm.deb stable/main/binary-arm/libmusicbrainz2-dev_2.0.2-10sarge1_arm.deb stable/main/binary-arm/python2.3-musicbrainz_2.0.2-10sarge1_arm.deb stable/main/binary-arm/python-musicbrainz_2.0.2-10sarge1_arm.deb stable/main/binary-arm/python2.2-musicbrainz_2.0.2-10sarge1_arm.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-alpha/python2.2-musicbrainz_2.0.2-10sarge1_alpha.deb stable/main/binary-alpha/python-musicbrainz_2.0.2-10sarge1_alpha.deb stable/main/binary-alpha/libmusicbrainz2-dev_2.0.2-10sarge1_alpha.deb stable/main/binary-alpha/python2.3-musicbrainz_2.0.2-10sarge1_alpha.deb stable/main/binary-alpha/libmusicbrainz2_2.0.2-10sarge1_alpha.deb stable/main/binary-alpha/python2.1-musicbrainz_2.0.2-10sarge1_alpha.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/source/libmusicbrainz-2.0_2.0.2-10sarge1.diff.gz stable/main/binary-powerpc/python-musicbrainz_2.0.2-10sarge1_powerpc.deb stable/main/binary-powerpc/libmusicbrainz2-dev_2.0.2-10sarge1_powerpc.deb stable/main/source/libmusicbrainz-2.0_2.0.2-10sarge1.dsc stable/main/binary-powerpc/libmusicbrainz2_2.0.2-10sarge1_powerpc.deb stable/main/binary-powerpc/python2.1-musicbrainz_2.0.2-10sarge1_powerpc.deb stable/main/binary-powerpc/python2.2-musicbrainz_2.0.2-10sarge1_powerpc.deb stable/main/binary-powerpc/python2.3-musicbrainz_2.0.2-10sarge1_powerpc.deb libmusicbrainz-2.0 (2.0.2-10sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Added patch by Lukász Lalinsky and me to fix several buffer overflows [lib/http.cpp, lib/rdfparse.c, debian/patches/03-CVE-2006-4197.patch] stable/main/binary-m68k/mips-tools_2.4.27-10.sarge4.040815-1_m68k.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-ia64/mips-tools_2.4.27-10.sarge4.040815-1_ia64.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-hppa/mips-tools_2.4.27-10.sarge4.040815-1_hppa.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-arm/mips-tools_2.4.27-10.sarge4.040815-1_arm.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-alpha/mips-tools_2.4.27-10.sarge4.040815-1_alpha.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/source/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-1.tar.gz stable/main/source/kernel-patch-2.4.27-mips_2.4.27-10.sarge4.040815-1.dsc stable/main/binary-i386/mips-tools_2.4.27-10.sarge4.040815-1_i386.deb kernel-patch-2.4.27-mips (2.4.27-10.sarge4.040815-1) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/source/kernel-image-speakup-i386_2.4.27-1.1sarge3.tar.gz stable/main/source/kernel-image-speakup-i386_2.4.27-1.1sarge3.dsc stable/main/binary-i386/kernel-headers-2.4.27-speakup_2.4.27-1.1sarge3_i386.deb stable/main/binary-i386/kernel-image-2.4.27-speakup_2.4.27-1.1sarge3_i386.deb stable/main/binary-all/kernel-doc-2.4.27-speakup_2.4.27-1.1sarge3_all.deb kernel-image-speakup-i386 (2.4.27-1.1sarge3) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-sparc/kernel-image-2.6.8-3-sparc32_2.6.8-15sarge5_sparc.deb stable/main/source/kernel-image-2.6.8-sparc_2.6.8-15sarge5.tar.gz stable/main/source/kernel-image-2.6.8-sparc_2.6.8-15sarge5.dsc stable/main/binary-sparc/kernel-build-2.6.8-3_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-headers-2.6.8-3-sparc64-smp_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-headers-2.6.8-3-sparc64_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-headers-2.6.8-3_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-headers-2.6.8-3-sparc32_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-image-2.6.8-3-sparc64-smp_2.6.8-15sarge5_sparc.deb stable/main/binary-sparc/kernel-image-2.6.8-3-sparc64_2.6.8-15sarge5_sparc.deb kernel-image-2.6.8-sparc (2.6.8-15sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-s390/kernel-image-2.6.8-3-s390x_2.6.8-5sarge5_s390.deb stable/main/binary-s390/kernel-image-2.6.8-3-s390_2.6.8-5sarge5_s390.deb stable/main/binary-s390/kernel-headers-2.6.8-3_2.6.8-5sarge5_s390.deb stable/main/binary-s390/kernel-image-2.6.8-3-s390-tape_2.6.8-5sarge5_s390.deb kernel-image-2.6.8-s390 (2.6.8-5sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/source/kernel-image-2.6.8-s390_2.6.8-5sarge5.tar.gz stable/main/source/kernel-image-2.6.8-s390_2.6.8-5sarge5.dsc stable/main/binary-all/kernel-patch-2.6.8-s390_2.6.8-5sarge5_all.deb kernel-image-2.6.8-s390 (2.6.8-5sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/source/kernel-image-2.6.8-m68k_2.6.8-4sarge5.tar.gz stable/main/binary-m68k/kernel-image-2.6.8-bvme6000_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-hp_2.6.8-4sarge5_m68k.deb stable/main/source/kernel-image-2.6.8-m68k_2.6.8-4sarge5.dsc stable/main/binary-m68k/kernel-image-2.6.8-mvme16x_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-amiga_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-q40_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-mac_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-sun3_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-mvme147_2.6.8-4sarge5_m68k.deb stable/main/binary-m68k/kernel-image-2.6.8-atari_2.6.8-4sarge5_m68k.deb kernel-image-2.6.8-m68k (2.6.8-4sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-ia64/kernel-headers-2.6.8-3-itanium-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6.8-3_2.6.8-14sarge5_ia64.deb stable/main/source/kernel-image-2.6.8-ia64_2.6.8-14sarge5.dsc stable/main/binary-ia64/kernel-headers-2.6-itanium-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6-mckinley_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6.8-3-itanium_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6-itanium_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6.8-3-mckinley-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6-mckinley-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6-mckinley-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6.8-3-itanium_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6.8-3-mckinley_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6.8-3-mckinley-smp_2.6.8-14sarge5_ia64.deb stable/main/source/kernel-image-2.6.8-ia64_2.6.8-14sarge5.tar.gz stable/main/binary-ia64/kernel-image-2.6.8-3-itanium-smp_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-headers-2.6-itanium_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6.8-3-mckinley_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6-mckinley_2.6.8-14sarge5_ia64.deb stable/main/binary-ia64/kernel-image-2.6-itanium-smp_2.6.8-14sarge5_ia64.deb kernel-image-2.6.8-ia64 (2.6.8-14sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-i386/kernel-image-2.6.8-3-686_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-image-2.6.8-3-k7_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3-k7_2.6.8-16sarge5_i386.deb stable/main/source/kernel-image-2.6.8-i386_2.6.8-16sarge5.tar.gz stable/main/binary-i386/kernel-image-2.6.8-3-686-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-image-2.6.8-3-386_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3-686_2.6.8-16sarge5_i386.deb stable/main/source/kernel-image-2.6.8-i386_2.6.8-16sarge5.dsc stable/main/binary-i386/kernel-image-2.6.8-3-k7-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3-386_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3-k7-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3-686-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-3_2.6.8-16sarge5_i386.deb kernel-image-2.6.8-i386 (2.6.8-16sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-hppa/kernel-image-2.6.8-3-64_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-headers-2.6.8-3-64-smp_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-image-2.6.8-3-32_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-headers-2.6.8-3_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-image-2.6.8-3-64-smp_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-headers-2.6.8-3-64_2.6.8-6sarge5_hppa.deb stable/main/source/kernel-image-2.6.8-hppa_2.6.8-6sarge5.tar.gz stable/main/source/kernel-image-2.6.8-hppa_2.6.8-6sarge5.dsc stable/main/binary-hppa/kernel-headers-2.6.8-3-32_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-headers-2.6.8-3-32-smp_2.6.8-6sarge5_hppa.deb stable/main/binary-hppa/kernel-image-2.6.8-3-32-smp_2.6.8-6sarge5_hppa.deb kernel-image-2.6.8-hppa (2.6.8-6sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/source/kernel-image-2.6.8-amd64_2.6.8-16sarge5.tar.gz stable/main/binary-i386/kernel-image-2.6.8-12-amd64-generic_2.6.8-16sarge5_i386.deb stable/main/source/kernel-image-2.6.8-amd64_2.6.8-16sarge5.dsc stable/main/binary-i386/kernel-image-2.6.8-12-em64t-p4_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-image-2.6.8-12-amd64-k8-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-image-2.6.8-12-amd64-k8_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12-amd64-k8_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12-amd64-generic_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-image-2.6.8-12-em64t-p4-smp_2.6.8-16sarge5_i386.deb stable/main/binary-i386/kernel-headers-2.6.8-12-em64t-p4_2.6.8-16sarge5_i386.deb kernel-image-2.6.8-amd64 (2.6.8-16sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-alpha/kernel-image-2.6.8-3-smp_2.6.8-16sarge5_alpha.deb stable/main/binary-alpha/kernel-image-2.6.8-3-generic_2.6.8-16sarge5_alpha.deb stable/main/binary-alpha/kernel-headers-2.6.8-3-smp_2.6.8-16sarge5_alpha.deb stable/main/source/kernel-image-2.6.8-alpha_2.6.8-16sarge5.tar.gz stable/main/binary-alpha/kernel-headers-2.6.8-3-generic_2.6.8-16sarge5_alpha.deb stable/main/binary-alpha/kernel-headers-2.6.8-3_2.6.8-16sarge5_alpha.deb stable/main/source/kernel-image-2.6.8-alpha_2.6.8-16sarge5.dsc kernel-image-2.6.8-alpha (2.6.8-16sarge5) stable-security; urgency=high * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 stable/main/binary-sparc/kernel-headers-2.4.27-3_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-image-2.4.27-3-sparc64_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-build-2.4.27-3_2.4.27-9sarge4_sparc.deb stable/main/source/kernel-image-2.4.27-sparc_2.4.27-9sarge4.dsc stable/main/binary-sparc/kernel-image-2.4.27-3-sparc32-smp_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-image-2.4.27-3-sparc64-smp_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-headers-2.4.27-3-sparc32-smp_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-headers-2.4.27-3-sparc64_2.4.27-9sarge4_sparc.deb stable/main/source/kernel-image-2.4.27-sparc_2.4.27-9sarge4.tar.gz stable/main/binary-sparc/kernel-headers-2.4.27-3-sparc32_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-headers-2.4.27-3-sparc64-smp_2.4.27-9sarge4_sparc.deb stable/main/binary-sparc/kernel-image-2.4.27-3-sparc32_2.4.27-9sarge4_sparc.deb kernel-image-2.4.27-sparc (2.4.27-9sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-s390/kernel-image-2.4.27-3-s390_2.4.27-2sarge4_s390.deb stable/main/binary-s390/kernel-image-2.4.27-3-s390x_2.4.27-2sarge4_s390.deb stable/main/binary-s390/kernel-headers-2.4.27-3_2.4.27-2sarge4_s390.deb stable/main/binary-s390/kernel-image-2.4.27-3-s390-tape_2.4.27-2sarge4_s390.deb stable/main/source/kernel-image-2.4.27-s390_2.4.27-2sarge4.tar.gz stable/main/source/kernel-image-2.4.27-s390_2.4.27-2sarge4.dsc kernel-image-2.4.27-s390 (2.4.27-2sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-m68k/kernel-image-2.4.27-amiga_2.4.27-3sarge4_m68k.deb stable/main/binary-m68k/kernel-image-2.4.27-mvme147_2.4.27-3sarge4_m68k.deb stable/main/source/kernel-image-2.4.27-m68k_2.4.27-3sarge4.dsc stable/main/binary-m68k/kernel-image-2.4.27-mac_2.4.27-3sarge4_m68k.deb stable/main/binary-m68k/kernel-image-2.4.27-atari_2.4.27-3sarge4_m68k.deb stable/main/binary-m68k/kernel-image-2.4.27-mvme16x_2.4.27-3sarge4_m68k.deb stable/main/binary-m68k/kernel-image-2.4.27-q40_2.4.27-3sarge4_m68k.deb stable/main/binary-m68k/kernel-image-2.4.27-bvme6000_2.4.27-3sarge4_m68k.deb stable/main/source/kernel-image-2.4.27-m68k_2.4.27-3sarge4.tar.gz kernel-image-2.4.27-m68k (2.4.27-3sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-ia64/kernel-image-2.4-mckinley-smp_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-image-2.4-itanium_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-headers-2.4.27-3-mckinley_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-image-2.4.27-3-mckinley-smp_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-image-2.4.27-3-itanium-smp_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-image-2.4-itanium-smp_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-headers-2.4.27-3-itanium-smp_2.4.27-10sarge4_ia64.deb stable/main/source/kernel-image-2.4.27-ia64_2.4.27-10sarge4.dsc stable/main/binary-ia64/kernel-image-2.4.27-3-itanium_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-headers-2.4.27-3-itanium_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-image-2.4.27-3-mckinley_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-headers-2.4.27-3_2.4.27-10sarge4_ia64.deb stable/main/source/kernel-image-2.4.27-ia64_2.4.27-10sarge4.tar.gz stable/main/binary-ia64/kernel-image-2.4-mckinley_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-headers-2.4.27-3-mckinley-smp_2.4.27-10sarge4_ia64.deb stable/main/binary-ia64/kernel-build-2.4.27-3_2.4.27-10sarge4_ia64.deb kernel-image-2.4.27-ia64 (2.4.27-10sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-i386/kernel-image-2.4.27-3-386_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-k7_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-k7_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-686_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-686_2.4.27-10sarge4_i386.deb stable/main/source/kernel-image-2.4.27-i386_2.4.27-10sarge4.tar.gz stable/main/binary-i386/kernel-headers-2.4.27-3-k7_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-k6_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-k6_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-build-2.4.27-3_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-k6_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-386_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-686-smp_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3-386_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-686_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-image-2.4.27-3-k7-smp_2.4.27-10sarge4_i386.deb stable/main/source/kernel-image-2.4.27-i386_2.4.27-10sarge4.dsc stable/main/binary-i386/kernel-pcmcia-modules-2.4.27-3-586tsc_2.4.27-10sarge4_i386.deb stable/main/binary-i386/kernel-headers-2.4.27-3_2.4.27-10sarge4_i386.deb kernel-image-2.4.27-i386 (2.4.27-10sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-arm/kernel-image-2.4.27-riscpc_2.4.27-2sarge4_arm.deb stable/main/binary-arm/kernel-image-2.4.27-riscstation_2.4.27-2sarge4_arm.deb stable/main/binary-arm/kernel-headers-2.4.27_2.4.27-2sarge4_arm.deb stable/main/source/kernel-image-2.4.27-arm_2.4.27-2sarge4.dsc stable/main/binary-arm/kernel-image-2.4.27-netwinder_2.4.27-2sarge4_arm.deb stable/main/binary-arm/kernel-build-2.4.27_2.4.27-2sarge4_arm.deb stable/main/source/kernel-image-2.4.27-arm_2.4.27-2sarge4.tar.gz stable/main/binary-arm/kernel-image-2.4.27-bast_2.4.27-2sarge4_arm.deb stable/main/binary-arm/kernel-image-2.4.27-lart_2.4.27-2sarge4_arm.deb kernel-image-2.4.27-arm (2.4.27-2sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/source/kernel-image-2.4.27-alpha_2.4.27-10sarge4.tar.gz stable/main/binary-alpha/kernel-headers-2.4.27-3_2.4.27-10sarge4_alpha.deb stable/main/binary-alpha/kernel-image-2.4.27-3-smp_2.4.27-10sarge4_alpha.deb stable/main/source/kernel-image-2.4.27-alpha_2.4.27-10sarge4.dsc stable/main/binary-alpha/kernel-headers-2.4.27-3-smp_2.4.27-10sarge4_alpha.deb stable/main/binary-alpha/kernel-build-2.4.27-3_2.4.27-10sarge4_alpha.deb stable/main/binary-alpha/kernel-headers-2.4.27-3-generic_2.4.27-10sarge4_alpha.deb stable/main/binary-alpha/kernel-image-2.4.27-3-generic_2.4.27-10sarge4_alpha.deb kernel-image-2.4.27-alpha (2.4.27-10sarge4) stable-security; urgency=high * Build against kernel-tree-2.4.27-10sarge4: * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-sparc/kdeprint_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/khelpcenter_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/ksysguardd_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/konsole_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/konqueror_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/ksmserver_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kcontrol_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kfind_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdesktop_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/libkonq4_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/konqueror-nsplugins_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kappfinder_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kate_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/klipper_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kwin_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdebase-kio-plugins_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/ktip_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/ksplash_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdebase-dev_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/libkonq4-dev_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdepasswd_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kpager_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdm_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kdebase-bin_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kmenuedit_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kpersonalizer_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/ksysguard_3.3.2-1sarge3_sparc.deb stable/main/binary-sparc/kicker_3.3.2-1sarge3_sparc.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-s390/kpersonalizer_3.3.2-1sarge3_s390.deb stable/main/binary-s390/konsole_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kfind_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdm_3.3.2-1sarge3_s390.deb stable/main/binary-s390/konqueror-nsplugins_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kicker_3.3.2-1sarge3_s390.deb stable/main/binary-s390/ktip_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdesktop_3.3.2-1sarge3_s390.deb stable/main/binary-s390/ksysguard_3.3.2-1sarge3_s390.deb stable/main/binary-s390/konqueror_3.3.2-1sarge3_s390.deb stable/main/binary-s390/ksplash_3.3.2-1sarge3_s390.deb stable/main/binary-s390/klipper_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdepasswd_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kate_3.3.2-1sarge3_s390.deb stable/main/binary-s390/libkonq4-dev_3.3.2-1sarge3_s390.deb stable/main/binary-s390/khelpcenter_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kmenuedit_3.3.2-1sarge3_s390.deb stable/main/binary-s390/ksysguardd_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdeprint_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kappfinder_3.3.2-1sarge3_s390.deb stable/main/binary-s390/ksmserver_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdebase-kio-plugins_3.3.2-1sarge3_s390.deb stable/main/binary-s390/libkonq4_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kcontrol_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdebase-bin_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kdebase-dev_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kpager_3.3.2-1sarge3_s390.deb stable/main/binary-s390/kwin_3.3.2-1sarge3_s390.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-powerpc/kdm_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kpersonalizer_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/ksysguard_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdesktop_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/ksplash_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kicker_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/ktip_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/konsole_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdebase-kio-plugins_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kwin_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kappfinder_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kpager_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/klipper_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/konqueror-nsplugins_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/libkonq4-dev_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/konqueror_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdebase-dev_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kate_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kcontrol_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kfind_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdeprint_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdepasswd_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/khelpcenter_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/libkonq4_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/ksysguardd_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kdebase-bin_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/ksmserver_3.3.2-1sarge3_powerpc.deb stable/main/binary-powerpc/kmenuedit_3.3.2-1sarge3_powerpc.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-mipsel/konqueror-nsplugins_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kicker_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdebase-dev_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/libkonq4-dev_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kpersonalizer_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdesktop_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/konsole_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/ksmserver_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/libkonq4_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/ktip_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdeprint_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kwin_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kate_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/ksplash_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kfind_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/konqueror_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdebase-bin_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kcontrol_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdm_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/klipper_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/ksysguardd_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kpager_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kmenuedit_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kappfinder_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/ksysguard_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdepasswd_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/khelpcenter_3.3.2-1sarge3_mipsel.deb stable/main/binary-mipsel/kdebase-kio-plugins_3.3.2-1sarge3_mipsel.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-mips/kcontrol_3.3.2-1sarge3_mips.deb stable/main/binary-mips/konqueror-nsplugins_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdepasswd_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdebase-kio-plugins_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdebase-bin_3.3.2-1sarge3_mips.deb stable/main/binary-mips/konqueror_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kfind_3.3.2-1sarge3_mips.deb stable/main/binary-mips/libkonq4-dev_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdeprint_3.3.2-1sarge3_mips.deb stable/main/binary-mips/klipper_3.3.2-1sarge3_mips.deb stable/main/binary-mips/ksplash_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kwin_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kappfinder_3.3.2-1sarge3_mips.deb stable/main/binary-mips/khelpcenter_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kpager_3.3.2-1sarge3_mips.deb stable/main/binary-mips/konsole_3.3.2-1sarge3_mips.deb stable/main/binary-mips/ksmserver_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kpersonalizer_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kate_3.3.2-1sarge3_mips.deb stable/main/binary-mips/ksysguard_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdm_3.3.2-1sarge3_mips.deb stable/main/binary-mips/ktip_3.3.2-1sarge3_mips.deb stable/main/binary-mips/ksysguardd_3.3.2-1sarge3_mips.deb stable/main/binary-mips/libkonq4_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kicker_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdesktop_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kdebase-dev_3.3.2-1sarge3_mips.deb stable/main/binary-mips/kmenuedit_3.3.2-1sarge3_mips.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-m68k/ksplash_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/libkonq4-dev_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdesktop_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/khelpcenter_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdepasswd_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/konqueror-nsplugins_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdebase-dev_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kappfinder_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kwin_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/libkonq4_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdm_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/ktip_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/klipper_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kpersonalizer_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kicker_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kmenuedit_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/ksysguard_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdebase-kio-plugins_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/konsole_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kcontrol_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/ksmserver_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kfind_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/ksysguardd_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdebase-bin_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kate_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kdeprint_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/kpager_3.3.2-1sarge3_m68k.deb stable/main/binary-m68k/konqueror_3.3.2-1sarge3_m68k.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-ia64/kdepasswd_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kcontrol_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/ksysguard_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/konqueror-nsplugins_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/libkonq4_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/ktip_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/ksysguardd_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kfind_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdesktop_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/konqueror_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdm_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/libkonq4-dev_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kpersonalizer_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/ksplash_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/ksmserver_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kicker_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kappfinder_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/khelpcenter_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kpager_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kwin_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/konsole_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kate_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/klipper_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdebase-kio-plugins_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdebase-bin_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kmenuedit_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdeprint_3.3.2-1sarge3_ia64.deb stable/main/binary-ia64/kdebase-dev_3.3.2-1sarge3_ia64.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-hppa/libkonq4-dev_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kcontrol_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/khelpcenter_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/ksysguardd_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/ksmserver_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kate_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdeprint_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdepasswd_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdebase-dev_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdesktop_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kpersonalizer_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/konqueror_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/konsole_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kpager_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdebase-kio-plugins_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/ktip_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/ksplash_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/ksysguard_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdm_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kappfinder_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/konqueror-nsplugins_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kfind_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kicker_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kdebase-bin_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/libkonq4_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kwin_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/klipper_3.3.2-1sarge3_hppa.deb stable/main/binary-hppa/kmenuedit_3.3.2-1sarge3_hppa.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-arm/khelpcenter_3.3.2-1sarge3_arm.deb stable/main/binary-arm/konqueror-nsplugins_3.3.2-1sarge3_arm.deb stable/main/binary-arm/ksplash_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kfind_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdebase-dev_3.3.2-1sarge3_arm.deb stable/main/binary-arm/konsole_3.3.2-1sarge3_arm.deb stable/main/binary-arm/konqueror_3.3.2-1sarge3_arm.deb stable/main/binary-arm/ktip_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdepasswd_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kicker_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kate_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdebase-bin_3.3.2-1sarge3_arm.deb stable/main/binary-arm/libkonq4_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kwin_3.3.2-1sarge3_arm.deb stable/main/binary-arm/libkonq4-dev_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kmenuedit_3.3.2-1sarge3_arm.deb stable/main/binary-arm/klipper_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdm_3.3.2-1sarge3_arm.deb stable/main/binary-arm/ksmserver_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kappfinder_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdebase-kio-plugins_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdesktop_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kpager_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kdeprint_3.3.2-1sarge3_arm.deb stable/main/binary-arm/ksysguard_3.3.2-1sarge3_arm.deb stable/main/binary-arm/ksysguardd_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kpersonalizer_3.3.2-1sarge3_arm.deb stable/main/binary-arm/kcontrol_3.3.2-1sarge3_arm.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-alpha/libkonq4_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/ksysguardd_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kcontrol_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kfind_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdesktop_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdepasswd_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/konqueror-nsplugins_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/konqueror_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdebase-bin_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/ksplash_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/ktip_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kwin_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/klipper_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kmenuedit_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kappfinder_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kpager_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/ksmserver_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kpersonalizer_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/khelpcenter_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdm_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/libkonq4-dev_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdeprint_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/ksysguard_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kicker_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdebase-dev_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kdebase-kio-plugins_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/konsole_3.3.2-1sarge3_alpha.deb stable/main/binary-alpha/kate_3.3.2-1sarge3_alpha.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-i386/kmenuedit_3.3.2-1sarge3_i386.deb stable/main/binary-i386/khelpcenter_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdebase-bin_3.3.2-1sarge3_i386.deb stable/main/binary-i386/ksysguard_3.3.2-1sarge3_i386.deb stable/main/binary-i386/konsole_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdm_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdepasswd_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kate_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kwin_3.3.2-1sarge3_i386.deb stable/main/binary-all/xfonts-konsole_3.3.2-1sarge3_all.deb stable/main/binary-i386/ksplash_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kpersonalizer_3.3.2-1sarge3_i386.deb stable/main/source/kdebase_3.3.2-1sarge3.dsc stable/main/binary-i386/kpager_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kappfinder_3.3.2-1sarge3_i386.deb stable/main/binary-i386/ksysguardd_3.3.2-1sarge3_i386.deb stable/main/binary-i386/ksmserver_3.3.2-1sarge3_i386.deb stable/main/binary-all/kdebase-data_3.3.2-1sarge3_all.deb stable/main/binary-i386/kcontrol_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdebase-dev_3.3.2-1sarge3_i386.deb stable/main/binary-i386/konqueror_3.3.2-1sarge3_i386.deb stable/main/source/kdebase_3.3.2-1sarge3.diff.gz stable/main/binary-i386/kfind_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kicker_3.3.2-1sarge3_i386.deb stable/main/binary-i386/klipper_3.3.2-1sarge3_i386.deb stable/main/binary-i386/ktip_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdebase-kio-plugins_3.3.2-1sarge3_i386.deb stable/main/binary-i386/kdesktop_3.3.2-1sarge3_i386.deb stable/main/binary-i386/libkonq4_3.3.2-1sarge3_i386.deb stable/main/binary-all/kdebase_3.3.2-1sarge3_all.deb stable/main/binary-i386/konqueror-nsplugins_3.3.2-1sarge3_i386.deb stable/main/binary-all/kdebase-doc_3.3.2-1sarge3_all.deb stable/main/binary-i386/kdeprint_3.3.2-1sarge3_i386.deb stable/main/binary-i386/libkonq4-dev_3.3.2-1sarge3_i386.deb kdebase (4:3.3.2-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix information disclosure vulnerability in kdm [debian/patches/17_CVE-2006-2449-information-disclosure.diff] stable/main/binary-sparc/isakmpd_20041012-1sarge1_sparc.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-s390/isakmpd_20041012-1sarge1_s390.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-powerpc/isakmpd_20041012-1sarge1_powerpc.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-mipsel/isakmpd_20041012-1sarge1_mipsel.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-mips/isakmpd_20041012-1sarge1_mips.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-m68k/isakmpd_20041012-1sarge1_m68k.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-ia64/isakmpd_20041012-1sarge1_ia64.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-hppa/isakmpd_20041012-1sarge1_hppa.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-arm/isakmpd_20041012-1sarge1_arm.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-alpha/isakmpd_20041012-1sarge1_alpha.deb isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-i386/isakmpd_20041012-1sarge1_i386.deb stable/main/source/isakmpd_20041012-1sarge1.dsc stable/main/source/isakmpd_20041012-1sarge1.diff.gz isakmpd (20041012-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Apply upstream patch to correct CVE-2006-4436 (Debian bug #385894) stable/main/binary-sparc/libmagick++6_6.0.6.2-2.7_sparc.deb stable/main/binary-sparc/libmagick6_6.0.6.2-2.7_sparc.deb stable/main/binary-sparc/imagemagick_6.0.6.2-2.7_sparc.deb stable/main/binary-sparc/perlmagick_6.0.6.2-2.7_sparc.deb stable/main/binary-sparc/libmagick6-dev_6.0.6.2-2.7_sparc.deb stable/main/binary-sparc/libmagick++6-dev_6.0.6.2-2.7_sparc.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-s390/libmagick6-dev_6.0.6.2-2.7_s390.deb stable/main/binary-s390/perlmagick_6.0.6.2-2.7_s390.deb stable/main/binary-s390/libmagick++6_6.0.6.2-2.7_s390.deb stable/main/binary-s390/imagemagick_6.0.6.2-2.7_s390.deb stable/main/binary-s390/libmagick++6-dev_6.0.6.2-2.7_s390.deb stable/main/binary-s390/libmagick6_6.0.6.2-2.7_s390.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-powerpc/libmagick6_6.0.6.2-2.7_powerpc.deb stable/main/binary-powerpc/libmagick++6-dev_6.0.6.2-2.7_powerpc.deb stable/main/binary-powerpc/imagemagick_6.0.6.2-2.7_powerpc.deb stable/main/binary-powerpc/libmagick++6_6.0.6.2-2.7_powerpc.deb stable/main/binary-powerpc/libmagick6-dev_6.0.6.2-2.7_powerpc.deb stable/main/binary-powerpc/perlmagick_6.0.6.2-2.7_powerpc.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-mipsel/perlmagick_6.0.6.2-2.7_mipsel.deb stable/main/binary-mipsel/libmagick++6-dev_6.0.6.2-2.7_mipsel.deb stable/main/binary-mipsel/libmagick6-dev_6.0.6.2-2.7_mipsel.deb stable/main/binary-mipsel/libmagick++6_6.0.6.2-2.7_mipsel.deb stable/main/binary-mipsel/imagemagick_6.0.6.2-2.7_mipsel.deb stable/main/binary-mipsel/libmagick6_6.0.6.2-2.7_mipsel.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-mips/libmagick++6-dev_6.0.6.2-2.7_mips.deb stable/main/binary-mips/perlmagick_6.0.6.2-2.7_mips.deb stable/main/binary-mips/libmagick6_6.0.6.2-2.7_mips.deb stable/main/binary-mips/libmagick6-dev_6.0.6.2-2.7_mips.deb stable/main/binary-mips/libmagick++6_6.0.6.2-2.7_mips.deb stable/main/binary-mips/imagemagick_6.0.6.2-2.7_mips.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-m68k/imagemagick_6.0.6.2-2.7_m68k.deb stable/main/binary-m68k/libmagick++6_6.0.6.2-2.7_m68k.deb stable/main/binary-m68k/libmagick6-dev_6.0.6.2-2.7_m68k.deb stable/main/binary-m68k/perlmagick_6.0.6.2-2.7_m68k.deb stable/main/binary-m68k/libmagick6_6.0.6.2-2.7_m68k.deb stable/main/binary-m68k/libmagick++6-dev_6.0.6.2-2.7_m68k.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-ia64/perlmagick_6.0.6.2-2.7_ia64.deb stable/main/binary-ia64/libmagick++6-dev_6.0.6.2-2.7_ia64.deb stable/main/binary-ia64/libmagick6_6.0.6.2-2.7_ia64.deb stable/main/binary-ia64/libmagick6-dev_6.0.6.2-2.7_ia64.deb stable/main/binary-ia64/imagemagick_6.0.6.2-2.7_ia64.deb stable/main/binary-ia64/libmagick++6_6.0.6.2-2.7_ia64.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-hppa/perlmagick_6.0.6.2-2.7_hppa.deb stable/main/binary-hppa/libmagick6-dev_6.0.6.2-2.7_hppa.deb stable/main/binary-hppa/libmagick++6_6.0.6.2-2.7_hppa.deb stable/main/binary-hppa/imagemagick_6.0.6.2-2.7_hppa.deb stable/main/binary-hppa/libmagick++6-dev_6.0.6.2-2.7_hppa.deb stable/main/binary-hppa/libmagick6_6.0.6.2-2.7_hppa.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-arm/perlmagick_6.0.6.2-2.7_arm.deb stable/main/binary-arm/libmagick6-dev_6.0.6.2-2.7_arm.deb stable/main/binary-arm/libmagick++6_6.0.6.2-2.7_arm.deb stable/main/binary-arm/libmagick++6-dev_6.0.6.2-2.7_arm.deb stable/main/binary-arm/libmagick6_6.0.6.2-2.7_arm.deb stable/main/binary-arm/imagemagick_6.0.6.2-2.7_arm.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-alpha/libmagick++6-dev_6.0.6.2-2.7_alpha.deb stable/main/binary-alpha/imagemagick_6.0.6.2-2.7_alpha.deb stable/main/binary-alpha/libmagick6_6.0.6.2-2.7_alpha.deb stable/main/binary-alpha/libmagick6-dev_6.0.6.2-2.7_alpha.deb stable/main/binary-alpha/libmagick++6_6.0.6.2-2.7_alpha.deb stable/main/binary-alpha/perlmagick_6.0.6.2-2.7_alpha.deb imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-i386/libmagick++6_6.0.6.2-2.7_i386.deb stable/main/binary-i386/libmagick6-dev_6.0.6.2-2.7_i386.deb stable/main/binary-i386/libmagick6_6.0.6.2-2.7_i386.deb stable/main/binary-i386/libmagick++6-dev_6.0.6.2-2.7_i386.deb stable/main/source/imagemagick_6.0.6.2-2.7.dsc stable/main/binary-i386/perlmagick_6.0.6.2-2.7_i386.deb stable/main/binary-i386/imagemagick_6.0.6.2-2.7_i386.deb stable/main/source/imagemagick_6.0.6.2-2.7.diff.gz imagemagick (6:6.0.6.2-2.7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fix buffer overflows in SUN bitmap decoder [CVE-2006-3744] * Fix buffer overflows in XCF decoder [CVE-2006-3743] * Fix buffer overflow in display(1) [CVE-2006-2440] stable/main/binary-sparc/gzip_1.3.5-10sarge2_sparc.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-s390/gzip_1.3.5-10sarge2_s390.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-powerpc/gzip_1.3.5-10sarge2_powerpc.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-mipsel/gzip_1.3.5-10sarge2_mipsel.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-mips/gzip_1.3.5-10sarge2_mips.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-m68k/gzip_1.3.5-10sarge2_m68k.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-ia64/gzip_1.3.5-10sarge2_ia64.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-hppa/gzip_1.3.5-10sarge2_hppa.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-arm/gzip_1.3.5-10sarge2_arm.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-alpha/gzip_1.3.5-10sarge2_alpha.deb gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-i386/gzip_1.3.5-10sarge2_i386.deb stable/main/source/gzip_1.3.5-10sarge2.dsc stable/main/source/gzip_1.3.5-10sarge2.diff.gz gzip (1.3.5-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several security problems discovered by Tavis Ormandy of Google: - DoS through null pointer deference in the Huffman code (CVE-2006-4334) - Out-of-bands stack write in LZH decompression code (CVE-2006-4335) - Buffer overflow in pack code (CVE-2006-4336) - Buffer overflow in LZH code (CVE-2006-4337) - DoS through an infinite loop in LZH code (CVE-2006-4337) (Patch by Thomas Biege of SuSe) stable/main/binary-sparc/gtetrinet_0.7.8-1sarge2_sparc.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-s390/gtetrinet_0.7.8-1sarge2_s390.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-mipsel/gtetrinet_0.7.8-1sarge2_mipsel.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-mips/gtetrinet_0.7.8-1sarge2_mips.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-m68k/gtetrinet_0.7.8-1sarge2_m68k.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-ia64/gtetrinet_0.7.8-1sarge2_ia64.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-i386/gtetrinet_0.7.8-1sarge2_i386.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-hppa/gtetrinet_0.7.8-1sarge2_hppa.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-arm/gtetrinet_0.7.8-1sarge2_arm.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-alpha/gtetrinet_0.7.8-1sarge2_alpha.deb gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/source/gtetrinet_0.7.8-1sarge2.dsc stable/main/binary-powerpc/gtetrinet_0.7.8-1sarge2_powerpc.deb stable/main/source/gtetrinet_0.7.8-1sarge2.diff.gz gtetrinet (0.7.8-1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild to bypass alpha buildd problems stable/main/binary-sparc/libgnutls11_1.0.16-13.2sarge2_sparc.deb stable/main/binary-sparc/libgnutls11-dbg_1.0.16-13.2sarge2_sparc.deb stable/main/binary-sparc/gnutls-bin_1.0.16-13.2sarge2_sparc.deb stable/main/binary-sparc/libgnutls11-dev_1.0.16-13.2sarge2_sparc.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-s390/libgnutls11_1.0.16-13.2sarge2_s390.deb stable/main/binary-s390/libgnutls11-dbg_1.0.16-13.2sarge2_s390.deb stable/main/binary-s390/gnutls-bin_1.0.16-13.2sarge2_s390.deb stable/main/binary-s390/libgnutls11-dev_1.0.16-13.2sarge2_s390.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-powerpc/gnutls-bin_1.0.16-13.2sarge2_powerpc.deb stable/main/binary-powerpc/libgnutls11-dev_1.0.16-13.2sarge2_powerpc.deb stable/main/binary-powerpc/libgnutls11_1.0.16-13.2sarge2_powerpc.deb stable/main/binary-powerpc/libgnutls11-dbg_1.0.16-13.2sarge2_powerpc.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-mipsel/libgnutls11_1.0.16-13.2sarge2_mipsel.deb stable/main/binary-mipsel/libgnutls11-dbg_1.0.16-13.2sarge2_mipsel.deb stable/main/binary-mipsel/gnutls-bin_1.0.16-13.2sarge2_mipsel.deb stable/main/binary-mipsel/libgnutls11-dev_1.0.16-13.2sarge2_mipsel.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-mips/libgnutls11_1.0.16-13.2sarge2_mips.deb stable/main/binary-mips/libgnutls11-dev_1.0.16-13.2sarge2_mips.deb stable/main/binary-mips/gnutls-bin_1.0.16-13.2sarge2_mips.deb stable/main/binary-mips/libgnutls11-dbg_1.0.16-13.2sarge2_mips.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-m68k/libgnutls11-dev_1.0.16-13.2sarge2_m68k.deb stable/main/binary-m68k/gnutls-bin_1.0.16-13.2sarge2_m68k.deb stable/main/binary-m68k/libgnutls11_1.0.16-13.2sarge2_m68k.deb stable/main/binary-m68k/libgnutls11-dbg_1.0.16-13.2sarge2_m68k.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-ia64/libgnutls11-dbg_1.0.16-13.2sarge2_ia64.deb stable/main/binary-ia64/libgnutls11_1.0.16-13.2sarge2_ia64.deb stable/main/binary-ia64/gnutls-bin_1.0.16-13.2sarge2_ia64.deb stable/main/binary-ia64/libgnutls11-dev_1.0.16-13.2sarge2_ia64.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-hppa/libgnutls11_1.0.16-13.2sarge2_hppa.deb stable/main/binary-hppa/libgnutls11-dbg_1.0.16-13.2sarge2_hppa.deb stable/main/binary-hppa/gnutls-bin_1.0.16-13.2sarge2_hppa.deb stable/main/binary-hppa/libgnutls11-dev_1.0.16-13.2sarge2_hppa.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-arm/libgnutls11-dbg_1.0.16-13.2sarge2_arm.deb stable/main/binary-arm/libgnutls11_1.0.16-13.2sarge2_arm.deb stable/main/binary-arm/libgnutls11-dev_1.0.16-13.2sarge2_arm.deb stable/main/binary-arm/gnutls-bin_1.0.16-13.2sarge2_arm.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-alpha/libgnutls11-dbg_1.0.16-13.2sarge2_alpha.deb stable/main/binary-alpha/libgnutls11_1.0.16-13.2sarge2_alpha.deb stable/main/binary-alpha/libgnutls11-dev_1.0.16-13.2sarge2_alpha.deb stable/main/binary-alpha/gnutls-bin_1.0.16-13.2sarge2_alpha.deb gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-i386/libgnutls11-dbg_1.0.16-13.2sarge2_i386.deb stable/main/binary-i386/gnutls-bin_1.0.16-13.2sarge2_i386.deb stable/main/binary-i386/libgnutls11_1.0.16-13.2sarge2_i386.deb stable/main/source/gnutls11_1.0.16-13.2sarge2.diff.gz stable/main/binary-i386/libgnutls11-dev_1.0.16-13.2sarge2_i386.deb stable/main/source/gnutls11_1.0.16-13.2sarge2.dsc gnutls11 (1.0.16-13.2sarge2) stable-security; urgency=high * Pulled from upstream 1.4.2-->1.4.4: Fix PKCS#1 verification to avoid a variant of Bleichenbacher's Crypto 06 rump session attack. See (which is not exactly the same as the problem we fix here). Reported by Yutaka OIWA . See GNUTLS-SA-2006-4 on http://www.gnutls.org/security.html for more information. CVE-2006-4790 stable/main/binary-sparc/gij-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gcc-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gnat-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libstdc++6_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libstdc++6-dev_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libffi3-dev_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libstdc++6-dbg_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/g77-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/cpp-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gcc-3.4-base_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libffi3_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gobjc-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/fastjar_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libstdc++6-pic_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/g++-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/lib64gcc1_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libgcc1_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gcj-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/gpc-2.1-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libgcj5-awt_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/lib64stdc++6_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libgcj5_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/treelang-3.4_3.4.3-13sarge1_sparc.deb stable/main/binary-sparc/libgcj5-dev_3.4.3-13sarge1_sparc.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-s390/gij-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libstdc++6-dev_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gcc-3.4-base_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gcc-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/lib64gcc1_3.4.3-13sarge1_s390.deb stable/main/binary-s390/fastjar_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libffi3_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libgcc1_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libffi3-dev_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libstdc++6-dbg_3.4.3-13sarge1_s390.deb stable/main/binary-s390/treelang-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libgcj5-awt_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libstdc++6_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gobjc-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gnat-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gpc-2.1-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/lib64stdc++6_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libgcj5_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libstdc++6-pic_3.4.3-13sarge1_s390.deb stable/main/binary-s390/libgcj5-dev_3.4.3-13sarge1_s390.deb stable/main/binary-s390/cpp-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/g++-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/g77-3.4_3.4.3-13sarge1_s390.deb stable/main/binary-s390/gcj-3.4_3.4.3-13sarge1_s390.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-powerpc/g++-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gcj-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gpc-2.1-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/cpp-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libffi3_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libstdc++6-pic_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gobjc-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libstdc++6-dev_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/g77-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gcc-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/fastjar_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libstdc++6-dbg_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gcc-3.4-base_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libffi3-dev_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libgcj5_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libgcj5-awt_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gij-3.4_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libgcj5-dev_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libgcc1_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/libstdc++6_3.4.3-13sarge1_powerpc.deb stable/main/binary-powerpc/gnat-3.4_3.4.3-13sarge1_powerpc.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-mipsel/treelang-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/gcc-3.4-base_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/cpp-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/g++-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libstdc++6_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libffi3_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libstdc++6-dev_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/g77-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libffi3-dev_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/gpc-2.1-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/gnat-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libstdc++6-dbg_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libstdc++6-pic_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/gobjc-3.4_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/fastjar_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/libgcc1_3.4.3-13sarge1_mipsel.deb stable/main/binary-mipsel/gcc-3.4_3.4.3-13sarge1_mipsel.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-mips/libstdc++6-pic_3.4.3-13sarge1_mips.deb stable/main/binary-mips/treelang-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/gcc-3.4-base_3.4.3-13sarge1_mips.deb stable/main/binary-mips/gcc-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libstdc++6-dbg_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libffi3-dev_3.4.3-13sarge1_mips.deb stable/main/binary-mips/gobjc-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/gpc-2.1-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libffi3_3.4.3-13sarge1_mips.deb stable/main/binary-mips/fastjar_3.4.3-13sarge1_mips.deb stable/main/binary-mips/g++-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libstdc++6-dev_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libstdc++6_3.4.3-13sarge1_mips.deb stable/main/binary-mips/g77-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/libgcc1_3.4.3-13sarge1_mips.deb stable/main/binary-mips/gnat-3.4_3.4.3-13sarge1_mips.deb stable/main/binary-mips/cpp-3.4_3.4.3-13sarge1_mips.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-m68k/gcc-3.4-base_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libffi3_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/gcj-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libgcj5-awt_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/gobjc-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/g77-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libgcj5-dev_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/treelang-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libgcc2_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libstdc++6-pic_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libstdc++6_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libstdc++6-dev_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/gpc-2.1-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/gcc-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libstdc++6-dbg_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/g++-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/gij-3.4_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/fastjar_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libffi3-dev_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/libgcj5_3.4.3-13sarge1_m68k.deb stable/main/binary-m68k/cpp-3.4_3.4.3-13sarge1_m68k.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-ia64/g++-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gcc-3.4-base_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libgcj5-awt_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gcc-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gij-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gnat-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libstdc++6-pic_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gcj-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libffi3-dev_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gpc-2.1-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libstdc++6-dbg_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/fastjar_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libstdc++6-dev_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libstdc++6_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libffi3_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/cpp-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/gobjc-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/treelang-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libgnat-3.4_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libgcj5_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libgcj5-dev_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/libgcc1_3.4.3-13sarge1_ia64.deb stable/main/binary-ia64/g77-3.4_3.4.3-13sarge1_ia64.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-hppa/gnat-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libstdc++6_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libstdc++6-pic_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gcc-3.4-hppa64_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libgcj5-dev_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libgcj5-awt_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gpc-2.1-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libgcc2_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libffi3-dev_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/g77-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libstdc++6-dbg_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libffi3_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gcj-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/treelang-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gcc-3.4-base_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gobjc-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/fastjar_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gcc-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libstdc++6-dev_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/g++-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libgcj5_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/cpp-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/libgnat-3.4_3.4.3-13sarge1_hppa.deb stable/main/binary-hppa/gij-3.4_3.4.3-13sarge1_hppa.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-arm/gobjc-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libffi3_3.4.3-13sarge1_arm.deb stable/main/binary-arm/gcj-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/gcc-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/gcc-3.4-base_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libgcj5-dev_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libstdc++6-0-pic_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libgcc1_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libgcj5_3.4.3-13sarge1_arm.deb stable/main/binary-arm/g77-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/fastjar_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libstdc++6-0_3.4.3-13sarge1_arm.deb stable/main/binary-arm/cpp-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libstdc++6-0-dev_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libgcj5-awt_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libffi3-dev_3.4.3-13sarge1_arm.deb stable/main/binary-arm/gpc-2.1-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/g++-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/treelang-3.4_3.4.3-13sarge1_arm.deb stable/main/binary-arm/libstdc++6-0-dbg_3.4.3-13sarge1_arm.deb stable/main/binary-arm/gij-3.4_3.4.3-13sarge1_arm.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-alpha/treelang-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libstdc++6-dev_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libstdc++6-pic_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gpc-2.1-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libstdc++6_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libstdc++6-dbg_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libffi3-dev_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/g++-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/g77-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gij-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gobjc-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gnat-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libffi3_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/cpp-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libgcj5-awt_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libgcj5_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libgcc1_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gcj-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/fastjar_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gcc-3.4-base_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/gcc-3.4_3.4.3-13sarge1_alpha.deb stable/main/binary-alpha/libgcj5-dev_3.4.3-13sarge1_alpha.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-all/cpp-3.4-doc_3.4.3-13sarge1_all.deb stable/main/binary-i386/fastjar_3.4.3-13sarge1_i386.deb stable/main/binary-i386/g++-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libgcj5_3.4.3-13sarge1_i386.deb stable/main/binary-i386/gpc-2.1-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/treelang-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/lib64gcc1_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libffi3_3.4.3-13sarge1_i386.deb stable/main/binary-i386/gcj-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libgcc1_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libgnat-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/gcc-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libstdc++6_3.4.3-13sarge1_i386.deb stable/main/binary-all/gpc-2.1-3.4-doc_3.4.3-13sarge1_all.deb stable/main/binary-i386/libgcj5-dev_3.4.3-13sarge1_i386.deb stable/main/binary-all/gnat-3.4-doc_3.4.3-13sarge1_all.deb stable/main/binary-i386/libffi3-dev_3.4.3-13sarge1_i386.deb stable/main/binary-i386/lib64stdc++6_3.4.3-13sarge1_i386.deb stable/main/binary-i386/cpp-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libstdc++6-dbg_3.4.3-13sarge1_i386.deb stable/main/binary-i386/g77-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-all/g77-3.4-doc_3.4.3-13sarge1_all.deb stable/main/source/gcc-3.4_3.4.3-13sarge1.dsc stable/main/binary-all/gcc-3.4-doc_3.4.3-13sarge1_all.deb stable/main/binary-i386/gnat-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-all/libgcj5-common_3.4.3-13sarge1_all.deb stable/main/binary-i386/libstdc++6-pic_3.4.3-13sarge1_i386.deb stable/main/binary-all/libstdc++6-doc_3.4.3-13sarge1_all.deb stable/main/binary-i386/libstdc++6-dev_3.4.3-13sarge1_i386.deb stable/main/binary-i386/gobjc-3.4_3.4.3-13sarge1_i386.deb stable/main/source/gcc-3.4_3.4.3-13sarge1.diff.gz stable/main/binary-i386/gcc-3.4-base_3.4.3-13sarge1_i386.deb stable/main/binary-i386/gij-3.4_3.4.3-13sarge1_i386.deb stable/main/binary-i386/libgcj5-awt_3.4.3-13sarge1_i386.deb gcc-3.4 (3.4.3-13sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Richard Guenther to prevent directory traversal [fastjar/jartool.c, debian/patches/CVE-2006-3619.dpatch, http://gcc.gnu.org/bugzilla/show_bug.cgi?id=28359] stable/main/binary-sparc/libfreetype6_2.1.7-6_sparc.deb stable/main/binary-sparc/libfreetype6-udeb_2.1.7-6_sparc.udeb stable/main/binary-sparc/libfreetype6-dev_2.1.7-6_sparc.deb stable/main/binary-sparc/freetype2-demos_2.1.7-6_sparc.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-s390/libfreetype6-udeb_2.1.7-6_s390.udeb stable/main/binary-s390/libfreetype6_2.1.7-6_s390.deb stable/main/binary-s390/libfreetype6-dev_2.1.7-6_s390.deb stable/main/binary-s390/freetype2-demos_2.1.7-6_s390.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-powerpc/libfreetype6-dev_2.1.7-6_powerpc.deb stable/main/binary-powerpc/libfreetype6-udeb_2.1.7-6_powerpc.udeb stable/main/binary-powerpc/libfreetype6_2.1.7-6_powerpc.deb stable/main/binary-powerpc/freetype2-demos_2.1.7-6_powerpc.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-mipsel/libfreetype6_2.1.7-6_mipsel.deb stable/main/binary-mipsel/libfreetype6-dev_2.1.7-6_mipsel.deb stable/main/binary-mipsel/libfreetype6-udeb_2.1.7-6_mipsel.udeb stable/main/binary-mipsel/freetype2-demos_2.1.7-6_mipsel.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-mips/freetype2-demos_2.1.7-6_mips.deb stable/main/binary-mips/libfreetype6-dev_2.1.7-6_mips.deb stable/main/binary-mips/libfreetype6-udeb_2.1.7-6_mips.udeb stable/main/binary-mips/libfreetype6_2.1.7-6_mips.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-m68k/libfreetype6-dev_2.1.7-6_m68k.deb stable/main/binary-m68k/freetype2-demos_2.1.7-6_m68k.deb stable/main/binary-m68k/libfreetype6-udeb_2.1.7-6_m68k.udeb stable/main/binary-m68k/libfreetype6_2.1.7-6_m68k.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-ia64/freetype2-demos_2.1.7-6_ia64.deb stable/main/binary-ia64/libfreetype6-dev_2.1.7-6_ia64.deb stable/main/binary-ia64/libfreetype6-udeb_2.1.7-6_ia64.udeb stable/main/binary-ia64/libfreetype6_2.1.7-6_ia64.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-hppa/freetype2-demos_2.1.7-6_hppa.deb stable/main/binary-hppa/libfreetype6-udeb_2.1.7-6_hppa.udeb stable/main/binary-hppa/libfreetype6_2.1.7-6_hppa.deb stable/main/binary-hppa/libfreetype6-dev_2.1.7-6_hppa.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-arm/freetype2-demos_2.1.7-6_arm.deb stable/main/binary-arm/libfreetype6-udeb_2.1.7-6_arm.udeb stable/main/binary-arm/libfreetype6_2.1.7-6_arm.deb stable/main/binary-arm/libfreetype6-dev_2.1.7-6_arm.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-alpha/freetype2-demos_2.1.7-6_alpha.deb stable/main/binary-alpha/libfreetype6-dev_2.1.7-6_alpha.deb stable/main/binary-alpha/libfreetype6-udeb_2.1.7-6_alpha.udeb stable/main/binary-alpha/libfreetype6_2.1.7-6_alpha.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/binary-i386/libfreetype6_2.1.7-6_i386.deb stable/main/source/freetype_2.1.7-6.diff.gz stable/main/source/freetype_2.1.7-6.dsc stable/main/binary-i386/libfreetype6-dev_2.1.7-6_i386.deb stable/main/binary-i386/libfreetype6-udeb_2.1.7-6_i386.udeb stable/main/binary-i386/freetype2-demos_2.1.7-6_i386.deb freetype (2.1.7-6) stable-security; urgency=high * Add debian/patches-freetype/CVE-2006-3467_pcf-strlen.patch for CVE-2006-3467, a missing string length check in PCF files that leads to a possibly exploitable integer overflow. Thanks to Martin Pitt for the patch. Closes: #379920. stable/main/source/fai-kernels_1.9.1sarge4.dsc stable/main/binary-i386/fai-kernels_1.9.1sarge4_i386.deb stable/main/source/fai-kernels_1.9.1sarge4.tar.gz fai-kernels (1.9.1sarge4) stable-security; urgency=high * NMU by the Security Team * Build against kernel-tree-2.6.8-16sarge5: * [ERRATA] madvise_remove-restrict.dpatch [SECURITY] The 2.6.8-16sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.6.8 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * fs-ext3-bad-nfs-handle.dpatch [SECURITY] James McKenzie discovered a Denial of Service vulnerability in the NFS driver. When exporting an ext3 file system over NFS, a remote attacker could exploit this to trigger a file system panic by sending a specially crafted UDP packet. See CVE-2006-3468 * direct-io-write-mem-leak.dpatch [SECURITY] Fix memory leak in O_DIRECT write. See CVE-2004-2660 * nfs-handle-long-symlinks.dpatch [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * cdrom-bad-cgc.buflen-assign.dpatch [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * usb-serial-ftdi_sio-dos.patch [SECURITY] fix userspace DoS in ftdi_sio driver See CVE-2006-2936 * selinux-tracer-SID-fix.dpatch [SECURITY] Fix vulnerability in selinux_ptrace that prevents local users from changing the tracer SID to the SID of another process See CVE-2006-1052 * netfilter-SO_ORIGINAL_DST-leak.dpatch [SECURITY] Fix information leak in SO_ORIGINAL_DST See CVE-2006-1343 * sg-no-mmap-VM_IO.dpatch [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * exit-bogus-bugon.dpatch [SECURITY] Remove bogus BUG() in exit.c which could be maliciously triggered by a local user See CVE-2006-1855 * readv-writev-missing-lsm-check.dpatch, readv-writev-missing-lsm-check-compat.dpatch [SECURITY] Add missing file_permission callback in readv/writev syscalls See CVE-2006-1856 * snmp-nat-mem-corruption-fix.dpatch [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * kfree_skb-race.dpatch [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * hppa-mb-extraneous-semicolon.dpatch, sparc32-mb-extraneous-semicolons.dpatch, sparc64-mb-extraneous-semicolons.dpatch: Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with kfree_skb-race.dpatch * sctp-priv-elevation.dpatch [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * sctp-priv-elevation-2.dpatch [SECURITY] Fix local DoS resulting from sctp-priv-elevation.dpatch See CVE-2006-4535 * ppc-hid0-dos.dpatch [SECURITY][ppc] Fix local DoS by clearing HID0 attention enable on PPC970 at boot time See CVE-2006-4093 * udf-deadlock.dpatch [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * Build against kernel-tree-2.4.27-10sarge4 * [ERRATA] 213_madvise_remove-restrict.diff [SECURITY] The 2.4.27-10sarge3 changelog associated this patch with CVE-2006-1524. However, this patch fixes an mprotect issue that was split off from the original report into CVE-2006-2071. 2.4.27 is not vulnerable to CVE-2006-1524 the madvise_remove issue. See CVE-2006-2071 * 223_nfs-handle-long-symlinks.diff [SECURITY] Fix buffer overflow in NFS readline handling that allows a remote server to cause a denial of service (crash) via a long symlink See CVE-2005-4798 * 224_cdrom-bad-cgc.buflen-assign.diff [SECURITY] Fix buffer overflow in dvd_read_bca which could potentially be used by a local user to trigger a buffer overflow via a specially crafted DVD, USB stick, or similar automatically mounted device. See CVE-2006-2935 * 225_sg-no-mmap-VM_IO.diff [SECURITY] Fix DoS vulnerability whereby a local user could attempt a dio/mmap and cause the sg driver to oops. See CVE-2006-1528 * 226_snmp-nat-mem-corruption-fix.diff [SECURITY] Fix memory corruption in snmp_trap_decode See CVE-2006-2444 * 227_kfree_skb.diff [SECURITY] Fix race between kfree_skb and __skb_unlink See CVE-2006-2446 * 228_sparc-mb-extraneous-semicolons.diff Fix a syntax error caused by extranous semicolons in smp_mb() macros which resulted in a build failure with 227_kfree_skb.diff * 229_sctp-priv-elevation.diff, 230_sctp-priv-elevation-2.diff [SECURITY] Fix SCTP privelege escalation See CVE-2006-3745 * 231_udf-deadlock.diff [SECURITY] Fix possible UDF deadlock and memory corruption See CVE-2006-4145 * 232_sparc-membar-extraneous-semicolons.diff Fix an additional syntax error caused by extraneous semicolons in membar macros on sparc stable/main/binary-sparc/ethereal-common_0.10.10-2sarge8_sparc.deb stable/main/binary-sparc/tethereal_0.10.10-2sarge8_sparc.deb stable/main/binary-sparc/ethereal_0.10.10-2sarge8_sparc.deb stable/main/binary-sparc/ethereal-dev_0.10.10-2sarge8_sparc.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-s390/ethereal-common_0.10.10-2sarge8_s390.deb stable/main/binary-s390/ethereal-dev_0.10.10-2sarge8_s390.deb stable/main/binary-s390/ethereal_0.10.10-2sarge8_s390.deb stable/main/binary-s390/tethereal_0.10.10-2sarge8_s390.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-powerpc/ethereal_0.10.10-2sarge8_powerpc.deb stable/main/binary-powerpc/ethereal-common_0.10.10-2sarge8_powerpc.deb stable/main/binary-powerpc/ethereal-dev_0.10.10-2sarge8_powerpc.deb stable/main/binary-powerpc/tethereal_0.10.10-2sarge8_powerpc.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-mipsel/tethereal_0.10.10-2sarge8_mipsel.deb stable/main/binary-mipsel/ethereal-dev_0.10.10-2sarge8_mipsel.deb stable/main/binary-mipsel/ethereal_0.10.10-2sarge8_mipsel.deb stable/main/binary-mipsel/ethereal-common_0.10.10-2sarge8_mipsel.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-mips/ethereal-dev_0.10.10-2sarge8_mips.deb stable/main/binary-mips/tethereal_0.10.10-2sarge8_mips.deb stable/main/binary-mips/ethereal-common_0.10.10-2sarge8_mips.deb stable/main/binary-mips/ethereal_0.10.10-2sarge8_mips.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-m68k/tethereal_0.10.10-2sarge8_m68k.deb stable/main/binary-m68k/ethereal-dev_0.10.10-2sarge8_m68k.deb stable/main/binary-m68k/ethereal_0.10.10-2sarge8_m68k.deb stable/main/binary-m68k/ethereal-common_0.10.10-2sarge8_m68k.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-ia64/ethereal-common_0.10.10-2sarge8_ia64.deb stable/main/binary-ia64/ethereal_0.10.10-2sarge8_ia64.deb stable/main/binary-ia64/tethereal_0.10.10-2sarge8_ia64.deb stable/main/binary-ia64/ethereal-dev_0.10.10-2sarge8_ia64.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-hppa/ethereal-common_0.10.10-2sarge8_hppa.deb stable/main/binary-hppa/ethereal-dev_0.10.10-2sarge8_hppa.deb stable/main/binary-hppa/ethereal_0.10.10-2sarge8_hppa.deb stable/main/binary-hppa/tethereal_0.10.10-2sarge8_hppa.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-arm/tethereal_0.10.10-2sarge8_arm.deb stable/main/binary-arm/ethereal-dev_0.10.10-2sarge8_arm.deb stable/main/binary-arm/ethereal_0.10.10-2sarge8_arm.deb stable/main/binary-arm/ethereal-common_0.10.10-2sarge8_arm.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-alpha/ethereal-common_0.10.10-2sarge8_alpha.deb stable/main/binary-alpha/ethereal-dev_0.10.10-2sarge8_alpha.deb stable/main/binary-alpha/tethereal_0.10.10-2sarge8_alpha.deb stable/main/binary-alpha/ethereal_0.10.10-2sarge8_alpha.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-i386/ethereal_0.10.10-2sarge8_i386.deb stable/main/source/ethereal_0.10.10-2sarge8.diff.gz stable/main/binary-i386/ethereal-common_0.10.10-2sarge8_i386.deb stable/main/source/ethereal_0.10.10-2sarge8.dsc stable/main/binary-i386/tethereal_0.10.10-2sarge8_i386.deb stable/main/binary-i386/ethereal-dev_0.10.10-2sarge8_i386.deb ethereal (0.10.10-2sarge8) stable-security; urgency=high * Non-maintainer upload by the Security Team * Memory exhaustion denial of service in Q.2391 dissector (CVE-2006-4333) stable/main/binary-sparc/debian-installer-manual_20050317sarge1+b1_sparc.deb debian-installer (20050317sarge1+b1) stable; urgency=low * Binary-only non-maintainer upload for sparc; no source changes. * Rebuild with fixed udebs. stable/main/binary-sparc/deal_3.0.8-2sarge1_sparc.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-s390/deal_3.0.8-2sarge1_s390.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-powerpc/deal_3.0.8-2sarge1_powerpc.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-mipsel/deal_3.0.8-2sarge1_mipsel.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-mips/deal_3.0.8-2sarge1_mips.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-m68k/deal_3.0.8-2sarge1_m68k.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-ia64/deal_3.0.8-2sarge1_ia64.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-hppa/deal_3.0.8-2sarge1_hppa.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-arm/deal_3.0.8-2sarge1_arm.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-alpha/deal_3.0.8-2sarge1_alpha.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/source/deal_3.0.8-2sarge1.diff.gz stable/main/source/deal_3.0.8-2sarge1.dsc stable/main/binary-i386/deal_3.0.8-2sarge1_i386.deb deal (3.0.8-2sarge1) stable; urgency=low * Fix segfault on amd64, (int)random() sometimes returned negative numbers (Closes: #383625). stable/main/binary-sparc/cscope_15.5-1.1sarge2_sparc.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-s390/cscope_15.5-1.1sarge2_s390.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-powerpc/cscope_15.5-1.1sarge2_powerpc.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-mipsel/cscope_15.5-1.1sarge2_mipsel.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-mips/cscope_15.5-1.1sarge2_mips.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-m68k/cscope_15.5-1.1sarge2_m68k.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-ia64/cscope_15.5-1.1sarge2_ia64.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-hppa/cscope_15.5-1.1sarge2_hppa.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-arm/cscope_15.5-1.1sarge2_arm.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-alpha/cscope_15.5-1.1sarge2_alpha.deb cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-i386/cscope_15.5-1.1sarge2_i386.deb stable/main/source/cscope_15.5-1.1sarge2.dsc stable/main/source/cscope_15.5-1.1sarge2.diff.gz cscope (15.5-1.1sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix several buffer overflows. (CVE-2006-4262) stable/main/binary-sparc/cheesetracker_0.9.9-1sarge1_sparc.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-s390/cheesetracker_0.9.9-1sarge1_s390.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-powerpc/cheesetracker_0.9.9-1sarge1_powerpc.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-mipsel/cheesetracker_0.9.9-1sarge1_mipsel.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-mips/cheesetracker_0.9.9-1sarge1_mips.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-m68k/cheesetracker_0.9.9-1sarge1_m68k.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-ia64/cheesetracker_0.9.9-1sarge1_ia64.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-hppa/cheesetracker_0.9.9-1sarge1_hppa.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-arm/cheesetracker_0.9.9-1sarge1_arm.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-alpha/cheesetracker_0.9.9-1sarge1_alpha.deb cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-i386/cheesetracker_0.9.9-1sarge1_i386.deb stable/main/source/cheesetracker_0.9.9-1sarge1.diff.gz stable/main/source/cheesetracker_0.9.9-1sarge1.dsc cheesetracker (0.9.9-1sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid buffer overflow when loading input files. [CVE-2006-3814] stable/main/binary-sparc/capi4hylafax_01.02.03-10sarge2_sparc.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-m68k/capi4hylafax_01.02.03-10sarge2_m68k.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-ia64/capi4hylafax_01.02.03-10sarge2_ia64.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-i386/capi4hylafax_01.02.03-10sarge2_i386.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-arm/capi4hylafax_01.02.03-10sarge2_arm.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-alpha/capi4hylafax_01.02.03-10sarge2_alpha.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/source/capi4hylafax_01.02.03-10sarge2.diff.gz stable/main/source/capi4hylafax_01.02.03-10sarge2.dsc stable/main/binary-powerpc/capi4hylafax_01.02.03-10sarge2_powerpc.deb capi4hylafax (1:01.02.03-10sarge2) stable-security; urgency=high * Update of the security update: Add the fix to the mgetty mode. Remote arbitrary command execution through TSI string. [CVE-2006-3126] stable/main/binary-sparc/bomberclone_0.11.5-1sarge2_sparc.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-s390/bomberclone_0.11.5-1sarge2_s390.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-mipsel/bomberclone_0.11.5-1sarge2_mipsel.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-mips/bomberclone_0.11.5-1sarge2_mips.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-m68k/bomberclone_0.11.5-1sarge2_m68k.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-ia64/bomberclone_0.11.5-1sarge2_ia64.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-i386/bomberclone_0.11.5-1sarge2_i386.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-hppa/bomberclone_0.11.5-1sarge2_hppa.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-arm/bomberclone_0.11.5-1sarge2_arm.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-alpha/bomberclone_0.11.5-1sarge2_alpha.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/source/bomberclone_0.11.5-1sarge2.diff.gz stable/main/binary-all/bomberclone-data_0.11.5-1sarge2_all.deb stable/main/source/bomberclone_0.11.5-1sarge2.dsc stable/main/binary-powerpc/bomberclone_0.11.5-1sarge2_powerpc.deb bomberclone (0.11.5-1sarge2) stable-security; urgency=high * New maintainer. See bug #316569. * Applied patch by Steffen Pohle to fix remote vulnerabilities [ChangeLog, include/network.h, include/packets.h, src/configuration.c, src/network.c, src/packets.c, src/pkgcache.c, CVE-2006-4005, CVE-2006-4006]. See bug #382082. stable/main/binary-sparc/libisc7_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/libisccc0_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/libisccfg0_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/bind9_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/dnsutils_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/libbind-dev_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/libdns16_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/lwresd_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/liblwres1_9.2.4-1sarge1_sparc.deb stable/main/binary-sparc/bind9-host_9.2.4-1sarge1_sparc.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-s390/libisc7_9.2.4-1sarge1_s390.deb stable/main/binary-s390/libbind-dev_9.2.4-1sarge1_s390.deb stable/main/binary-s390/liblwres1_9.2.4-1sarge1_s390.deb stable/main/binary-s390/libdns16_9.2.4-1sarge1_s390.deb stable/main/binary-s390/dnsutils_9.2.4-1sarge1_s390.deb stable/main/binary-s390/bind9-host_9.2.4-1sarge1_s390.deb stable/main/binary-s390/lwresd_9.2.4-1sarge1_s390.deb stable/main/binary-s390/bind9_9.2.4-1sarge1_s390.deb stable/main/binary-s390/libisccc0_9.2.4-1sarge1_s390.deb stable/main/binary-s390/libisccfg0_9.2.4-1sarge1_s390.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-mipsel/libbind-dev_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/libisccfg0_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/libisccc0_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/libisc7_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/libdns16_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/dnsutils_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/bind9_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/liblwres1_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/lwresd_9.2.4-1sarge1_mipsel.deb stable/main/binary-mipsel/bind9-host_9.2.4-1sarge1_mipsel.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-mips/dnsutils_9.2.4-1sarge1_mips.deb stable/main/binary-mips/libbind-dev_9.2.4-1sarge1_mips.deb stable/main/binary-mips/libdns16_9.2.4-1sarge1_mips.deb stable/main/binary-mips/libisc7_9.2.4-1sarge1_mips.deb stable/main/binary-mips/lwresd_9.2.4-1sarge1_mips.deb stable/main/binary-mips/libisccc0_9.2.4-1sarge1_mips.deb stable/main/binary-mips/libisccfg0_9.2.4-1sarge1_mips.deb stable/main/binary-mips/bind9-host_9.2.4-1sarge1_mips.deb stable/main/binary-mips/bind9_9.2.4-1sarge1_mips.deb stable/main/binary-mips/liblwres1_9.2.4-1sarge1_mips.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-m68k/dnsutils_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/libisc7_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/libdns16_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/libbind-dev_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/libisccfg0_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/libisccc0_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/lwresd_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/liblwres1_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/bind9_9.2.4-1sarge1_m68k.deb stable/main/binary-m68k/bind9-host_9.2.4-1sarge1_m68k.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-ia64/dnsutils_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/bind9-host_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/libisc7_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/libdns16_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/libbind-dev_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/bind9_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/liblwres1_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/lwresd_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/libisccfg0_9.2.4-1sarge1_ia64.deb stable/main/binary-ia64/libisccc0_9.2.4-1sarge1_ia64.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-i386/liblwres1_9.2.4-1sarge1_i386.deb stable/main/binary-i386/libisccfg0_9.2.4-1sarge1_i386.deb stable/main/binary-i386/libisccc0_9.2.4-1sarge1_i386.deb stable/main/binary-i386/lwresd_9.2.4-1sarge1_i386.deb stable/main/binary-i386/bind9_9.2.4-1sarge1_i386.deb stable/main/binary-i386/libisc7_9.2.4-1sarge1_i386.deb stable/main/binary-i386/libdns16_9.2.4-1sarge1_i386.deb stable/main/binary-i386/libbind-dev_9.2.4-1sarge1_i386.deb stable/main/binary-i386/dnsutils_9.2.4-1sarge1_i386.deb stable/main/binary-i386/bind9-host_9.2.4-1sarge1_i386.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-hppa/lwresd_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/bind9-host_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/dnsutils_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/libbind-dev_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/libisccc0_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/libisccfg0_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/bind9_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/libisc7_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/libdns16_9.2.4-1sarge1_hppa.deb stable/main/binary-hppa/liblwres1_9.2.4-1sarge1_hppa.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-arm/libisc7_9.2.4-1sarge1_arm.deb stable/main/binary-arm/libdns16_9.2.4-1sarge1_arm.deb stable/main/binary-arm/bind9_9.2.4-1sarge1_arm.deb stable/main/binary-arm/lwresd_9.2.4-1sarge1_arm.deb stable/main/binary-arm/liblwres1_9.2.4-1sarge1_arm.deb stable/main/binary-arm/libisccc0_9.2.4-1sarge1_arm.deb stable/main/binary-arm/dnsutils_9.2.4-1sarge1_arm.deb stable/main/binary-arm/bind9-host_9.2.4-1sarge1_arm.deb stable/main/binary-arm/libbind-dev_9.2.4-1sarge1_arm.deb stable/main/binary-arm/libisccfg0_9.2.4-1sarge1_arm.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-alpha/libisc7_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/libbind-dev_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/liblwres1_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/lwresd_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/bind9-host_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/bind9_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/libisccfg0_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/libisccc0_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/libdns16_9.2.4-1sarge1_alpha.deb stable/main/binary-alpha/dnsutils_9.2.4-1sarge1_alpha.deb bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-powerpc/bind9-host_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/libdns16_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/libisc7_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/dnsutils_9.2.4-1sarge1_powerpc.deb stable/main/binary-all/bind9-doc_9.2.4-1sarge1_all.deb stable/main/source/bind9_9.2.4-1sarge1.diff.gz stable/main/binary-powerpc/liblwres1_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/bind9_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/libbind-dev_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/lwresd_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/libisccfg0_9.2.4-1sarge1_powerpc.deb stable/main/binary-powerpc/libisccc0_9.2.4-1sarge1_powerpc.deb stable/main/source/bind9_9.2.4-1sarge1.dsc bind9 (1:9.2.4-1sarge1) stable; urgency=low * Backport bugfix for 1941 from 9.2.6-P1. Closes: #386237, #386245 - fixes CVE-2006-4095 and CVE-2006-4096. - ncache_adderesult() should set eresult even if no rdataset is passed to it. [RT #15642] stable/main/binary-sparc/apache-common_1.3.33-6sarge3_sparc.deb stable/main/binary-sparc/apache-dbg_1.3.33-6sarge3_sparc.deb stable/main/binary-sparc/apache_1.3.33-6sarge3_sparc.deb stable/main/binary-sparc/apache-ssl_1.3.33-6sarge3_sparc.deb stable/main/binary-sparc/libapache-mod-perl_1.29.0.3-6sarge3_sparc.deb stable/main/binary-sparc/apache-perl_1.3.33-6sarge3_sparc.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-s390/apache-ssl_1.3.33-6sarge3_s390.deb stable/main/binary-s390/apache-common_1.3.33-6sarge3_s390.deb stable/main/binary-s390/apache_1.3.33-6sarge3_s390.deb stable/main/binary-s390/apache-perl_1.3.33-6sarge3_s390.deb stable/main/binary-s390/libapache-mod-perl_1.29.0.3-6sarge3_s390.deb stable/main/binary-s390/apache-dbg_1.3.33-6sarge3_s390.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-powerpc/apache-dbg_1.3.33-6sarge3_powerpc.deb stable/main/binary-powerpc/apache-common_1.3.33-6sarge3_powerpc.deb stable/main/binary-powerpc/apache_1.3.33-6sarge3_powerpc.deb stable/main/binary-powerpc/apache-perl_1.3.33-6sarge3_powerpc.deb stable/main/binary-powerpc/apache-ssl_1.3.33-6sarge3_powerpc.deb stable/main/binary-powerpc/libapache-mod-perl_1.29.0.3-6sarge3_powerpc.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-mipsel/apache-ssl_1.3.33-6sarge3_mipsel.deb stable/main/binary-mipsel/apache-common_1.3.33-6sarge3_mipsel.deb stable/main/binary-mipsel/libapache-mod-perl_1.29.0.3-6sarge3_mipsel.deb stable/main/binary-mipsel/apache_1.3.33-6sarge3_mipsel.deb stable/main/binary-mipsel/apache-perl_1.3.33-6sarge3_mipsel.deb stable/main/binary-mipsel/apache-dbg_1.3.33-6sarge3_mipsel.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-mips/apache-ssl_1.3.33-6sarge3_mips.deb stable/main/binary-mips/apache-common_1.3.33-6sarge3_mips.deb stable/main/binary-mips/libapache-mod-perl_1.29.0.3-6sarge3_mips.deb stable/main/binary-mips/apache_1.3.33-6sarge3_mips.deb stable/main/binary-mips/apache-dbg_1.3.33-6sarge3_mips.deb stable/main/binary-mips/apache-perl_1.3.33-6sarge3_mips.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-m68k/apache-dbg_1.3.33-6sarge3_m68k.deb stable/main/binary-m68k/apache_1.3.33-6sarge3_m68k.deb stable/main/binary-m68k/libapache-mod-perl_1.29.0.3-6sarge3_m68k.deb stable/main/binary-m68k/apache-perl_1.3.33-6sarge3_m68k.deb stable/main/binary-m68k/apache-ssl_1.3.33-6sarge3_m68k.deb stable/main/binary-m68k/apache-common_1.3.33-6sarge3_m68k.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-ia64/apache-dbg_1.3.33-6sarge3_ia64.deb stable/main/binary-ia64/apache-ssl_1.3.33-6sarge3_ia64.deb stable/main/binary-ia64/apache_1.3.33-6sarge3_ia64.deb stable/main/binary-ia64/apache-common_1.3.33-6sarge3_ia64.deb stable/main/binary-ia64/libapache-mod-perl_1.29.0.3-6sarge3_ia64.deb stable/main/binary-ia64/apache-perl_1.3.33-6sarge3_ia64.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-hppa/apache-common_1.3.33-6sarge3_hppa.deb stable/main/binary-hppa/apache-perl_1.3.33-6sarge3_hppa.deb stable/main/binary-hppa/apache-ssl_1.3.33-6sarge3_hppa.deb stable/main/binary-hppa/apache-dbg_1.3.33-6sarge3_hppa.deb stable/main/binary-hppa/apache_1.3.33-6sarge3_hppa.deb stable/main/binary-hppa/libapache-mod-perl_1.29.0.3-6sarge3_hppa.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-arm/apache-perl_1.3.33-6sarge3_arm.deb stable/main/binary-arm/apache-common_1.3.33-6sarge3_arm.deb stable/main/binary-arm/libapache-mod-perl_1.29.0.3-6sarge3_arm.deb stable/main/binary-arm/apache_1.3.33-6sarge3_arm.deb stable/main/binary-arm/apache-dbg_1.3.33-6sarge3_arm.deb stable/main/binary-arm/apache-ssl_1.3.33-6sarge3_arm.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-alpha/apache-perl_1.3.33-6sarge3_alpha.deb stable/main/binary-alpha/apache-ssl_1.3.33-6sarge3_alpha.deb stable/main/binary-alpha/apache-common_1.3.33-6sarge3_alpha.deb stable/main/binary-alpha/apache_1.3.33-6sarge3_alpha.deb stable/main/binary-alpha/apache-dbg_1.3.33-6sarge3_alpha.deb stable/main/binary-alpha/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-i386/apache-perl_1.3.33-6sarge3_i386.deb stable/main/binary-i386/apache-common_1.3.33-6sarge3_i386.deb stable/main/binary-all/apache-doc_1.3.33-6sarge3_all.deb stable/main/binary-i386/apache-ssl_1.3.33-6sarge3_i386.deb stable/main/binary-i386/apache-dbg_1.3.33-6sarge3_i386.deb stable/main/binary-all/apache-utils_1.3.33-6sarge3_all.deb stable/main/source/apache_1.3.33-6sarge3.diff.gz stable/main/binary-i386/libapache-mod-perl_1.29.0.3-6sarge3_i386.deb stable/main/binary-i386/apache_1.3.33-6sarge3_i386.deb stable/main/source/apache_1.3.33-6sarge3.dsc stable/main/binary-all/apache-dev_1.3.33-6sarge3_all.deb apache (1.3.33-6sarge3) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Added 910_expect_header_xss_CVE-2006-391 to fix a potential XSS issue affecting the use of the Expect header. [CVE-2006-391] * Added 911_mod_imap_xss-CVE-2005-3352 to fix a potential XSS issue when using Referer headers in mod_imap. [CVE02005-3352] stable/main/binary-sparc/alsaplayer-oss_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-gtk_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/libalsaplayer-dev_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/libalsaplayer0_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-common_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-text_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-daemon_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-alsa_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-nas_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-xosd_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-jack_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer-esd_0.99.76-0.3sarge1_sparc.deb stable/main/binary-sparc/alsaplayer_0.99.76-0.3sarge1_sparc.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-s390/alsaplayer-nas_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-alsa_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-jack_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-xosd_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-esd_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-oss_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/libalsaplayer-dev_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-text_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/libalsaplayer0_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-common_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-gtk_0.99.76-0.3sarge1_s390.deb stable/main/binary-s390/alsaplayer-daemon_0.99.76-0.3sarge1_s390.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-powerpc/alsaplayer-esd_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-oss_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-common_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-xosd_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-jack_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-gtk_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-nas_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/libalsaplayer0_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-alsa_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/libalsaplayer-dev_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-daemon_0.99.76-0.3sarge1_powerpc.deb stable/main/binary-powerpc/alsaplayer-text_0.99.76-0.3sarge1_powerpc.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-mipsel/alsaplayer-jack_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/libalsaplayer0_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/libalsaplayer-dev_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-oss_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-common_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-daemon_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-text_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-alsa_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-xosd_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-esd_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-nas_0.99.76-0.3sarge1_mipsel.deb stable/main/binary-mipsel/alsaplayer-gtk_0.99.76-0.3sarge1_mipsel.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-mips/alsaplayer-text_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-alsa_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/libalsaplayer-dev_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-nas_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/libalsaplayer0_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-common_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-daemon_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-jack_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-oss_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-esd_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-gtk_0.99.76-0.3sarge1_mips.deb stable/main/binary-mips/alsaplayer-xosd_0.99.76-0.3sarge1_mips.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-m68k/alsaplayer-gtk_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-common_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-oss_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-nas_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-xosd_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-text_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/libalsaplayer-dev_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-alsa_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-daemon_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-jack_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/libalsaplayer0_0.99.76-0.3sarge1_m68k.deb stable/main/binary-m68k/alsaplayer-esd_0.99.76-0.3sarge1_m68k.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-ia64/alsaplayer-nas_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-text_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-alsa_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-xosd_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-gtk_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-common_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-esd_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-oss_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-jack_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/libalsaplayer0_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/alsaplayer-daemon_0.99.76-0.3sarge1_ia64.deb stable/main/binary-ia64/libalsaplayer-dev_0.99.76-0.3sarge1_ia64.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-i386/libalsaplayer0_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-jack_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/libalsaplayer-dev_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-daemon_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-esd_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-oss_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-text_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-common_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-xosd_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-alsa_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-nas_0.99.76-0.3sarge1_i386.deb stable/main/binary-i386/alsaplayer-gtk_0.99.76-0.3sarge1_i386.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-hppa/alsaplayer-text_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-nas_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-gtk_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-xosd_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-alsa_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-oss_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-jack_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-esd_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-common_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/libalsaplayer-dev_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/alsaplayer-daemon_0.99.76-0.3sarge1_hppa.deb stable/main/binary-hppa/libalsaplayer0_0.99.76-0.3sarge1_hppa.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/binary-alpha/alsaplayer-jack_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-xosd_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-nas_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/libalsaplayer-dev_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-daemon_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-alsa_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-text_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-esd_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/libalsaplayer0_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-common_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-gtk_0.99.76-0.3sarge1_alpha.deb stable/main/binary-alpha/alsaplayer-oss_0.99.76-0.3sarge1_alpha.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) stable/main/source/alsaplayer_0.99.76-0.3sarge1.dsc stable/main/binary-arm/alsaplayer-text_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-oss_0.99.76-0.3sarge1_arm.deb stable/main/source/alsaplayer_0.99.76-0.3sarge1.diff.gz stable/main/binary-arm/libalsaplayer0_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-common_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-gtk_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-daemon_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-esd_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-jack_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-alsa_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-xosd_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/alsaplayer-nas_0.99.76-0.3sarge1_arm.deb stable/main/binary-arm/libalsaplayer-dev_0.99.76-0.3sarge1_arm.deb alsaplayer (0.99.76-0.3sarge1) stable-security; urgency=high * Fix some buffer overflow bugs. (CVE-2006-4089) ========================================= Thu, 31 Aug 2006 - Debian 3.1r3 released ========================================= stable/main/source/libcrypt-cbc-perl_2.12-1sarge1.diff.gz stable/main/binary-all/libcrypt-cbc-perl_2.12-1sarge1_all.deb stable/main/source/libcrypt-cbc-perl_2.12-1sarge1.dsc libcrypt-cbc-perl (2.12-1sarge1) stable-security; urgency=high * SECURITY FIX: solves weakness when using certain block algorithms stable/main/binary-sparc/zope2.7_2.7.5-2sarge2_sparc.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-s390/zope2.7_2.7.5-2sarge2_s390.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-powerpc/zope2.7_2.7.5-2sarge2_powerpc.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-mipsel/zope2.7_2.7.5-2sarge2_mipsel.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-mips/zope2.7_2.7.5-2sarge2_mips.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-m68k/zope2.7_2.7.5-2sarge2_m68k.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-ia64/zope2.7_2.7.5-2sarge2_ia64.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-hppa/zope2.7_2.7.5-2sarge2_hppa.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-arm/zope2.7_2.7.5-2sarge2_arm.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-alpha/zope2.7_2.7.5-2sarge2_alpha.deb zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/binary-i386/zope2.7_2.7.5-2sarge2_i386.deb stable/main/source/zope2.7_2.7.5-2sarge2.diff.gz stable/main/source/zope2.7_2.7.5-2sarge2.dsc zope2.7 (2.7.5-2sarge2) stable-security; urgency=high * SECURITY UPDATE: Arbitrary file inclusion. * Disable 'raw' ReST directive in included docutils to prevent reading arbitrary files through ReST documents. (Closes: #377285) - CVE-2006-3458 stable/main/source/zope-cmfplone_2.0.4-3sarge1.dsc stable/main/source/zope-cmfplone_2.0.4-3sarge1.diff.gz stable/main/binary-all/plone_2.0.4-3sarge1_all.deb stable/main/binary-all/zope-cmfplone_2.0.4-3sarge1_all.deb zope-cmfplone (2.0.4-3sarge1) stable-security; urgency=high * Applied PloneHotfix20060410; Adds security declarations to unprotected MembershipTool methods: changeMemberPortrait, deletePersonalPortrait, testCurrentPassword. stable/main/source/zgv_5.7-1.4.diff.gz stable/main/binary-i386/zgv_5.7-1.4_i386.deb stable/main/source/zgv_5.7-1.4.dsc zgv (5.7-1.4) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-sparc/xzgv_0.8-3sarge1_sparc.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-s390/xzgv_0.8-3sarge1_s390.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-mipsel/xzgv_0.8-3sarge1_mipsel.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-mips/xzgv_0.8-3sarge1_mips.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-m68k/xzgv_0.8-3sarge1_m68k.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-ia64/xzgv_0.8-3sarge1_ia64.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-i386/xzgv_0.8-3sarge1_i386.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-hppa/xzgv_0.8-3sarge1_hppa.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-arm/xzgv_0.8-3sarge1_arm.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-alpha/xzgv_0.8-3sarge1_alpha.deb xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/source/xzgv_0.8-3sarge1.diff.gz stable/main/binary-powerpc/xzgv_0.8-3sarge1_powerpc.deb stable/main/source/xzgv_0.8-3sarge1.dsc xzgv (0.8-3sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Russell Marks to fix segmentation faults [src/readjpeg.c, CVE-2006-1060] stable/main/binary-sparc/cddb_2.6-17sarge1_sparc.deb stable/main/binary-sparc/xmcd_2.6-17sarge1_sparc.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-s390/cddb_2.6-17sarge1_s390.deb stable/main/binary-s390/xmcd_2.6-17sarge1_s390.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-mipsel/xmcd_2.6-17sarge1_mipsel.deb stable/main/binary-mipsel/cddb_2.6-17sarge1_mipsel.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-mips/xmcd_2.6-17sarge1_mips.deb stable/main/binary-mips/cddb_2.6-17sarge1_mips.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-m68k/xmcd_2.6-17sarge1_m68k.deb stable/main/binary-m68k/cddb_2.6-17sarge1_m68k.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-ia64/cddb_2.6-17sarge1_ia64.deb stable/main/binary-ia64/xmcd_2.6-17sarge1_ia64.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-i386/cddb_2.6-17sarge1_i386.deb stable/main/binary-i386/xmcd_2.6-17sarge1_i386.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-hppa/xmcd_2.6-17sarge1_hppa.deb stable/main/binary-hppa/cddb_2.6-17sarge1_hppa.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-arm/xmcd_2.6-17sarge1_arm.deb stable/main/binary-arm/cddb_2.6-17sarge1_arm.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-alpha/xmcd_2.6-17sarge1_alpha.deb stable/main/binary-alpha/cddb_2.6-17sarge1_alpha.deb xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-powerpc/xmcd_2.6-17sarge1_powerpc.deb stable/main/binary-powerpc/cddb_2.6-17sarge1_powerpc.deb stable/main/source/xmcd_2.6-17sarge1.dsc stable/main/source/xmcd_2.6-17sarge1.diff.gz xmcd (2.6-17sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Fully implemented non-world-writeable directories [libdi_d/config.sh alias xmcdconfig, CVE-2006-2542] stable/main/binary-sparc/xine-ui_0.99.3-1sarge1_sparc.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-s390/xine-ui_0.99.3-1sarge1_s390.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-powerpc/xine-ui_0.99.3-1sarge1_powerpc.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-mipsel/xine-ui_0.99.3-1sarge1_mipsel.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-mips/xine-ui_0.99.3-1sarge1_mips.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-m68k/xine-ui_0.99.3-1sarge1_m68k.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-ia64/xine-ui_0.99.3-1sarge1_ia64.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-hppa/xine-ui_0.99.3-1sarge1_hppa.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-arm/xine-ui_0.99.3-1sarge1_arm.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-alpha/xine-ui_0.99.3-1sarge1_alpha.deb xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-i386/xine-ui_0.99.3-1sarge1_i386.deb stable/main/source/xine-ui_0.99.3-1sarge1.dsc stable/main/source/xine-ui_0.99.3-1sarge1.diff.gz xine-ui (0.99.3-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Corrected call to report() and printf() to fix format string vulnerabilities [src/xitk/main.c, src/xitk/xine-toolkit/xitk.c, CVE-2006-2230] stable/main/binary-sparc/libxine-dev_1.0.1-1sarge3_sparc.deb stable/main/binary-sparc/libxine1_1.0.1-1sarge3_sparc.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-s390/libxine-dev_1.0.1-1sarge3_s390.deb stable/main/binary-s390/libxine1_1.0.1-1sarge3_s390.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-mipsel/libxine1_1.0.1-1sarge3_mipsel.deb stable/main/binary-mipsel/libxine-dev_1.0.1-1sarge3_mipsel.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-mips/libxine1_1.0.1-1sarge3_mips.deb stable/main/binary-mips/libxine-dev_1.0.1-1sarge3_mips.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-m68k/libxine-dev_1.0.1-1sarge3_m68k.deb stable/main/binary-m68k/libxine1_1.0.1-1sarge3_m68k.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-ia64/libxine1_1.0.1-1sarge3_ia64.deb stable/main/binary-ia64/libxine-dev_1.0.1-1sarge3_ia64.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-i386/libxine-dev_1.0.1-1sarge3_i386.deb stable/main/binary-i386/libxine1_1.0.1-1sarge3_i386.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-hppa/libxine1_1.0.1-1sarge3_hppa.deb stable/main/binary-hppa/libxine-dev_1.0.1-1sarge3_hppa.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-arm/libxine-dev_1.0.1-1sarge3_arm.deb stable/main/binary-arm/libxine1_1.0.1-1sarge3_arm.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-alpha/libxine1_1.0.1-1sarge3_alpha.deb stable/main/binary-alpha/libxine-dev_1.0.1-1sarge3_alpha.deb xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/source/xine-lib_1.0.1-1sarge3.dsc stable/main/binary-powerpc/libxine-dev_1.0.1-1sarge3_powerpc.deb stable/main/binary-powerpc/libxine1_1.0.1-1sarge3_powerpc.deb stable/main/source/xine-lib_1.0.1-1sarge3.diff.gz xine-lib (1.0.1-1sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Applied patch by Diego Petten to fix buffer overflow in the HTTP input plugin [src/input/input_http.c, CVE-2006-2802] stable/main/binary-sparc/wzdftpd-mod-tcl_0.5.2-1.1sarge2_sparc.deb stable/main/binary-sparc/wzdftpd-dev_0.5.2-1.1sarge2_sparc.deb stable/main/binary-sparc/wzdftpd_0.5.2-1.1sarge2_sparc.deb stable/main/binary-sparc/wzdftpd-mod-perl_0.5.2-1.1sarge2_sparc.deb stable/main/binary-sparc/wzdftpd-back-mysql_0.5.2-1.1sarge2_sparc.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-s390/wzdftpd-mod-perl_0.5.2-1.1sarge2_s390.deb stable/main/binary-s390/wzdftpd-dev_0.5.2-1.1sarge2_s390.deb stable/main/binary-s390/wzdftpd_0.5.2-1.1sarge2_s390.deb stable/main/binary-s390/wzdftpd-mod-tcl_0.5.2-1.1sarge2_s390.deb stable/main/binary-s390/wzdftpd-back-mysql_0.5.2-1.1sarge2_s390.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-powerpc/wzdftpd-mod-tcl_0.5.2-1.1sarge2_powerpc.deb stable/main/binary-powerpc/wzdftpd-back-mysql_0.5.2-1.1sarge2_powerpc.deb stable/main/binary-powerpc/wzdftpd-dev_0.5.2-1.1sarge2_powerpc.deb stable/main/binary-powerpc/wzdftpd_0.5.2-1.1sarge2_powerpc.deb stable/main/binary-powerpc/wzdftpd-mod-perl_0.5.2-1.1sarge2_powerpc.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-mipsel/wzdftpd_0.5.2-1.1sarge2_mipsel.deb stable/main/binary-mipsel/wzdftpd-back-mysql_0.5.2-1.1sarge2_mipsel.deb stable/main/binary-mipsel/wzdftpd-dev_0.5.2-1.1sarge2_mipsel.deb stable/main/binary-mipsel/wzdftpd-mod-perl_0.5.2-1.1sarge2_mipsel.deb stable/main/binary-mipsel/wzdftpd-mod-tcl_0.5.2-1.1sarge2_mipsel.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-mips/wzdftpd_0.5.2-1.1sarge2_mips.deb stable/main/binary-mips/wzdftpd-back-mysql_0.5.2-1.1sarge2_mips.deb stable/main/binary-mips/wzdftpd-dev_0.5.2-1.1sarge2_mips.deb stable/main/binary-mips/wzdftpd-mod-tcl_0.5.2-1.1sarge2_mips.deb stable/main/binary-mips/wzdftpd-mod-perl_0.5.2-1.1sarge2_mips.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-m68k/wzdftpd-back-mysql_0.5.2-1.1sarge2_m68k.deb stable/main/binary-m68k/wzdftpd-dev_0.5.2-1.1sarge2_m68k.deb stable/main/binary-m68k/wzdftpd_0.5.2-1.1sarge2_m68k.deb stable/main/binary-m68k/wzdftpd-mod-perl_0.5.2-1.1sarge2_m68k.deb stable/main/binary-m68k/wzdftpd-mod-tcl_0.5.2-1.1sarge2_m68k.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-ia64/wzdftpd-back-mysql_0.5.2-1.1sarge2_ia64.deb stable/main/binary-ia64/wzdftpd_0.5.2-1.1sarge2_ia64.deb stable/main/binary-ia64/wzdftpd-dev_0.5.2-1.1sarge2_ia64.deb stable/main/binary-ia64/wzdftpd-mod-perl_0.5.2-1.1sarge2_ia64.deb stable/main/binary-ia64/wzdftpd-mod-tcl_0.5.2-1.1sarge2_ia64.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-hppa/wzdftpd-mod-perl_0.5.2-1.1sarge2_hppa.deb stable/main/binary-hppa/wzdftpd-mod-tcl_0.5.2-1.1sarge2_hppa.deb stable/main/binary-hppa/wzdftpd-back-mysql_0.5.2-1.1sarge2_hppa.deb stable/main/binary-hppa/wzdftpd-dev_0.5.2-1.1sarge2_hppa.deb stable/main/binary-hppa/wzdftpd_0.5.2-1.1sarge2_hppa.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-arm/wzdftpd-mod-perl_0.5.2-1.1sarge2_arm.deb stable/main/binary-arm/wzdftpd_0.5.2-1.1sarge2_arm.deb stable/main/binary-arm/wzdftpd-back-mysql_0.5.2-1.1sarge2_arm.deb stable/main/binary-arm/wzdftpd-mod-tcl_0.5.2-1.1sarge2_arm.deb stable/main/binary-arm/wzdftpd-dev_0.5.2-1.1sarge2_arm.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-alpha/wzdftpd-mod-perl_0.5.2-1.1sarge2_alpha.deb stable/main/binary-alpha/wzdftpd-dev_0.5.2-1.1sarge2_alpha.deb stable/main/binary-alpha/wzdftpd-back-mysql_0.5.2-1.1sarge2_alpha.deb stable/main/binary-alpha/wzdftpd-mod-tcl_0.5.2-1.1sarge2_alpha.deb stable/main/binary-alpha/wzdftpd_0.5.2-1.1sarge2_alpha.deb wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-i386/wzdftpd-mod-perl_0.5.2-1.1sarge2_i386.deb stable/main/binary-i386/wzdftpd-mod-tcl_0.5.2-1.1sarge2_i386.deb stable/main/source/wzdftpd_0.5.2-1.1sarge2.diff.gz stable/main/binary-i386/wzdftpd-back-mysql_0.5.2-1.1sarge2_i386.deb stable/main/binary-i386/wzdftpd_0.5.2-1.1sarge2_i386.deb stable/main/binary-i386/wzdftpd-dev_0.5.2-1.1sarge2_i386.deb stable/main/source/wzdftpd_0.5.2-1.1sarge2.dsc wzdftpd (0.5.2-1.1sarge2) stable; urgency=high * Fix depends for wzdftpd-mod-perl and wzdftpd-mod-tcl (Closes: #372531, #369829) stable/main/binary-sparc/libwv2-dev_0.2.2-1sarge1_sparc.deb stable/main/binary-sparc/libwv2-1_0.2.2-1sarge1_sparc.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-s390/libwv2-1_0.2.2-1sarge1_s390.deb stable/main/binary-s390/libwv2-dev_0.2.2-1sarge1_s390.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-mipsel/libwv2-1_0.2.2-1sarge1_mipsel.deb stable/main/binary-mipsel/libwv2-dev_0.2.2-1sarge1_mipsel.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-mips/libwv2-1_0.2.2-1sarge1_mips.deb stable/main/binary-mips/libwv2-dev_0.2.2-1sarge1_mips.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-m68k/libwv2-dev_0.2.2-1sarge1_m68k.deb stable/main/binary-m68k/libwv2-1_0.2.2-1sarge1_m68k.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-ia64/libwv2-1_0.2.2-1sarge1_ia64.deb stable/main/binary-ia64/libwv2-dev_0.2.2-1sarge1_ia64.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-i386/libwv2-dev_0.2.2-1sarge1_i386.deb stable/main/binary-i386/libwv2-1_0.2.2-1sarge1_i386.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-hppa/libwv2-1_0.2.2-1sarge1_hppa.deb stable/main/binary-hppa/libwv2-dev_0.2.2-1sarge1_hppa.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-arm/libwv2-1_0.2.2-1sarge1_arm.deb stable/main/binary-arm/libwv2-dev_0.2.2-1sarge1_arm.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-alpha/libwv2-dev_0.2.2-1sarge1_alpha.deb stable/main/binary-alpha/libwv2-1_0.2.2-1sarge1_alpha.deb wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/source/wv2_0.2.2-1sarge1.diff.gz stable/main/binary-powerpc/libwv2-dev_0.2.2-1sarge1_powerpc.deb stable/main/binary-powerpc/libwv2-1_0.2.2-1sarge1_powerpc.deb stable/main/source/wv2_0.2.2-1sarge1.dsc wv2 (0.2.2-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix boundary check error [src/word_helper.h, CVE-2006-2197] stable/main/binary-all/webcalendar_0.9.45-4sarge5_all.deb stable/main/source/webcalendar_0.9.45-4sarge5.dsc stable/main/source/webcalendar_0.9.45-4sarge5.diff.gz webcalendar (0.9.45-4sarge5) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported upstream patch to fix file disclosure vulnerability if register_globals is turned on. [includes/config.php, tools/send_reminders.php, tools/convert_passwords.php, CVE-2006-2762] stable/main/binary-sparc/vlan_1.8-1sarge1_sparc.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-s390/vlan_1.8-1sarge1_s390.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-powerpc/vlan_1.8-1sarge1_powerpc.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-mipsel/vlan_1.8-1sarge1_mipsel.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-mips/vlan_1.8-1sarge1_mips.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-m68k/vlan_1.8-1sarge1_m68k.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-ia64/vlan_1.8-1sarge1_ia64.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-hppa/vlan_1.8-1sarge1_hppa.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-arm/vlan_1.8-1sarge1_arm.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-alpha/vlan_1.8-1sarge1_alpha.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/source/vlan_1.8-1sarge1.diff.gz stable/main/source/vlan_1.8-1sarge1.dsc stable/main/binary-i386/vlan_1.8-1sarge1_i386.deb vlan (1.8-1sarge1) stable; urgency=medium * Fix /etc/network/if-up.d/ip to not set rp_filter to 1 when rp_filter isn't set in /etc/network/interfaces. (Closes: #330673, #378714) * Add myself to Uploaders. stable/main/binary-sparc/typespeed_0.4.4-8sarge1_sparc.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-s390/typespeed_0.4.4-8sarge1_s390.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-powerpc/typespeed_0.4.4-8sarge1_powerpc.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-mipsel/typespeed_0.4.4-8sarge1_mipsel.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-mips/typespeed_0.4.4-8sarge1_mips.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-m68k/typespeed_0.4.4-8sarge1_m68k.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-ia64/typespeed_0.4.4-8sarge1_ia64.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-hppa/typespeed_0.4.4-8sarge1_hppa.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-arm/typespeed_0.4.4-8sarge1_arm.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-alpha/typespeed_0.4.4-8sarge1_alpha.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/source/typespeed_0.4.4-8sarge1.dsc stable/main/source/typespeed_0.4.4-8sarge1.diff.gz stable/main/binary-i386/typespeed_0.4.4-8sarge1_i386.deb typespeed (0.4.4-8sarge1) stable; urgency=high * Non-maintainer upload by The Security Team. * Fix a buffer overflow when reading data from across the network. [CVE-2006-1515] stable/main/binary-sparc/libtiff4-dev_3.7.2-7_sparc.deb stable/main/binary-sparc/libtiff4_3.7.2-7_sparc.deb stable/main/binary-sparc/libtiff-opengl_3.7.2-7_sparc.deb stable/main/binary-sparc/libtiffxx0_3.7.2-7_sparc.deb stable/main/binary-sparc/libtiff-tools_3.7.2-7_sparc.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-s390/libtiff-tools_3.7.2-7_s390.deb stable/main/binary-s390/libtiff-opengl_3.7.2-7_s390.deb stable/main/binary-s390/libtiffxx0_3.7.2-7_s390.deb stable/main/binary-s390/libtiff4_3.7.2-7_s390.deb stable/main/binary-s390/libtiff4-dev_3.7.2-7_s390.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-mipsel/libtiff-opengl_3.7.2-7_mipsel.deb stable/main/binary-mipsel/libtiff4_3.7.2-7_mipsel.deb stable/main/binary-mipsel/libtiff4-dev_3.7.2-7_mipsel.deb stable/main/binary-mipsel/libtiffxx0_3.7.2-7_mipsel.deb stable/main/binary-mipsel/libtiff-tools_3.7.2-7_mipsel.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-mips/libtiff-tools_3.7.2-7_mips.deb stable/main/binary-mips/libtiff4_3.7.2-7_mips.deb stable/main/binary-mips/libtiff-opengl_3.7.2-7_mips.deb stable/main/binary-mips/libtiff4-dev_3.7.2-7_mips.deb stable/main/binary-mips/libtiffxx0_3.7.2-7_mips.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-m68k/libtiff-opengl_3.7.2-7_m68k.deb stable/main/binary-m68k/libtiff4-dev_3.7.2-7_m68k.deb stable/main/binary-m68k/libtiff4_3.7.2-7_m68k.deb stable/main/binary-m68k/libtiff-tools_3.7.2-7_m68k.deb stable/main/binary-m68k/libtiffxx0_3.7.2-7_m68k.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-ia64/libtiff4_3.7.2-7_ia64.deb stable/main/binary-ia64/libtiff-tools_3.7.2-7_ia64.deb stable/main/binary-ia64/libtiff-opengl_3.7.2-7_ia64.deb stable/main/binary-ia64/libtiff4-dev_3.7.2-7_ia64.deb stable/main/binary-ia64/libtiffxx0_3.7.2-7_ia64.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-i386/libtiffxx0_3.7.2-7_i386.deb stable/main/binary-i386/libtiff4-dev_3.7.2-7_i386.deb stable/main/binary-i386/libtiff-opengl_3.7.2-7_i386.deb stable/main/binary-i386/libtiff4_3.7.2-7_i386.deb stable/main/binary-i386/libtiff-tools_3.7.2-7_i386.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-hppa/libtiff4_3.7.2-7_hppa.deb stable/main/binary-hppa/libtiff-opengl_3.7.2-7_hppa.deb stable/main/binary-hppa/libtiff4-dev_3.7.2-7_hppa.deb stable/main/binary-hppa/libtiff-tools_3.7.2-7_hppa.deb stable/main/binary-hppa/libtiffxx0_3.7.2-7_hppa.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-arm/libtiffxx0_3.7.2-7_arm.deb stable/main/binary-arm/libtiff4-dev_3.7.2-7_arm.deb stable/main/binary-arm/libtiff-tools_3.7.2-7_arm.deb stable/main/binary-arm/libtiff-opengl_3.7.2-7_arm.deb stable/main/binary-arm/libtiff4_3.7.2-7_arm.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-alpha/libtiff-tools_3.7.2-7_alpha.deb stable/main/binary-alpha/libtiffxx0_3.7.2-7_alpha.deb stable/main/binary-alpha/libtiff4_3.7.2-7_alpha.deb stable/main/binary-alpha/libtiff4-dev_3.7.2-7_alpha.deb stable/main/binary-alpha/libtiff-opengl_3.7.2-7_alpha.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-powerpc/libtiff-opengl_3.7.2-7_powerpc.deb stable/main/binary-powerpc/libtiff4_3.7.2-7_powerpc.deb stable/main/binary-powerpc/libtiff-tools_3.7.2-7_powerpc.deb stable/main/binary-powerpc/libtiffxx0_3.7.2-7_powerpc.deb stable/main/source/tiff_3.7.2-7.dsc stable/main/source/tiff_3.7.2-7.diff.gz stable/main/binary-powerpc/libtiff4-dev_3.7.2-7_powerpc.deb tiff (3.7.2-7) stable-security; urgency=high * Non-maintainer upload by the Security Team * Backported patch by Tavis Ormandy to fix several vulnerabilities [libtiff/tif_aux.c, libtiff/tif_dir.c, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c, libtiff/tif_fax3.c, libtiff/tif_jpeg.c, libtiff/tif_next.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c, libtiff/tiffiop.h, debian/patches/CVE-2006-3459-3465.patch] stable/main/binary-all/systemimager-client_3.2.3-6sarge2_all.deb stable/main/binary-all/systemimager-boot-i386-standard_3.2.3-6sarge2_all.deb stable/main/source/systemimager_3.2.3-6sarge2.tar.gz stable/main/binary-all/systemimager-boot-ia64-standard_3.2.3-6sarge2_all.deb stable/main/binary-all/systemimager-common_3.2.3-6sarge2_all.deb stable/main/source/systemimager_3.2.3-6sarge2.dsc stable/main/binary-all/systemimager-server-flamethrowerd_3.2.3-6sarge2_all.deb stable/main/binary-all/systemimager-doc_3.2.3-6sarge2_all.deb stable/main/binary-all/systemimager-server_3.2.3-6sarge2_all.deb systemimager (3.2.3-6sarge2) stable-security; urgency=high * Rebuild against kernel-source-2.6.8 (2.6.8-16sarge3): * 207_smbfs-chroot-escape.diff [SECURITY] Fix directory traversal vulnerability in smbfs that permits local users to escape chroot restrictions See CVE-2006-1864 * 208_ia64-die_if_kernel-returns.diff [SECURITY][ia64] Fix a potential local DoS on ia64 systems caused by an incorrect 'noreturn' attribute on die_if_kernel() See CVE-2006-0742 * 209_sctp-discard-unexpected-in-closed.diff [SECURITY] Fix remote DoS in SCTP code by discarding unexpected chunks received in CLOSED state instead of calling BUG() See CVE-2006-2271 * 210_ipv4-id-no-increment.diff [SECURITY] Fix vulnerability that allows remote attackers to conduct an Idle Scan attack, bypassing intended protections against such attacks See CVE-2006-1242 * 211_usb-gadget-rndis-bufoverflow.diff [SECURITY] Fix buffer overflow in the USB Gadget RNDIS implementation that allows for a remote DoS attack (kmalloc'd memory corruption) See CVE-2006-1368 * 212_ipv4-sin_zero_clear.diff [SECURITY] Fix local information leak in af_inet code See CVE-2006-1343 * 213_madvise_remove-restrict.diff [SECURITY] Fix vulnerability that allows local users to bypass IPC permissions and replace portions of read-only tmpfs files with zeroes. See CVE-2006-1524 * 214_mcast-ip-route-null-deref.diff [SECURITY] Fix local DoS vulnerability that allows local users to panic a system by requesting a route for a multicast IP See CVE-2006-1525 * 215_sctp-fragment-recurse.diff [SECURITY] Fix remote DoS vulnerability that can lead to infinite recursion when a packet containing two or more DATA fragments is received See CVE-2006-2274 * 216_sctp-fragmented-receive-fix.diff [SECURITY] Fix remote DoS vulnerability that allows IP fragmented COOKIE_ECHO and HEARTBEAT SCTP control chunks to cause a kernel panic See CVE-2006-2272 * 217_amd64-fp-reg-leak.diff [SECURITY][amd64] Fix an information leak that allows a process to see a portion of the floating point state of other processes, possibly exposing sensitive information. See CVE-2006-1056 * 218_do_add_counters-race.diff [SECURITY] Fix race condition in the do_add_counters() function in netfilter that allows local users with CAP_NET_ADMIN capabilities to read kernel memory See CVE-2006-0039 * 219_sctp-hb-ack-overflow.diff [SECURITY] Fix a remote buffer overflow that can result from a badly formatted HB-ACK chunk See CVE-2006-1857 * 220_sctp-param-bound-checks.diff [SECURITY] Fix a bound checking error (remote DoS) in the SCTP parameter checking code See CVE-2006-1858 * 221_netfilter-do_replace-overflow.diff [SECURITY] Fix buffer overflow in netfilter do_replace which can could be triggered by users with CAP_NET_ADMIN rights. See CVE-2006-0038 * 222_binfmt-bad-elf-entry-address.diff [SECURITY][amd64] Fix potential local DoS vulnerability in the binfmt_elf code on em64t processors See CVE-2006-0741 stable/main/source/squirrelmail_1.4.4-9.diff.gz stable/main/binary-all/squirrelmail_1.4.4-9_all.deb stable/main/source/squirrelmail_1.4.4-9.dsc squirrelmail (2:1.4.4-9) stable-security; urgency=high * Fix variable overwriting by logged-in user in compose.php [CVE-2006-4019] stable/main/binary-sparc/spamc_3.0.3-2sarge1_sparc.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-s390/spamc_3.0.3-2sarge1_s390.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-mipsel/spamc_3.0.3-2sarge1_mipsel.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-mips/spamc_3.0.3-2sarge1_mips.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-m68k/spamc_3.0.3-2sarge1_m68k.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-ia64/spamc_3.0.3-2sarge1_ia64.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-i386/spamc_3.0.3-2sarge1_i386.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-hppa/spamc_3.0.3-2sarge1_hppa.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-arm/spamc_3.0.3-2sarge1_arm.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-alpha/spamc_3.0.3-2sarge1_alpha.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/binary-powerpc/spamc_3.0.3-2sarge1_powerpc.deb stable/main/source/spamassassin_3.0.3-2sarge1.dsc stable/main/source/spamassassin_3.0.3-2sarge1.diff.gz stable/main/binary-all/spamassassin_3.0.3-2sarge1_all.deb spamassassin (3.0.3-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix remote command execution vulnerability [spamd/spamd.raw, debian/patches/40_CVE-2006-2447.dpatch] stable/main/source/sitebar_3.2.6-7.1.dsc stable/main/source/sitebar_3.2.6-7.1.diff.gz stable/main/binary-all/sitebar_3.2.6-7.1_all.deb sitebar (3.2.6-7.1) stable-security; urgency=high * Non-maintainer upload for security bug fix. * Properly encode the 'command' parameter of command.php (CVE-2006-3320, Closes: #377299). stable/main/binary-sparc/passwd_4.0.3-31sarge9_sparc.deb stable/main/binary-sparc/login_4.0.3-31sarge9_sparc.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-s390/login_4.0.3-31sarge9_s390.deb stable/main/binary-s390/passwd_4.0.3-31sarge9_s390.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-powerpc/passwd_4.0.3-31sarge9_powerpc.deb stable/main/binary-powerpc/login_4.0.3-31sarge9_powerpc.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-mipsel/login_4.0.3-31sarge9_mipsel.deb stable/main/binary-mipsel/passwd_4.0.3-31sarge9_mipsel.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-mips/login_4.0.3-31sarge9_mips.deb stable/main/binary-mips/passwd_4.0.3-31sarge9_mips.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-m68k/login_4.0.3-31sarge9_m68k.deb stable/main/binary-m68k/passwd_4.0.3-31sarge9_m68k.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-ia64/passwd_4.0.3-31sarge9_ia64.deb stable/main/binary-ia64/login_4.0.3-31sarge9_ia64.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-hppa/passwd_4.0.3-31sarge9_hppa.deb stable/main/binary-hppa/login_4.0.3-31sarge9_hppa.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-arm/login_4.0.3-31sarge9_arm.deb stable/main/binary-arm/passwd_4.0.3-31sarge9_arm.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-alpha/login_4.0.3-31sarge9_alpha.deb stable/main/binary-alpha/passwd_4.0.3-31sarge9_alpha.deb shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/source/shadow_4.0.3-31sarge9.dsc stable/main/binary-i386/passwd_4.0.3-31sarge9_i386.deb stable/main/binary-i386/login_4.0.3-31sarge9_i386.deb stable/main/source/shadow_4.0.3-31sarge9.diff.gz shadow (1:4.0.3-31sarge9) stable; urgency=low * passwd.postinst: On upgrades from any prior version, chmod 600 various base-config and d-i log files that might contain sensative information, including in some cases, passwords. Thanks to Joey Hess for the patch. Closes: #356939 stable/main/binary-sparc/rmail_8.13.4-3sarge2_sparc.deb stable/main/binary-sparc/libmilter0_8.13.4-3sarge2_sparc.deb stable/main/binary-sparc/libmilter-dev_8.13.4-3sarge2_sparc.deb stable/main/binary-sparc/sendmail-bin_8.13.4-3sarge2_sparc.deb stable/main/binary-sparc/sensible-mda_8.13.4-3sarge2_sparc.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-s390/rmail_8.13.4-3sarge2_s390.deb stable/main/binary-s390/libmilter0_8.13.4-3sarge2_s390.deb stable/main/binary-s390/libmilter-dev_8.13.4-3sarge2_s390.deb stable/main/binary-s390/sensible-mda_8.13.4-3sarge2_s390.deb stable/main/binary-s390/sendmail-bin_8.13.4-3sarge2_s390.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-mipsel/libmilter0_8.13.4-3sarge2_mipsel.deb stable/main/binary-mipsel/sendmail-bin_8.13.4-3sarge2_mipsel.deb stable/main/binary-mipsel/sensible-mda_8.13.4-3sarge2_mipsel.deb stable/main/binary-mipsel/libmilter-dev_8.13.4-3sarge2_mipsel.deb stable/main/binary-mipsel/rmail_8.13.4-3sarge2_mipsel.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-mips/libmilter-dev_8.13.4-3sarge2_mips.deb stable/main/binary-mips/rmail_8.13.4-3sarge2_mips.deb stable/main/binary-mips/libmilter0_8.13.4-3sarge2_mips.deb stable/main/binary-mips/sensible-mda_8.13.4-3sarge2_mips.deb stable/main/binary-mips/sendmail-bin_8.13.4-3sarge2_mips.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-m68k/rmail_8.13.4-3sarge2_m68k.deb stable/main/binary-m68k/libmilter-dev_8.13.4-3sarge2_m68k.deb stable/main/binary-m68k/sendmail-bin_8.13.4-3sarge2_m68k.deb stable/main/binary-m68k/sensible-mda_8.13.4-3sarge2_m68k.deb stable/main/binary-m68k/libmilter0_8.13.4-3sarge2_m68k.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-ia64/libmilter-dev_8.13.4-3sarge2_ia64.deb stable/main/binary-ia64/sendmail-bin_8.13.4-3sarge2_ia64.deb stable/main/binary-ia64/sensible-mda_8.13.4-3sarge2_ia64.deb stable/main/binary-ia64/libmilter0_8.13.4-3sarge2_ia64.deb stable/main/binary-ia64/rmail_8.13.4-3sarge2_ia64.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-i386/sendmail-bin_8.13.4-3sarge2_i386.deb stable/main/binary-i386/sensible-mda_8.13.4-3sarge2_i386.deb stable/main/binary-i386/libmilter0_8.13.4-3sarge2_i386.deb stable/main/binary-i386/rmail_8.13.4-3sarge2_i386.deb stable/main/binary-i386/libmilter-dev_8.13.4-3sarge2_i386.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-hppa/libmilter0_8.13.4-3sarge2_hppa.deb stable/main/binary-hppa/libmilter-dev_8.13.4-3sarge2_hppa.deb stable/main/binary-hppa/rmail_8.13.4-3sarge2_hppa.deb stable/main/binary-hppa/sensible-mda_8.13.4-3sarge2_hppa.deb stable/main/binary-hppa/sendmail-bin_8.13.4-3sarge2_hppa.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-arm/libmilter0_8.13.4-3sarge2_arm.deb stable/main/binary-arm/sendmail-bin_8.13.4-3sarge2_arm.deb stable/main/binary-arm/rmail_8.13.4-3sarge2_arm.deb stable/main/binary-arm/sensible-mda_8.13.4-3sarge2_arm.deb stable/main/binary-arm/libmilter-dev_8.13.4-3sarge2_arm.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-alpha/rmail_8.13.4-3sarge2_alpha.deb stable/main/binary-alpha/libmilter-dev_8.13.4-3sarge2_alpha.deb stable/main/binary-alpha/libmilter0_8.13.4-3sarge2_alpha.deb stable/main/binary-alpha/sendmail-bin_8.13.4-3sarge2_alpha.deb stable/main/binary-alpha/sensible-mda_8.13.4-3sarge2_alpha.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/source/sendmail_8.13.4-3sarge2.diff.gz stable/main/source/sendmail_8.13.4-3sarge2.dsc stable/main/binary-powerpc/libmilter-dev_8.13.4-3sarge2_powerpc.deb stable/main/binary-powerpc/sensible-mda_8.13.4-3sarge2_powerpc.deb stable/main/binary-all/sendmail-doc_8.13.4-3sarge2_all.deb stable/main/binary-all/sendmail_8.13.4-3sarge2_all.deb stable/main/binary-all/sendmail-cf_8.13.4-3sarge2_all.deb stable/main/binary-powerpc/libmilter0_8.13.4-3sarge2_powerpc.deb stable/main/binary-powerpc/sendmail-bin_8.13.4-3sarge2_powerpc.deb stable/main/binary-powerpc/rmail_8.13.4-3sarge2_powerpc.deb stable/main/binary-all/sendmail-base_8.13.4-3sarge2_all.deb sendmail (8.13.4-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied upstream patch to fix denial of service [VU#146718, Bug#380258, debian/patches/8.13/8.13.4/z_CVE-2006-1173.patch] stable/main/binary-sparc/winbind_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/libsmbclient_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/smbfs_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/swat_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/samba_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/samba-common_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/samba-dbg_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/libsmbclient-dev_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/libpam-smbpass_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/python2.3-samba_3.0.14a-3sarge2_sparc.deb stable/main/binary-sparc/smbclient_3.0.14a-3sarge2_sparc.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-s390/samba-dbg_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/smbfs_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/libpam-smbpass_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/libsmbclient_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/python2.3-samba_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/smbclient_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/libsmbclient-dev_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/winbind_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/swat_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/samba-common_3.0.14a-3sarge2_s390.deb stable/main/binary-s390/samba_3.0.14a-3sarge2_s390.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-powerpc/swat_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/smbclient_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/samba_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/libpam-smbpass_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/python2.3-samba_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/libsmbclient_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/samba-dbg_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/libsmbclient-dev_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/winbind_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/samba-common_3.0.14a-3sarge2_powerpc.deb stable/main/binary-powerpc/smbfs_3.0.14a-3sarge2_powerpc.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-mipsel/samba-dbg_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/libsmbclient-dev_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/libsmbclient_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/samba_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/swat_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/smbfs_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/libpam-smbpass_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/python2.3-samba_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/samba-common_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/smbclient_3.0.14a-3sarge2_mipsel.deb stable/main/binary-mipsel/winbind_3.0.14a-3sarge2_mipsel.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-mips/samba-dbg_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/libsmbclient-dev_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/libpam-smbpass_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/smbfs_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/swat_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/samba-common_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/samba_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/winbind_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/python2.3-samba_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/smbclient_3.0.14a-3sarge2_mips.deb stable/main/binary-mips/libsmbclient_3.0.14a-3sarge2_mips.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-m68k/smbfs_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/libsmbclient_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/libpam-smbpass_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/swat_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/smbclient_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/libsmbclient-dev_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/python2.3-samba_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/samba-common_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/samba_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/samba-dbg_3.0.14a-3sarge2_m68k.deb stable/main/binary-m68k/winbind_3.0.14a-3sarge2_m68k.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-ia64/libsmbclient-dev_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/samba-common_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/libpam-smbpass_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/winbind_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/smbclient_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/python2.3-samba_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/samba-dbg_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/swat_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/smbfs_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/libsmbclient_3.0.14a-3sarge2_ia64.deb stable/main/binary-ia64/samba_3.0.14a-3sarge2_ia64.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-hppa/swat_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/libsmbclient_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/libpam-smbpass_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/libsmbclient-dev_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/winbind_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/smbclient_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/samba-common_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/python2.3-samba_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/samba-dbg_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/smbfs_3.0.14a-3sarge2_hppa.deb stable/main/binary-hppa/samba_3.0.14a-3sarge2_hppa.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-arm/libsmbclient-dev_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/samba-dbg_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/smbclient_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/libsmbclient_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/swat_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/libpam-smbpass_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/smbfs_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/samba_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/samba-common_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/python2.3-samba_3.0.14a-3sarge2_arm.deb stable/main/binary-arm/winbind_3.0.14a-3sarge2_arm.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-alpha/libsmbclient-dev_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/swat_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/samba-dbg_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/samba_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/smbfs_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/python2.3-samba_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/libsmbclient_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/smbclient_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/libpam-smbpass_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/winbind_3.0.14a-3sarge2_alpha.deb stable/main/binary-alpha/samba-common_3.0.14a-3sarge2_alpha.deb samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-i386/winbind_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/samba_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/samba-dbg_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/swat_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/python2.3-samba_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/samba-common_3.0.14a-3sarge2_i386.deb stable/main/binary-all/samba-doc_3.0.14a-3sarge2_all.deb stable/main/source/samba_3.0.14a-3sarge2.diff.gz stable/main/binary-i386/smbclient_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/libpam-smbpass_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/libsmbclient-dev_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/smbfs_3.0.14a-3sarge2_i386.deb stable/main/binary-i386/libsmbclient_3.0.14a-3sarge2_i386.deb stable/main/source/samba_3.0.14a-3sarge2.dsc samba (3.0.14a-3sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team: Fix anonymous memory exhaustion DoS. [CVE-2006-3403] stable/main/binary-sparc/libsyslog-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libtcltk-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libreadline-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libruby1.6-dbg_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libdbm-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libgdbm-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/ruby1.6-dev_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libtk-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libsdbm-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libpty-ruby1.6_1.6.8-12sarge2_sparc.deb stable/main/binary-sparc/libcurses-ruby1.6_1.6.8-12sarge2_sparc.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-s390/libdbm-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libsdbm-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libreadline-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libpty-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libtcltk-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libcurses-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libtk-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libruby1.6-dbg_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libsyslog-ruby1.6_1.6.8-12sarge2_s390.deb stable/main/binary-s390/ruby1.6-dev_1.6.8-12sarge2_s390.deb stable/main/binary-s390/libgdbm-ruby1.6_1.6.8-12sarge2_s390.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-powerpc/libtcltk-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libreadline-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libsdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libpty-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libtk-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libcurses-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libsyslog-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libgdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libruby1.6_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/ruby1.6-dev_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libruby1.6-dbg_1.6.8-12sarge2_powerpc.deb stable/main/binary-powerpc/libdbm-ruby1.6_1.6.8-12sarge2_powerpc.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-mipsel/ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libruby1.6-dbg_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libpty-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libsdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libgdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libtcltk-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/ruby1.6-dev_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libreadline-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libdbm-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libtk-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libcurses-ruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libruby1.6_1.6.8-12sarge2_mipsel.deb stable/main/binary-mipsel/libsyslog-ruby1.6_1.6.8-12sarge2_mipsel.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-mips/libruby1.6-dbg_1.6.8-12sarge2_mips.deb stable/main/binary-mips/ruby1.6-dev_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libreadline-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libtcltk-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libgdbm-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libtk-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libcurses-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libsdbm-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libsyslog-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libdbm-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libpty-ruby1.6_1.6.8-12sarge2_mips.deb stable/main/binary-mips/libruby1.6_1.6.8-12sarge2_mips.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-m68k/libsyslog-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libreadline-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libpty-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libtcltk-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libsdbm-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libcurses-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libdbm-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libtk-ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/ruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/ruby1.6-dev_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libruby1.6-dbg_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libruby1.6_1.6.8-12sarge2_m68k.deb stable/main/binary-m68k/libgdbm-ruby1.6_1.6.8-12sarge2_m68k.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-ia64/libdbm-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libtk-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libreadline-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/ruby1.6-dev_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libsyslog-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libsdbm-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libruby1.6-dbg_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libcurses-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libpty-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libgdbm-ruby1.6_1.6.8-12sarge2_ia64.deb stable/main/binary-ia64/libtcltk-ruby1.6_1.6.8-12sarge2_ia64.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-hppa/libsyslog-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libcurses-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libpty-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libgdbm-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/ruby1.6-dev_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libtk-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libruby1.6-dbg_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libreadline-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libtcltk-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libsdbm-ruby1.6_1.6.8-12sarge2_hppa.deb stable/main/binary-hppa/libdbm-ruby1.6_1.6.8-12sarge2_hppa.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-arm/libruby1.6-dbg_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libtcltk-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libpty-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libdbm-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libreadline-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libsyslog-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/ruby1.6-dev_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libsdbm-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libgdbm-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libcurses-ruby1.6_1.6.8-12sarge2_arm.deb stable/main/binary-arm/libtk-ruby1.6_1.6.8-12sarge2_arm.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-alpha/ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libsdbm-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libreadline-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libcurses-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/ruby1.6-dev_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libpty-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libgdbm-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libtk-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libdbm-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libsyslog-ruby1.6_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libruby1.6-dbg_1.6.8-12sarge2_alpha.deb stable/main/binary-alpha/libtcltk-ruby1.6_1.6.8-12sarge2_alpha.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-i386/libruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libtcltk-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-all/ruby1.6-elisp_1.6.8-12sarge2_all.deb stable/main/binary-i386/libreadline-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libpty-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/source/ruby1.6_1.6.8-12sarge2.diff.gz stable/main/binary-i386/libsyslog-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-all/irb1.6_1.6.8-12sarge2_all.deb stable/main/binary-all/ruby1.6-examples_1.6.8-12sarge2_all.deb stable/main/binary-i386/libgdbm-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/source/ruby1.6_1.6.8-12sarge2.dsc stable/main/binary-i386/libruby1.6-dbg_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libdbm-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libtk-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libsdbm-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/libcurses-ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/ruby1.6_1.6.8-12sarge2_i386.deb stable/main/binary-i386/ruby1.6-dev_1.6.8-12sarge2_i386.deb ruby1.6 (1.6.8-12sarge2) stable-security; urgency=high * akira yamada - added debian/patches/815-83768862.patch and debian/patches/816-13947696.patch from Kobayashi Noritada (see: #378029): - JVN#83768862: Alias features cannot handle safe levels correclty, so it can be safety bypass. - JVN#13947696: Some methods have defects that they can call other methods, which really should be prohibited, in safe level 4. (Both issues are tracked as CVE-2006-3694) stable/main/binary-sparc/rssh_2.2.3-1.sarge.2_sparc.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-s390/rssh_2.2.3-1.sarge.2_s390.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-powerpc/rssh_2.2.3-1.sarge.2_powerpc.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-mipsel/rssh_2.2.3-1.sarge.2_mipsel.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-mips/rssh_2.2.3-1.sarge.2_mips.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-m68k/rssh_2.2.3-1.sarge.2_m68k.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-ia64/rssh_2.2.3-1.sarge.2_ia64.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-hppa/rssh_2.2.3-1.sarge.2_hppa.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-arm/rssh_2.2.3-1.sarge.2_arm.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-alpha/rssh_2.2.3-1.sarge.2_alpha.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/source/rssh_2.2.3-1.sarge.2.diff.gz stable/main/source/rssh_2.2.3-1.sarge.2.dsc stable/main/binary-i386/rssh_2.2.3-1.sarge.2_i386.deb rssh (2.2.3-1.sarge.2) stable-security; urgency=high * Command line parse fix for a problem introduced with the security fix integrated in 2.2.3-1.sarge.1. [CVE-2006-1320] (Closes: #363978) stable/main/binary-sparc/libresmgr-dev_1.0-2sarge2_sparc.deb stable/main/binary-sparc/libresmgr1_1.0-2sarge2_sparc.deb stable/main/binary-sparc/resmgr_1.0-2sarge2_sparc.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-s390/libresmgr-dev_1.0-2sarge2_s390.deb stable/main/binary-s390/libresmgr1_1.0-2sarge2_s390.deb stable/main/binary-s390/resmgr_1.0-2sarge2_s390.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-mipsel/libresmgr1_1.0-2sarge2_mipsel.deb stable/main/binary-mipsel/libresmgr-dev_1.0-2sarge2_mipsel.deb stable/main/binary-mipsel/resmgr_1.0-2sarge2_mipsel.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-mips/resmgr_1.0-2sarge2_mips.deb stable/main/binary-mips/libresmgr1_1.0-2sarge2_mips.deb stable/main/binary-mips/libresmgr-dev_1.0-2sarge2_mips.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-m68k/resmgr_1.0-2sarge2_m68k.deb stable/main/binary-m68k/libresmgr-dev_1.0-2sarge2_m68k.deb stable/main/binary-m68k/libresmgr1_1.0-2sarge2_m68k.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-ia64/libresmgr-dev_1.0-2sarge2_ia64.deb stable/main/binary-ia64/libresmgr1_1.0-2sarge2_ia64.deb stable/main/binary-ia64/resmgr_1.0-2sarge2_ia64.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-i386/libresmgr-dev_1.0-2sarge2_i386.deb stable/main/binary-i386/libresmgr1_1.0-2sarge2_i386.deb stable/main/binary-i386/resmgr_1.0-2sarge2_i386.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-hppa/libresmgr1_1.0-2sarge2_hppa.deb stable/main/binary-hppa/libresmgr-dev_1.0-2sarge2_hppa.deb stable/main/binary-hppa/resmgr_1.0-2sarge2_hppa.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-arm/libresmgr-dev_1.0-2sarge2_arm.deb stable/main/binary-arm/libresmgr1_1.0-2sarge2_arm.deb stable/main/binary-arm/resmgr_1.0-2sarge2_arm.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-alpha/libresmgr-dev_1.0-2sarge2_alpha.deb stable/main/binary-alpha/libresmgr1_1.0-2sarge2_alpha.deb stable/main/binary-alpha/resmgr_1.0-2sarge2_alpha.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-powerpc/libresmgr1_1.0-2sarge2_powerpc.deb stable/main/source/resmgr_1.0-2sarge2.dsc stable/main/binary-powerpc/resmgr_1.0-2sarge2_powerpc.deb stable/main/source/resmgr_1.0-2sarge2.diff.gz stable/main/binary-powerpc/libresmgr-dev_1.0-2sarge2_powerpc.deb resmgr (1.0-2sarge2) stable-security; urgency=high * Adjusted changelog entry stable/main/binary-sparc/quagga_0.98.3-7.2_sparc.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-s390/quagga_0.98.3-7.2_s390.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-mipsel/quagga_0.98.3-7.2_mipsel.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-mips/quagga_0.98.3-7.2_mips.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-m68k/quagga_0.98.3-7.2_m68k.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-ia64/quagga_0.98.3-7.2_ia64.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-i386/quagga_0.98.3-7.2_i386.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-hppa/quagga_0.98.3-7.2_hppa.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-arm/quagga_0.98.3-7.2_arm.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-alpha/quagga_0.98.3-7.2_alpha.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/source/quagga_0.98.3-7.2.dsc stable/main/source/quagga_0.98.3-7.2.diff.gz stable/main/binary-powerpc/quagga_0.98.3-7.2_powerpc.deb stable/main/binary-all/quagga-doc_0.98.3-7.2_all.deb quagga (0.98.3-7.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Moved patches named after the old rejected CVE name to refer to CVE-2006-2223. * Added a fifth patch to fix CVE-2006-2223 or CVE-2006-2224 resp. * Applied security patch that fixes a bug which allowed local users to cause a denial of service (CPU consumption) via a certain sh ip bgp command entered in the telnet interface [bgpd/bgp_community.c, CVE-2006-2276, closes: #366980] stable/main/binary-sparc/python2.1-pgsql_2.4.0-5sarge1_sparc.deb stable/main/binary-sparc/python2.2-pgsql_2.4.0-5sarge1_sparc.deb stable/main/binary-sparc/python2.3-pgsql_2.4.0-5sarge1_sparc.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-s390/python2.3-pgsql_2.4.0-5sarge1_s390.deb stable/main/binary-s390/python2.1-pgsql_2.4.0-5sarge1_s390.deb stable/main/binary-s390/python2.2-pgsql_2.4.0-5sarge1_s390.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-powerpc/python2.3-pgsql_2.4.0-5sarge1_powerpc.deb stable/main/binary-powerpc/python2.2-pgsql_2.4.0-5sarge1_powerpc.deb stable/main/binary-powerpc/python2.1-pgsql_2.4.0-5sarge1_powerpc.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-mipsel/python2.3-pgsql_2.4.0-5sarge1_mipsel.deb stable/main/binary-mipsel/python2.2-pgsql_2.4.0-5sarge1_mipsel.deb stable/main/binary-mipsel/python2.1-pgsql_2.4.0-5sarge1_mipsel.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-mips/python2.3-pgsql_2.4.0-5sarge1_mips.deb stable/main/binary-mips/python2.2-pgsql_2.4.0-5sarge1_mips.deb stable/main/binary-mips/python2.1-pgsql_2.4.0-5sarge1_mips.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-m68k/python2.2-pgsql_2.4.0-5sarge1_m68k.deb stable/main/binary-m68k/python2.3-pgsql_2.4.0-5sarge1_m68k.deb stable/main/binary-m68k/python2.1-pgsql_2.4.0-5sarge1_m68k.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-ia64/python2.3-pgsql_2.4.0-5sarge1_ia64.deb stable/main/binary-ia64/python2.2-pgsql_2.4.0-5sarge1_ia64.deb stable/main/binary-ia64/python2.1-pgsql_2.4.0-5sarge1_ia64.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-hppa/python2.3-pgsql_2.4.0-5sarge1_hppa.deb stable/main/binary-hppa/python2.1-pgsql_2.4.0-5sarge1_hppa.deb stable/main/binary-hppa/python2.2-pgsql_2.4.0-5sarge1_hppa.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-arm/python2.1-pgsql_2.4.0-5sarge1_arm.deb stable/main/binary-arm/python2.3-pgsql_2.4.0-5sarge1_arm.deb stable/main/binary-arm/python2.2-pgsql_2.4.0-5sarge1_arm.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-alpha/python2.3-pgsql_2.4.0-5sarge1_alpha.deb stable/main/binary-alpha/python2.2-pgsql_2.4.0-5sarge1_alpha.deb stable/main/binary-alpha/python2.1-pgsql_2.4.0-5sarge1_alpha.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/binary-i386/python2.1-pgsql_2.4.0-5sarge1_i386.deb stable/main/source/python-pgsql_2.4.0-5sarge1.dsc stable/main/binary-i386/python2.3-pgsql_2.4.0-5sarge1_i386.deb stable/main/source/python-pgsql_2.4.0-5sarge1.diff.gz stable/main/binary-i386/python2.2-pgsql_2.4.0-5sarge1_i386.deb stable/main/binary-all/python-pgsql_2.4.0-5sarge1_all.deb python-pgsql (2.4.0-5sarge1) stable; urgency=high * In routines PgQuoteString() and PgQuoteBytea(), quotes are now escaped as '', not as \' (closes: #369250). In some multi-byte encodings you can exploit \' escaping to inject SQL code, and so \' no longer works for such client encodings with newer PostgreSQL servers. Thanks to Martin Pitt for the patch. * Reference: CVE-2006-2314. stable/main/source/preseed_1.01.2.tar.gz stable/main/binary-all/file-preseed_1.01.2_all.udeb stable/main/binary-all/network-preseed_1.01.2_all.udeb stable/main/source/preseed_1.01.2.dsc preseed (1.01.2) stable; urgency=low * Re-upload as udebs got unaccepted by mistake. * Updated translations: - Arabic (ar.po) by Ossama M. Khayat - Bulgarian (bg.po) by Ognyan Kulev - Bosnian (bs.po) by Safir Secerovic - Welsh (cy.po) by Dafydd Harries - Danish (da.po) by Claus Hindsgaul - German (de.po) by Jens Seidel - Greek, Modern (1453-) (el.po) by quad-nrg.net - Spanish (Castilian) (es.po) by Javier Fernández-Sanguino Peña - Basque (eu.po) by Piarres Beobide - Finnish (fi.po) by Tapio Lehtonen - French (fr.po) by Christian Perrier - Gallegan (gl.po) by Jacobo Tarrio - Hebrew (he.po) by Lior Kaplan - Croatian (hr.po) by Krunoslav Gernhard - Hungarian (hu.po) by SZERVÃC Attila - Italian (it.po) by Giuseppe Sacco - Lithuanian (lt.po) by KÄ™stutis BiliÅ«nas - Latvian (lv.po) by Aigars Mahinovs - Bøkmal, Norwegian (nb.po) by Bjørn Steensrud - Norwegian Nynorsk (nn.po) by HÃ¥vard Korsvoll - Polish (pl.po) by Bartosz Fenski - Portuguese (Brazil) (pt_BR.po) by André Luís Lopes - Portuguese (pt.po) by Miguel Figueiredo - Romanian (ro.po) by Eddy PetriÅŸor - Russian (ru.po) by Yuri Kozlov - Slovak (sk.po) by Peter Mann - Slovenian (sl.po) by Jure ÄŒuhalev - Albanian (sq.po) by Elian Myftiu - Swedish (sv.po) by Daniel Nylander - Turkish (tr.po) by Recai OktaÅŸ - Ukrainian (uk.po) by Eugeniy Meshcheryakov - Simplified Chinese (zh_CN.po) by Carlos Z.F. Liu stable/main/binary-s390/ppxp_0.2001080415-10sarge2_s390.deb stable/main/binary-s390/ppxp-tcltk_0.2001080415-10sarge2_s390.deb stable/main/binary-s390/ppxp-dev_0.2001080415-10sarge2_s390.deb stable/main/binary-s390/ppxp-x11_0.2001080415-10sarge2_s390.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-powerpc/ppxp-dev_0.2001080415-10sarge2_powerpc.deb stable/main/binary-powerpc/ppxp-x11_0.2001080415-10sarge2_powerpc.deb stable/main/binary-powerpc/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb stable/main/binary-powerpc/ppxp_0.2001080415-10sarge2_powerpc.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-mipsel/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb stable/main/binary-mipsel/ppxp_0.2001080415-10sarge2_mipsel.deb stable/main/binary-mipsel/ppxp-x11_0.2001080415-10sarge2_mipsel.deb stable/main/binary-mipsel/ppxp-dev_0.2001080415-10sarge2_mipsel.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-mips/ppxp_0.2001080415-10sarge2_mips.deb stable/main/binary-mips/ppxp-dev_0.2001080415-10sarge2_mips.deb stable/main/binary-mips/ppxp-x11_0.2001080415-10sarge2_mips.deb stable/main/binary-mips/ppxp-tcltk_0.2001080415-10sarge2_mips.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-m68k/ppxp-x11_0.2001080415-10sarge2_m68k.deb stable/main/binary-m68k/ppxp-dev_0.2001080415-10sarge2_m68k.deb stable/main/binary-m68k/ppxp_0.2001080415-10sarge2_m68k.deb stable/main/binary-m68k/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-ia64/ppxp-x11_0.2001080415-10sarge2_ia64.deb stable/main/binary-ia64/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb stable/main/binary-ia64/ppxp_0.2001080415-10sarge2_ia64.deb stable/main/binary-ia64/ppxp-dev_0.2001080415-10sarge2_ia64.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-i386/ppxp-tcltk_0.2001080415-10sarge2_i386.deb stable/main/binary-i386/ppxp-x11_0.2001080415-10sarge2_i386.deb stable/main/binary-i386/ppxp-dev_0.2001080415-10sarge2_i386.deb stable/main/binary-i386/ppxp_0.2001080415-10sarge2_i386.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-hppa/ppxp_0.2001080415-10sarge2_hppa.deb stable/main/binary-hppa/ppxp-x11_0.2001080415-10sarge2_hppa.deb stable/main/binary-hppa/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb stable/main/binary-hppa/ppxp-dev_0.2001080415-10sarge2_hppa.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-arm/ppxp_0.2001080415-10sarge2_arm.deb stable/main/binary-arm/ppxp-tcltk_0.2001080415-10sarge2_arm.deb stable/main/binary-arm/ppxp-x11_0.2001080415-10sarge2_arm.deb stable/main/binary-arm/ppxp-dev_0.2001080415-10sarge2_arm.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-alpha/ppxp-dev_0.2001080415-10sarge2_alpha.deb stable/main/binary-alpha/ppxp_0.2001080415-10sarge2_alpha.deb stable/main/binary-alpha/ppxp-x11_0.2001080415-10sarge2_alpha.deb stable/main/binary-alpha/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-sparc/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb stable/main/source/ppxp_0.2001080415-10sarge2.dsc stable/main/source/ppxp_0.2001080415-10sarge2.diff.gz stable/main/binary-sparc/ppxp-dev_0.2001080415-10sarge2_sparc.deb stable/main/binary-sparc/ppxp-x11_0.2001080415-10sarge2_sparc.deb stable/main/binary-sparc/ppxp_0.2001080415-10sarge2_sparc.deb ppxp (0.2001080415-10sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * No changes rebuild due to the release stable/main/binary-sparc/ppp-udeb_2.4.3-20050321+2sarge1_sparc.udeb stable/main/binary-sparc/ppp_2.4.3-20050321+2sarge1_sparc.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-s390/ppp_2.4.3-20050321+2sarge1_s390.deb stable/main/binary-s390/ppp-udeb_2.4.3-20050321+2sarge1_s390.udeb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-mipsel/ppp_2.4.3-20050321+2sarge1_mipsel.deb stable/main/binary-mipsel/ppp-udeb_2.4.3-20050321+2sarge1_mipsel.udeb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-mips/ppp_2.4.3-20050321+2sarge1_mips.deb stable/main/binary-mips/ppp-udeb_2.4.3-20050321+2sarge1_mips.udeb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-m68k/ppp-udeb_2.4.3-20050321+2sarge1_m68k.udeb stable/main/binary-m68k/ppp_2.4.3-20050321+2sarge1_m68k.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-ia64/ppp-udeb_2.4.3-20050321+2sarge1_ia64.udeb stable/main/binary-ia64/ppp_2.4.3-20050321+2sarge1_ia64.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-i386/ppp-udeb_2.4.3-20050321+2sarge1_i386.udeb stable/main/binary-i386/ppp_2.4.3-20050321+2sarge1_i386.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-hppa/ppp_2.4.3-20050321+2sarge1_hppa.deb stable/main/binary-hppa/ppp-udeb_2.4.3-20050321+2sarge1_hppa.udeb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-arm/ppp_2.4.3-20050321+2sarge1_arm.deb stable/main/binary-arm/ppp-udeb_2.4.3-20050321+2sarge1_arm.udeb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/binary-alpha/ppp-udeb_2.4.3-20050321+2sarge1_alpha.udeb stable/main/binary-alpha/ppp_2.4.3-20050321+2sarge1_alpha.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/source/ppp_2.4.3-20050321+2sarge1.diff.gz stable/main/binary-powerpc/ppp-udeb_2.4.3-20050321+2sarge1_powerpc.udeb stable/main/source/ppp_2.4.3-20050321+2sarge1.dsc stable/main/binary-all/ppp-dev_2.4.3-20050321+2sarge1_all.deb stable/main/binary-powerpc/ppp_2.4.3-20050321+2sarge1_powerpc.deb ppp (2.4.3-20050321+2sarge1) stable-security; urgency=medium * Non-maintainer upload by the Security Team * Applied patch by Marcus Meissner to honor the return value of a potentially failing setuid() call [pppd/plugins/winbind.c, debian/patches/zzz-CVE-2006-2194] stable/main/source/postgrey_1.21-1sarge1.dsc stable/main/source/postgrey_1.21-1sarge1.diff.gz stable/main/binary-all/postgrey_1.21-1sarge1_all.deb postgrey (1.21-1sarge1) stable-security; urgency=high * Security upload: fix format string attack in the logging function. Fix backported from 1.22. [postgrey, CVE-2005-1127] stable/main/binary-sparc/postgresql-contrib_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/libpgtcl-dev_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/postgresql-dev_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/libecpg-dev_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/libpq3_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/postgresql-client_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/libpgtcl_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/postgresql_7.4.7-6sarge3_sparc.deb stable/main/binary-sparc/libecpg4_7.4.7-6sarge3_sparc.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-s390/postgresql-dev_7.4.7-6sarge3_s390.deb stable/main/binary-s390/postgresql-client_7.4.7-6sarge3_s390.deb stable/main/binary-s390/libpq3_7.4.7-6sarge3_s390.deb stable/main/binary-s390/postgresql_7.4.7-6sarge3_s390.deb stable/main/binary-s390/postgresql-contrib_7.4.7-6sarge3_s390.deb stable/main/binary-s390/libpgtcl_7.4.7-6sarge3_s390.deb stable/main/binary-s390/libecpg4_7.4.7-6sarge3_s390.deb stable/main/binary-s390/libpgtcl-dev_7.4.7-6sarge3_s390.deb stable/main/binary-s390/libecpg-dev_7.4.7-6sarge3_s390.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-powerpc/postgresql-contrib_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/libecpg4_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/libpgtcl_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/libpq3_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/postgresql-client_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/libpgtcl-dev_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/libecpg-dev_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/postgresql-dev_7.4.7-6sarge3_powerpc.deb stable/main/binary-powerpc/postgresql_7.4.7-6sarge3_powerpc.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-mipsel/libpq3_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/postgresql-client_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/libecpg4_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/postgresql-contrib_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/postgresql_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/libpgtcl_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/libpgtcl-dev_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/postgresql-dev_7.4.7-6sarge3_mipsel.deb stable/main/binary-mipsel/libecpg-dev_7.4.7-6sarge3_mipsel.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-mips/libpgtcl_7.4.7-6sarge3_mips.deb stable/main/binary-mips/libecpg-dev_7.4.7-6sarge3_mips.deb stable/main/binary-mips/postgresql-dev_7.4.7-6sarge3_mips.deb stable/main/binary-mips/postgresql_7.4.7-6sarge3_mips.deb stable/main/binary-mips/postgresql-client_7.4.7-6sarge3_mips.deb stable/main/binary-mips/libpgtcl-dev_7.4.7-6sarge3_mips.deb stable/main/binary-mips/postgresql-contrib_7.4.7-6sarge3_mips.deb stable/main/binary-mips/libpq3_7.4.7-6sarge3_mips.deb stable/main/binary-mips/libecpg4_7.4.7-6sarge3_mips.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-m68k/postgresql-dev_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/libpgtcl-dev_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/libpgtcl_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/postgresql-contrib_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/libpq3_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/libecpg-dev_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/libecpg4_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/postgresql-client_7.4.7-6sarge3_m68k.deb stable/main/binary-m68k/postgresql_7.4.7-6sarge3_m68k.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-ia64/libpgtcl_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/postgresql-dev_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/postgresql_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/libpq3_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/postgresql-contrib_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/libecpg4_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/libecpg-dev_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/postgresql-client_7.4.7-6sarge3_ia64.deb stable/main/binary-ia64/libpgtcl-dev_7.4.7-6sarge3_ia64.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-hppa/postgresql-client_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/libpgtcl_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/postgresql_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/libpq3_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/postgresql-dev_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/libecpg-dev_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/libpgtcl-dev_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/postgresql-contrib_7.4.7-6sarge3_hppa.deb stable/main/binary-hppa/libecpg4_7.4.7-6sarge3_hppa.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-arm/libpgtcl_7.4.7-6sarge3_arm.deb stable/main/binary-arm/libecpg4_7.4.7-6sarge3_arm.deb stable/main/binary-arm/postgresql-dev_7.4.7-6sarge3_arm.deb stable/main/binary-arm/postgresql-contrib_7.4.7-6sarge3_arm.deb stable/main/binary-arm/libpq3_7.4.7-6sarge3_arm.deb stable/main/binary-arm/postgresql-client_7.4.7-6sarge3_arm.deb stable/main/binary-arm/postgresql_7.4.7-6sarge3_arm.deb stable/main/binary-arm/libpgtcl-dev_7.4.7-6sarge3_arm.deb stable/main/binary-arm/libecpg-dev_7.4.7-6sarge3_arm.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-alpha/postgresql-client_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/libecpg4_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/libpgtcl-dev_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/libpgtcl_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/libpq3_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/postgresql_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/libecpg-dev_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/postgresql-dev_7.4.7-6sarge3_alpha.deb stable/main/binary-alpha/postgresql-contrib_7.4.7-6sarge3_alpha.deb postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/binary-all/postgresql-doc_7.4.7-6sarge3_all.deb stable/main/binary-i386/postgresql-dev_7.4.7-6sarge3_i386.deb stable/main/binary-i386/libecpg-dev_7.4.7-6sarge3_i386.deb stable/main/binary-i386/postgresql-contrib_7.4.7-6sarge3_i386.deb stable/main/source/postgresql_7.4.7-6sarge3.diff.gz stable/main/binary-i386/libpq3_7.4.7-6sarge3_i386.deb stable/main/binary-i386/postgresql_7.4.7-6sarge3_i386.deb stable/main/binary-i386/postgresql-client_7.4.7-6sarge3_i386.deb stable/main/binary-i386/libecpg4_7.4.7-6sarge3_i386.deb stable/main/binary-i386/libpgtcl_7.4.7-6sarge3_i386.deb stable/main/binary-i386/libpgtcl-dev_7.4.7-6sarge3_i386.deb stable/main/source/postgresql_7.4.7-6sarge3.dsc postgresql (7.4.7-6sarge3) stable; urgency=low * debian/patches/57quote-escaping.patch: - contrib/dbmirror/DBMirror.pl: Fix parsing of quotes escaped as '' in the PendingData table to make the script work with the updated quoting method introduced in 7.4.7-6sarge2 (using \' escaping is insecure). - Closes: #372115 stable/main/source/popfile_0.22.2-2sarge1.diff.gz stable/main/source/popfile_0.22.2-2sarge1.dsc stable/main/binary-all/popfile_0.22.2-2sarge1_all.deb popfile (0.22.2-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team: * Fix denial of service vulnerability through malformed character sets in email messages. (CVE-2006-0876) stable/main/binary-sparc/pinball_0.3.1-3sarge1_sparc.deb stable/main/binary-sparc/pinball-dev_0.3.1-3sarge1_sparc.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-s390/pinball_0.3.1-3sarge1_s390.deb stable/main/binary-s390/pinball-dev_0.3.1-3sarge1_s390.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-powerpc/pinball-dev_0.3.1-3sarge1_powerpc.deb stable/main/binary-powerpc/pinball_0.3.1-3sarge1_powerpc.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-mipsel/pinball_0.3.1-3sarge1_mipsel.deb stable/main/binary-mipsel/pinball-dev_0.3.1-3sarge1_mipsel.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-mips/pinball_0.3.1-3sarge1_mips.deb stable/main/binary-mips/pinball-dev_0.3.1-3sarge1_mips.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-m68k/pinball-dev_0.3.1-3sarge1_m68k.deb stable/main/binary-m68k/pinball_0.3.1-3sarge1_m68k.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-ia64/pinball_0.3.1-3sarge1_ia64.deb stable/main/binary-ia64/pinball-dev_0.3.1-3sarge1_ia64.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-hppa/pinball_0.3.1-3sarge1_hppa.deb stable/main/binary-hppa/pinball-dev_0.3.1-3sarge1_hppa.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-arm/pinball_0.3.1-3sarge1_arm.deb stable/main/binary-arm/pinball-dev_0.3.1-3sarge1_arm.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/binary-alpha/pinball_0.3.1-3sarge1_alpha.deb stable/main/binary-alpha/pinball-dev_0.3.1-3sarge1_alpha.deb pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/source/pinball_0.3.1-3sarge1.diff.gz stable/main/binary-i386/pinball-dev_0.3.1-3sarge1_i386.deb stable/main/binary-all/pinball-data_0.3.1-3sarge1_all.deb stable/main/binary-i386/pinball_0.3.1-3sarge1_i386.deb stable/main/source/pinball_0.3.1-3sarge1.dsc pinball (0.3.1-3sarge1) stable-security; urgency=high * Non-maintainer upload by The Security Team. * Avoid loading levels and compiled plugins from user-controllable locations. [CVE-2006-2196] stable/main/source/phpldapadmin_0.9.5-3sarge3.dsc stable/main/source/phpldapadmin_0.9.5-3sarge3.diff.gz stable/main/binary-all/phpldapadmin_0.9.5-3sarge3_all.deb phpldapadmin (0.9.5-3sarge3) stable-security; urgency=high * copy_form.php, rename_form.php, delete_form.php, search.php: Fixes multiple xss vulnerabilities. [CVE-2006-2016, Bug#365313] stable/main/binary-all/phpgroupware-stocks_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-fudforum_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-admin_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-registration_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-manual_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-img_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-developer-tools_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-chat_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-phpbrain_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-headlines_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-hr_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-tts_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-projects_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-notes_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-skel_0.9.16.005-3.sarge5_all.deb stable/main/source/phpgroupware_0.9.16.005-3.sarge5.dsc stable/main/binary-all/phpgroupware-filemanager_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-polls_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-dj_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-calendar_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-comic_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-ftp_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-core_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-xmlrpc_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-eldaptir_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-phpsysinfo_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-phpgwapi_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-infolog_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-wiki_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-bookmarks_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-email_0.9.16.005-3.sarge5_all.deb stable/main/source/phpgroupware_0.9.16.005-3.sarge5.diff.gz stable/main/binary-all/phpgroupware-nntp_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-sitemgr_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-phonelog_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-news-admin_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-forum_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-soap_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-qmailldap_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-addressbook_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-messenger_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-preferences_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-etemplate_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-felamimail_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-folders_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-todo_0.9.16.005-3.sarge5_all.deb stable/main/binary-all/phpgroupware-setup_0.9.16.005-3.sarge5_all.deb phpgroupware (0.9.16.005-3.sarge5) stable-security; urgency=high * Non-maintainer upload for the Security Team * Fixed code injection in fudforum. [fudforum/setup/base/src/register.php.t, CVE-2005-2781] stable/main/source/phpbb2_2.0.13+1-6sarge3.dsc stable/main/binary-all/phpbb2_2.0.13-6sarge3_all.deb stable/main/binary-all/phpbb2-conf-mysql_2.0.13-6sarge3_all.deb stable/main/source/phpbb2_2.0.13+1-6sarge3.diff.gz stable/main/binary-all/phpbb2-languages_2.0.13-6sarge3_all.deb phpbb2 (2.0.13+1-6sarge3) stable-security; urgency=high * Non-maintainer upload by the Security Team. * Fix arbitrary web script execution through missing input sanitising in Font Colour 3 variables. (CVE-2006-1896) stable/main/binary-sparc/perl-debug_5.8.4-8sarge5_sparc.deb stable/main/binary-sparc/perl-base_5.8.4-8sarge5_sparc.deb stable/main/binary-sparc/libperl5.8_5.8.4-8sarge5_sparc.deb stable/main/binary-sparc/libperl-dev_5.8.4-8sarge5_sparc.deb stable/main/binary-sparc/perl_5.8.4-8sarge5_sparc.deb stable/main/binary-sparc/perl-suid_5.8.4-8sarge5_sparc.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-s390/perl-base_5.8.4-8sarge5_s390.deb stable/main/binary-s390/libperl5.8_5.8.4-8sarge5_s390.deb stable/main/binary-s390/perl-suid_5.8.4-8sarge5_s390.deb stable/main/binary-s390/libperl-dev_5.8.4-8sarge5_s390.deb stable/main/binary-s390/perl_5.8.4-8sarge5_s390.deb stable/main/binary-s390/perl-debug_5.8.4-8sarge5_s390.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-powerpc/perl-base_5.8.4-8sarge5_powerpc.deb stable/main/binary-powerpc/perl-suid_5.8.4-8sarge5_powerpc.deb stable/main/binary-powerpc/perl-debug_5.8.4-8sarge5_powerpc.deb stable/main/binary-powerpc/libperl5.8_5.8.4-8sarge5_powerpc.deb stable/main/binary-powerpc/libperl-dev_5.8.4-8sarge5_powerpc.deb stable/main/binary-powerpc/perl_5.8.4-8sarge5_powerpc.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-mipsel/libperl5.8_5.8.4-8sarge5_mipsel.deb stable/main/binary-mipsel/perl-suid_5.8.4-8sarge5_mipsel.deb stable/main/binary-mipsel/perl_5.8.4-8sarge5_mipsel.deb stable/main/binary-mipsel/perl-base_5.8.4-8sarge5_mipsel.deb stable/main/binary-mipsel/libperl-dev_5.8.4-8sarge5_mipsel.deb stable/main/binary-mipsel/perl-debug_5.8.4-8sarge5_mipsel.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-mips/perl-suid_5.8.4-8sarge5_mips.deb stable/main/binary-mips/libperl5.8_5.8.4-8sarge5_mips.deb stable/main/binary-mips/perl-base_5.8.4-8sarge5_mips.deb stable/main/binary-mips/libperl-dev_5.8.4-8sarge5_mips.deb stable/main/binary-mips/perl-debug_5.8.4-8sarge5_mips.deb stable/main/binary-mips/perl_5.8.4-8sarge5_mips.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-m68k/libperl5.8_5.8.4-8sarge5_m68k.deb stable/main/binary-m68k/perl-debug_5.8.4-8sarge5_m68k.deb stable/main/binary-m68k/perl-base_5.8.4-8sarge5_m68k.deb stable/main/binary-m68k/perl_5.8.4-8sarge5_m68k.deb stable/main/binary-m68k/perl-suid_5.8.4-8sarge5_m68k.deb stable/main/binary-m68k/libperl-dev_5.8.4-8sarge5_m68k.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-ia64/perl-debug_5.8.4-8sarge5_ia64.deb stable/main/binary-ia64/perl-base_5.8.4-8sarge5_ia64.deb stable/main/binary-ia64/perl-suid_5.8.4-8sarge5_ia64.deb stable/main/binary-ia64/libperl5.8_5.8.4-8sarge5_ia64.deb stable/main/binary-ia64/libperl-dev_5.8.4-8sarge5_ia64.deb stable/main/binary-ia64/perl_5.8.4-8sarge5_ia64.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-hppa/perl-suid_5.8.4-8sarge5_hppa.deb stable/main/binary-hppa/perl-debug_5.8.4-8sarge5_hppa.deb stable/main/binary-hppa/libperl5.8_5.8.4-8sarge5_hppa.deb stable/main/binary-hppa/perl_5.8.4-8sarge5_hppa.deb stable/main/binary-hppa/libperl-dev_5.8.4-8sarge5_hppa.deb stable/main/binary-hppa/perl-base_5.8.4-8sarge5_hppa.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-arm/perl-suid_5.8.4-8sarge5_arm.deb stable/main/binary-arm/libperl-dev_5.8.4-8sarge5_arm.deb stable/main/binary-arm/perl_5.8.4-8sarge5_arm.deb stable/main/binary-arm/perl-base_5.8.4-8sarge5_arm.deb stable/main/binary-arm/perl-debug_5.8.4-8sarge5_arm.deb stable/main/binary-arm/libperl5.8_5.8.4-8sarge5_arm.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-alpha/perl-suid_5.8.4-8sarge5_alpha.deb stable/main/binary-alpha/libperl-dev_5.8.4-8sarge5_alpha.deb stable/main/binary-alpha/perl_5.8.4-8sarge5_alpha.deb stable/main/binary-alpha/libperl5.8_5.8.4-8sarge5_alpha.deb stable/main/binary-alpha/perl-base_5.8.4-8sarge5_alpha.deb stable/main/binary-alpha/perl-debug_5.8.4-8sarge5_alpha.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-i386/libperl-dev_5.8.4-8sarge5_i386.deb stable/main/source/perl_5.8.4-8sarge5.diff.gz stable/main/binary-all/libcgi-fast-perl_5.8.4-8sarge5_all.deb stable/main/source/perl_5.8.4-8sarge5.dsc stable/main/binary-i386/perl-debug_5.8.4-8sarge5_i386.deb stable/main/binary-i386/perl_5.8.4-8sarge5_i386.deb stable/main/binary-i386/libperl5.8_5.8.4-8sarge5_i386.deb stable/main/binary-all/perl-modules_5.8.4-8sarge5_all.deb stable/main/binary-i386/perl-suid_5.8.4-8sarge5_i386.deb stable/main/binary-i386/perl-base_5.8.4-8sarge5_i386.deb stable/main/binary-all/perl-doc_5.8.4-8sarge5_all.deb perl (5.8.4-8sarge5) stable; urgency=low * Apply upstream changes #23084 and #23085 to correct problems with the utf8/taint fix and Tk 804.27 . stable/main/binary-i386/pcmcia-modules-2.4.27-3-686-smp_3.2.5+2sarge1_i386.deb stable/main/binary-i386/pcmcia-modules-2.4.27-3-k6_3.2.5+2sarge1_i386.deb stable/main/binary-i386/pcmcia-modules-2.4.27-3-586tsc_3.2.5+2sarge1_i386.deb stable/main/source/pcmcia-modules-2.4.27-i386_3.2.5+2sarge1.tar.gz stable/main/source/pcmcia-modules-2.4.27-i386_3.2.5+2sarge1.dsc stable/main/binary-i386/pcmcia-modules-2.4.27-3-686_3.2.5+2sarge1_i386.deb stable/main/binary-i386/pcmcia-modules-2.4.27-3-k7_3.2.5+2sarge1_i386.deb stable/main/binary-i386/pcmcia-modules-2.4.27-3-386_3.2.5+2sarge1_i386.deb stable/main/binary-i386/pcmcia-modules-2.4.27-3-k7-smp_3.2.5+2sarge1_i386.deb pcmcia-modules-2.4.27-i386 (3.2.5+2sarge1) stable-security; urgency=low * Build against kernel-image-2.4.27-i386 2.4.27-10sarge2. * Export MODULE_LOC for all commands. * Remove unpack-stamp when cleaning. stable/main/binary-sparc/osiris_4.0.6-1sarge1_sparc.deb stable/main/binary-sparc/osirisd_4.0.6-1sarge1_sparc.deb stable/main/binary-sparc/osirismd_4.0.6-1sarge1_sparc.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-s390/osirismd_4.0.6-1sarge1_s390.deb stable/main/binary-s390/osirisd_4.0.6-1sarge1_s390.deb stable/main/binary-s390/osiris_4.0.6-1sarge1_s390.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-mipsel/osirismd_4.0.6-1sarge1_mipsel.deb stable/main/binary-mipsel/osirisd_4.0.6-1sarge1_mipsel.deb stable/main/binary-mipsel/osiris_4.0.6-1sarge1_mipsel.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-mips/osirismd_4.0.6-1sarge1_mips.deb stable/main/binary-mips/osirisd_4.0.6-1sarge1_mips.deb stable/main/binary-mips/osiris_4.0.6-1sarge1_mips.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-m68k/osirisd_4.0.6-1sarge1_m68k.deb stable/main/binary-m68k/osirismd_4.0.6-1sarge1_m68k.deb stable/main/binary-m68k/osiris_4.0.6-1sarge1_m68k.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-ia64/osirisd_4.0.6-1sarge1_ia64.deb stable/main/binary-ia64/osirismd_4.0.6-1sarge1_ia64.deb stable/main/binary-ia64/osiris_4.0.6-1sarge1_ia64.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-i386/osiris_4.0.6-1sarge1_i386.deb stable/main/binary-i386/osirisd_4.0.6-1sarge1_i386.deb stable/main/binary-i386/osirismd_4.0.6-1sarge1_i386.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-hppa/osirismd_4.0.6-1sarge1_hppa.deb stable/main/binary-hppa/osirisd_4.0.6-1sarge1_hppa.deb stable/main/binary-hppa/osiris_4.0.6-1sarge1_hppa.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-arm/osirismd_4.0.6-1sarge1_arm.deb stable/main/binary-arm/osiris_4.0.6-1sarge1_arm.deb stable/main/binary-arm/osirisd_4.0.6-1sarge1_arm.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-alpha/osirisd_4.0.6-1sarge1_alpha.deb stable/main/binary-alpha/osirismd_4.0.6-1sarge1_alpha.deb stable/main/binary-alpha/osiris_4.0.6-1sarge1_alpha.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-powerpc/osirisd_4.0.6-1sarge1_powerpc.deb stable/main/source/osiris_4.0.6-1sarge1.diff.gz stable/main/source/osiris_4.0.6-1sarge1.dsc stable/main/binary-powerpc/osirismd_4.0.6-1sarge1_powerpc.deb stable/main/binary-powerpc/osiris_4.0.6-1sarge1_powerpc.deb osiris (4.0.6-1sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Applied patch by Ulf Harnhammar to fix arbitrary code execution and other problems [osirisd/logging.c, osirismd/logging.c, CVE-2006-3120] stable/main/binary-sparc/openvpn_2.0-1sarge3_sparc.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-s390/openvpn_2.0-1sarge3_s390.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-powerpc/openvpn_2.0-1sarge3_powerpc.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-mipsel/openvpn_2.0-1sarge3_mipsel.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-mips/openvpn_2.0-1sarge3_mips.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-m68k/openvpn_2.0-1sarge3_m68k.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-ia64/openvpn_2.0-1sarge3_ia64.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-hppa/openvpn_2.0-1sarge3_hppa.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-arm/openvpn_2.0-1sarge3_arm.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-alpha/openvpn_2.0-1sarge3_alpha.deb openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/source/openvpn_2.0-1sarge3.dsc stable/main/binary-i386/openvpn_2.0-1sarge3_i386.deb stable/main/source/openvpn_2.0-1sarge3.diff.gz openvpn (2.0-1sarge3) stable-security; urgency=low * Sarge security release. - Applied upstream patches to disallow "setenv" to be pushed to clients from the server. (CVE-2006-1629) stable/main/binary-s390/openoffice.org-gtk-gnome_1.1.3-9sarge3_s390.deb stable/main/binary-s390/openoffice.org-bin_1.1.3-9sarge3_s390.deb stable/main/binary-s390/openoffice.org-kde_1.1.3-9sarge3_s390.deb stable/main/binary-s390/openoffice.org-evolution_1.1.3-9sarge3_s390.deb stable/main/binary-s390/openoffice.org-dev_1.1.3-9sarge3_s390.deb openoffice.org (1.1.3-9sarge3) stable-security; urgency=high * ooo-build/patches/OOO_1_1/sax-xml-2-utf8-converter-extra-1.1.x.diff: add addiitional patch for the file format patch needed for OOo < 1.1.5 stable/main/binary-powerpc/openoffice.org-gtk-gnome_1.1.3-9sarge3_powerpc.deb stable/main/binary-powerpc/openoffice.org-kde_1.1.3-9sarge3_powerpc.deb stable/main/binary-powerpc/openoffice.org-bin_1.1.3-9sarge3_powerpc.deb stable/main/binary-powerpc/openoffice.org-dev_1.1.3-9sarge3_powerpc.deb stable/main/binary-powerpc/openoffice.org-evolution_1.1.3-9sarge3_powerpc.deb openoffice.org (1.1.3-9sarge3) stable-security; urgency=high * ooo-build/patches/OOO_1_1/sax-xml-2-utf8-converter-extra-1.1.x.diff: add addiitional patch for the file format patch needed for OOo < 1.1.5 stable/main/binary-all/openoffice.org-l10n-hu_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-ca_1.1.3-9sarge3_all.deb stable/main/binary-i386/openoffice.org-dev_1.1.3-9sarge3_i386.deb stable/main/binary-all/openoffice.org-l10n-he_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-zu_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-eu_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-zh-tw_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-fr_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-gl_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-de_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-it_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-nb_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-el_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-en_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-kn_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-thesaurus-en-us_1.1.3-9sarge3_all.deb stable/main/binary-sparc/openoffice.org-dev_1.1.3-9sarge3_sparc.deb stable/main/binary-all/openoffice.org-l10n-nn_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-ko_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-zh-cn_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-da_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-sv_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-tr_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-af_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-fi_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-nl_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-ar_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-cy_1.1.3-9sarge3_all.deb stable/main/binary-i386/openoffice.org-bin_1.1.3-9sarge3_i386.deb stable/main/binary-i386/openoffice.org-evolution_1.1.3-9sarge3_i386.deb stable/main/binary-i386/openoffice.org-gtk-gnome_1.1.3-9sarge3_i386.deb stable/main/binary-all/openoffice.org-l10n-pt-br_1.1.3-9sarge3_all.deb stable/main/binary-sparc/openoffice.org-gtk-gnome_1.1.3-9sarge3_sparc.deb stable/main/binary-all/openoffice.org-l10n-pl_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-sk_1.1.3-9sarge3_all.deb stable/main/binary-all/ttf-opensymbol_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-th_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-cs_1.1.3-9sarge3_all.deb stable/main/source/openoffice.org_1.1.3-9sarge3.diff.gz stable/main/binary-all/openoffice.org-l10n-ru_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-mimelnk_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-es_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-ja_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-lt_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-sl_1.1.3-9sarge3_all.deb stable/main/binary-sparc/openoffice.org-evolution_1.1.3-9sarge3_sparc.deb stable/main/binary-sparc/openoffice.org-bin_1.1.3-9sarge3_sparc.deb stable/main/binary-sparc/openoffice.org-kde_1.1.3-9sarge3_sparc.deb stable/main/binary-all/openoffice.org-l10n-ns_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org_1.1.3-9sarge3_all.deb stable/main/binary-i386/openoffice.org-kde_1.1.3-9sarge3_i386.deb stable/main/binary-all/openoffice.org-l10n-hi_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-pt_1.1.3-9sarge3_all.deb stable/main/binary-all/openoffice.org-l10n-et_1.1.3-9sarge3_all.deb stable/main/source/openoffice.org_1.1.3-9sarge3.dsc stable/main/binary-all/openoffice.org-l10n-tn_1.1.3-9sarge3_all.deb openoffice.org (1.1.3-9sarge3) stable-security; urgency=high * ooo-build/patches/OOO_1_1/sax-xml-2-utf8-converter-extra-1.1.x.diff: add addiitional patch for the file format patch needed for OOo < 1.1.5 stable/main/binary-sparc/octaviz_0.4.0-10sarge1_sparc.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-s390/octaviz_0.4.0-10sarge1_s390.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-powerpc/octaviz_0.4.0-10sarge1_powerpc.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-mipsel/octaviz_0.4.0-10sarge1_mipsel.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-mips/octaviz_0.4.0-10sarge1_mips.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-m68k/octaviz_0.4.0-10sarge1_m68k.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-hppa/octaviz_0.4.0-10sarge1_hppa.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-arm/octaviz_0.4.0-10sarge1_arm.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/source/octaviz_0.4.0-10sarge1.diff.gz stable/main/source/octaviz_0.4.0-10sarge1.dsc stable/main/binary-i386/octaviz_0.4.0-10sarge1_i386.deb octaviz (0.4.0-10sarge1) stable; urgency=low +++ Changes by Thomas Weber * recompile to pick up correct Octave version (Closes: #341676, #304162) * Apply 40-cast-pointer-long.patch. This should bring all released stable architectures back in sync stable/main/binary-i386/ndiswrapper-modules-2.6.8-3-k7_1.1-2sarge1_i386.deb stable/main/binary-i386/ndiswrapper-modules-2.6.8-3-k7-smp_1.1-2sarge1_i386.deb stable/main/binary-i386/ndiswrapper-modules-2.6.8-3-386_1.1-2sarge1_i386.deb stable/main/binary-i386/ndiswrapper-modules-2.6.8-3-686_1.1-2sarge1_i386.deb stable/main/binary-i386/ndiswrapper-modules-2.6.8-3-686-smp_1.1-2sarge1_i386.deb stable/main/source/ndiswrapper-modules-i386_1.1-2sarge1.tar.gz stable/main/source/ndiswrapper-modules-i386_1.1-2sarge1.dsc ndiswrapper-modules-i386 (1.1-2sarge1) stable-security; urgency=high * Non-maintainer upload by the Security Team * Rebuild for -3 ABI stable/main/binary-sparc/ncompress_4.2.4-15sarge2_sparc.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-s390/ncompress_4.2.4-15sarge2_s390.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-mipsel/ncompress_4.2.4-15sarge2_mipsel.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-mips/ncompress_4.2.4-15sarge2_mips.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-m68k/ncompress_4.2.4-15sarge2_m68k.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-ia64/ncompress_4.2.4-15sarge2_ia64.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-i386/ncompress_4.2.4-15sarge2_i386.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-hppa/ncompress_4.2.4-15sarge2_hppa.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-arm/ncompress_4.2.4-15sarge2_arm.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-alpha/ncompress_4.2.4-15sarge2_alpha.deb ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/source/ncompress_4.2.4-15sarge2.diff.gz stable/main/binary-powerpc/ncompress_4.2.4-15sarge2_powerpc.deb stable/main/source/ncompress_4.2.4-15sarge2.dsc ncompress (4.2.4-15sarge2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Correction of the security patch by Ludwig Nussel [compress42.c, CVE-2006-1168] stable/main/binary-sparc/nagios-text_1.3-cvs.20050402-2.sarge.2_sparc.deb stable/main/binary-sparc/nagios-mysql_1.3-cvs.20050402-2.sarge.2_sparc.deb stable/main/binary-sparc/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_sparc.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-s390/nagios-mysql_1.3-cvs.20050402-2.sarge.2_s390.deb stable/main/binary-s390/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_s390.deb stable/main/binary-s390/nagios-text_1.3-cvs.20050402-2.sarge.2_s390.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-powerpc/nagios-text_1.3-cvs.20050402-2.sarge.2_powerpc.deb stable/main/binary-powerpc/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_powerpc.deb stable/main/binary-powerpc/nagios-mysql_1.3-cvs.20050402-2.sarge.2_powerpc.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-mipsel/nagios-text_1.3-cvs.20050402-2.sarge.2_mipsel.deb stable/main/binary-mipsel/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mipsel.deb stable/main/binary-mipsel/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mipsel.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-mips/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_mips.deb stable/main/binary-mips/nagios-text_1.3-cvs.20050402-2.sarge.2_mips.deb stable/main/binary-mips/nagios-mysql_1.3-cvs.20050402-2.sarge.2_mips.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-m68k/nagios-text_1.3-cvs.20050402-2.sarge.2_m68k.deb stable/main/binary-m68k/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_m68k.deb stable/main/binary-m68k/nagios-mysql_1.3-cvs.20050402-2.sarge.2_m68k.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-ia64/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_ia64.deb stable/main/binary-ia64/nagios-text_1.3-cvs.20050402-2.sarge.2_ia64.deb stable/main/binary-ia64/nagios-mysql_1.3-cvs.20050402-2.sarge.2_ia64.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-hppa/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_hppa.deb stable/main/binary-hppa/nagios-text_1.3-cvs.20050402-2.sarge.2_hppa.deb stable/main/binary-hppa/nagios-mysql_1.3-cvs.20050402-2.sarge.2_hppa.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-arm/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_arm.deb stable/main/binary-arm/nagios-mysql_1.3-cvs.20050402-2.sarge.2_arm.deb stable/main/binary-arm/nagios-text_1.3-cvs.20050402-2.sarge.2_arm.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-alpha/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_alpha.deb stable/main/binary-alpha/nagios-text_1.3-cvs.20050402-2.sarge.2_alpha.deb stable/main/binary-alpha/nagios-mysql_1.3-cvs.20050402-2.sarge.2_alpha.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-i386/nagios-mysql_1.3-cvs.20050402-2.sarge.2_i386.deb stable/main/source/nagios_1.3-cvs.20050402-2.sarge.2.diff.gz stable/main/binary-all/nagios-common_1.3-cvs.20050402-2.sarge.2_all.deb stable/main/binary-i386/nagios-pgsql_1.3-cvs.20050402-2.sarge.2_i386.deb stable/main/source/nagios_1.3-cvs.20050402-2.sarge.2.dsc stable/main/binary-i386/nagios-text_1.3-cvs.20050402-2.sarge.2_i386.deb nagios (2:1.3-cvs.20050402-2.sarge.2) stable-security; urgency=high * Non-maintainer upload by the Security Team * Add overflow protection for Content-Length [cgi/getcgi.c, debian/patches/99999_CVE-2006-2162.dpatch] stable/main/binary-sparc/libmysqlclient14-dev_4.1.11a-4sarge5_sparc.deb stable/main/binary-sparc/mysql-server-4.1_4.1.11a-4sarge5_sparc.deb stable/main/binary-sparc/libmysqlclient14_4.1.11a-4sarge5_sparc.deb stable/main/binary-sparc/mysql-client-4.1_4.1.11a-4sarge5_sparc.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-s390/libmysqlclient14_4.1.11a-4sarge5_s390.deb stable/main/binary-s390/libmysqlclient14-dev_4.1.11a-4sarge5_s390.deb stable/main/binary-s390/mysql-client-4.1_4.1.11a-4sarge5_s390.deb stable/main/binary-s390/mysql-server-4.1_4.1.11a-4sarge5_s390.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-powerpc/mysql-client-4.1_4.1.11a-4sarge5_powerpc.deb stable/main/binary-powerpc/libmysqlclient14-dev_4.1.11a-4sarge5_powerpc.deb stable/main/binary-powerpc/libmysqlclient14_4.1.11a-4sarge5_powerpc.deb stable/main/binary-powerpc/mysql-server-4.1_4.1.11a-4sarge5_powerpc.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-mipsel/mysql-client-4.1_4.1.11a-4sarge5_mipsel.deb stable/main/binary-mipsel/libmysqlclient14_4.1.11a-4sarge5_mipsel.deb stable/main/binary-mipsel/mysql-server-4.1_4.1.11a-4sarge5_mipsel.deb stable/main/binary-mipsel/libmysqlclient14-dev_4.1.11a-4sarge5_mipsel.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-mips/libmysqlclient14-dev_4.1.11a-4sarge5_mips.deb stable/main/binary-mips/mysql-client-4.1_4.1.11a-4sarge5_mips.deb stable/main/binary-mips/libmysqlclient14_4.1.11a-4sarge5_mips.deb stable/main/binary-mips/mysql-server-4.1_4.1.11a-4sarge5_mips.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-m68k/mysql-client-4.1_4.1.11a-4sarge5_m68k.deb stable/main/binary-m68k/libmysqlclient14-dev_4.1.11a-4sarge5_m68k.deb stable/main/binary-m68k/mysql-server-4.1_4.1.11a-4sarge5_m68k.deb stable/main/binary-m68k/libmysqlclient14_4.1.11a-4sarge5_m68k.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-ia64/libmysqlclient14_4.1.11a-4sarge5_ia64.deb stable/main/binary-ia64/mysql-client-4.1_4.1.11a-4sarge5_ia64.deb stable/main/binary-ia64/mysql-server-4.1_4.1.11a-4sarge5_ia64.deb stable/main/binary-ia64/libmysqlclient14-dev_4.1.11a-4sarge5_ia64.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-hppa/libmysqlclient14_4.1.11a-4sarge5_hppa.deb stable/main/binary-hppa/libmysqlclient14-dev_4.1.11a-4sarge5_hppa.deb stable/main/binary-hppa/mysql-server-4.1_4.1.11a-4sarge5_hppa.deb stable/main/binary-hppa/mysql-client-4.1_4.1.11a-4sarge5_hppa.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-arm/libmysqlclient14_4.1.11a-4sarge5_arm.deb stable/main/binary-arm/mysql-server-4.1_4.1.11a-4sarge5_arm.deb stable/main/binary-arm/libmysqlclient14-dev_4.1.11a-4sarge5_arm.deb stable/main/binary-arm/mysql-client-4.1_4.1.11a-4sarge5_arm.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-alpha/libmysqlclient14_4.1.11a-4sarge5_alpha.deb stable/main/binary-alpha/mysql-client-4.1_4.1.11a-4sarge5_alpha.deb stable/main/binary-alpha/libmysqlclient14-dev_4.1.11a-4sarge5_alpha.deb stable/main/binary-alpha/mysql-server-4.1_4.1.11a-4sarge5_alpha.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-all/mysql-common-4.1_4.1.11a-4sarge5_all.deb stable/main/binary-i386/mysql-client-4.1_4.1.11a-4sarge5_i386.deb stable/main/source/mysql-dfsg-4.1_4.1.11a-4sarge5.dsc stable/main/source/mysql-dfsg-4.1_4.1.11a-4sarge5.diff.gz stable/main/binary-i386/mysql-server-4.1_4.1.11a-4sarge5_i386.deb stable/main/binary-i386/libmysqlclient14_4.1.11a-4sarge5_i386.deb stable/main/binary-i386/libmysqlclient14-dev_4.1.11a-4sarge5_i386.deb mysql-dfsg-4.1 (4.1.11a-4sarge5) stable-security; urgency=low * Security upload prepared for the security team by the Debian MySQL package maintainers. * Fixed DoS bug where any user could crash the server with "SELECT str_to_date(1, NULL);" (CVE-2006-3081). The vulnerability was discovered by Kanatoko . Closes: #373913 * Fixed DoS bug where any user could crash the server with "SELECT date_format('%d%s', 1); (CVE-2006-3469). The vulnerability was discovered by Maillefer Jean-David and filed as MySQL bug #20729. Closes: #375694 stable/main/binary-sparc/mysql-server_4.0.24-10sarge2_sparc.deb stable/main/binary-sparc/libmysqlclient12-dev_4.0.24-10sarge2_sparc.deb stable/main/binary-sparc/mysql-client_4.0.24-10sarge2_sparc.deb stable/main/binary-sparc/libmysqlclient12_4.0.24-10sarge2_sparc.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-s390/mysql-server_4.0.24-10sarge2_s390.deb stable/main/binary-s390/libmysqlclient12-dev_4.0.24-10sarge2_s390.deb stable/main/binary-s390/libmysqlclient12_4.0.24-10sarge2_s390.deb stable/main/binary-s390/mysql-client_4.0.24-10sarge2_s390.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-mipsel/mysql-server_4.0.24-10sarge2_mipsel.deb stable/main/binary-mipsel/libmysqlclient12_4.0.24-10sarge2_mipsel.deb stable/main/binary-mipsel/mysql-client_4.0.24-10sarge2_mipsel.deb stable/main/binary-mipsel/libmysqlclient12-dev_4.0.24-10sarge2_mipsel.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-mips/libmysqlclient12_4.0.24-10sarge2_mips.deb stable/main/binary-mips/mysql-client_4.0.24-10sarge2_mips.deb stable/main/binary-mips/libmysqlclient12-dev_4.0.24-10sarge2_mips.deb stable/main/binary-mips/mysql-server_4.0.24-10sarge2_mips.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-m68k/libmysqlclient12-dev_4.0.24-10sarge2_m68k.deb stable/main/binary-m68k/mysql-client_4.0.24-10sarge2_m68k.deb stable/main/binary-m68k/libmysqlclient12_4.0.24-10sarge2_m68k.deb stable/main/binary-m68k/mysql-server_4.0.24-10sarge2_m68k.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-ia64/mysql-client_4.0.24-10sarge2_ia64.deb stable/main/binary-ia64/mysql-server_4.0.24-10sarge2_ia64.deb stable/main/binary-ia64/libmysqlclient12_4.0.24-10sarge2_ia64.deb stable/main/binary-ia64/libmysqlclient12-dev_4.0.24-10sarge2_ia64.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-i386/mysql-server_4.0.24-10sarge2_i386.deb stable/main/binary-i386/libmysqlclient12-dev_4.0.24-10sarge2_i386.deb stable/main/binary-i386/mysql-client_4.0.24-10sarge2_i386.deb stable/main/binary-i386/libmysqlclient12_4.0.24-10sarge2_i386.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-hppa/mysql-client_4.0.24-10sarge2_hppa.deb stable/main/binary-hppa/libmysqlclient12-dev_4.0.24-10sarge2_hppa.deb stable/main/binary-hppa/libmysqlclient12_4.0.24-10sarge2_hppa.deb stable/main/binary-hppa/mysql-server_4.0.24-10sarge2_hppa.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-arm/libmysqlclient12-dev_4.0.24-10sarge2_arm.deb stable/main/binary-arm/mysql-server_4.0.24-10sarge2_arm.deb stable/main/binary-arm/libmysqlclient12_4.0.24-10sarge2_arm.deb stable/main/binary-arm/mysql-client_4.0.24-10sarge2_arm.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-alpha/libmysqlclient12-dev_4.0.24-10sarge2_alpha.deb stable/main/binary-alpha/mysql-client_4.0.24-10sarge2_alpha.deb stable/main/binary-alpha/libmysqlclient12_4.0.24-10sarge2_alpha.deb stable/main/binary-alpha/mysql-server_4.0.24-10sarge2_alpha.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/source/mysql-dfsg_4.0.24-10sarge2.diff.gz stable/main/binary-powerpc/mysql-client_4.0.24-10sarge2_powerpc.deb stable/main/binary-powerpc/libmysqlclient12_4.0.24-10sarge2_powerpc.deb stable/main/source/mysql-dfsg_4.0.24-10sarge2.dsc stable/main/binary-powerpc/libmysqlclient12-dev_4.0.24-10sarge2_powerpc.deb stable/main/binary-all/mysql-common_4.0.24-10sarge2_all.deb stable/main/binary-powerpc/mysql-server_4.0.24-10sarge2_powerpc.deb mysql-dfsg (4.0.24-10sarge2) stable-security; urgency=low * Security upload prepared for the security team by the debian mysql package maintainers. * Extracted upstream patch to fix from the diff of 4.1.18 and 4.1.19 to fix the following bugs: - When sending a specifically malformed login packet, the server fills the response with uninitialized memory content which could contain sensitive information. (CVE-2006-1516) - An authenticated user could read random memory from MySQL server, by taking advantage of a non checked packet length. (CVE-2006-1517) - An authenticated user could remotely execute arbitrary commands by taking advantage of a stack overflow. (CVE-2006-1518) Closes: #366043, #366048 * Backported upstream patch to fix a bug which allows local users to bypass logging mechanisms via SQL queries that contain the NULL character. (CVE-2006-0903). Closes: #366162 stable/main/binary-sparc/mutt_1.5.9-2sarge2_sparc.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-s390/mutt_1.5.9-2sarge2_s390.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-powerpc/mutt_1.5.9-2sarge2_powerpc.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-mipsel/mutt_1.5.9-2sarge2_mipsel.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-mips/mutt_1.5.9-2sarge2_mips.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-m68k/mutt_1.5.9-2sarge2_m68k.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-ia64/mutt_1.5.9-2sarge2_ia64.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-hppa/mutt_1.5.9-2sarge2_hppa.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-arm/mutt_1.5.9-2sarge2_arm.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-alpha/mutt_1.5.9-2sarge2_alpha.deb mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/main/binary-i386/mutt_1.5.9-2sarge2_i386.deb stable/main/source/mutt_1.5.9-2sarge2.diff.gz stable/main/source/mutt_1.5.9-2sarge2.dsc mutt (1.5.9-2sarge2) stable-security; urgency=high * Fix buffer overflow in IMAP parsing code stable/non-free/binary-i386/mpg123-oss-i486_0.59r-20sarge1_i386.deb stable/non-free/binary-powerpc/mpg123-esd_0.59r-20sarge1_powerpc.deb stable/non-free/source/mpg123_0.59r-20sarge1.dsc stable/non-free/binary-hppa/mpg123_0.59r-20sarge1_hppa.deb stable/non-free/binary-i386/mpg123-nas_0.59r-20sarge1_i386.deb stable/non-free/binary-sparc/mpg123_0.59r-20sarge1_sparc.deb stable/non-free/binary-alpha/mpg123-esd_0.59r-20sarge1_alpha.deb stable/non-free/binary-powerpc/mpg123_0.59r-20sarge1_powerpc.deb stable/non-free/binary-i386/mpg123_0.59r-20sarge1_i386.deb stable/non-free/binary-alpha/mpg123_0.59r-20sarge1_alpha.deb stable/non-free/binary-arm/mpg123_0.59r-20sarge1_arm.deb stable/non-free/source/mpg123_0.59r-20sarge1.diff.gz stable/non-free/binary-m68k/mpg123_0.59r-20sarge1_m68k.deb stable/non-free/binary-i386/mpg123-esd_0.59r-20sarge1_i386.deb stable/non-free/binary-i386/mpg123-oss-3dnow_0.59r-20sarge1_i386.deb mpg123 (0.59r-20sarge1) stable-security; urgency=high * layer3.c: Fix buffer overflow in III_i_stereo() (CVE-2006-1655). Closes: #361863 stable/main/binary-sparc/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_sparc.deb stable/main/binary-sparc/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_sparc.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-s390/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_s390.deb stable/main/binary-s390/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_s390.deb stable/main/binary-s390/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_s390.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-powerpc/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_powerpc.deb stable/main/binary-powerpc/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_powerpc.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-mipsel/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mipsel.deb stable/main/binary-mipsel/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mipsel.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-mips/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_mips.deb stable/main/binary-mips/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_mips.deb stable/main/binary-mips/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_mips.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-m68k/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_m68k.deb stable/main/binary-m68k/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_m68k.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-ia64/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_ia64.deb stable/main/binary-ia64/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_ia64.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-hppa/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_hppa.deb stable/main/binary-hppa/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_hppa.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-arm/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_arm.deb stable/main/binary-arm/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_arm.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-alpha/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_alpha.deb stable/main/binary-alpha/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_alpha.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/source/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.dsc stable/main/binary-i386/mozilla-thunderbird-dev_1.0.2-2.sarge1.0.8b.1_i386.deb stable/main/source/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1.diff.gz stable/main/binary-i386/mozilla-thunderbird_1.0.2-2.sarge1.0.8b.1_i386.deb stable/main/binary-i386/mozilla-thunderbird-inspector_1.0.2-2.sarge1.0.8b.1_i386.deb stable/main/binary-i386/mozilla-thunderbird-typeaheadfind_1.0.2-2.sarge1.0.8b.1_i386.deb stable/main/binary-i386/mozilla-thunderbird-offline_1.0.2-2.sarge1.0.8b.1_i386.deb mozilla-thunderbird (1.0.2-2.sarge1.0.8b.1) stable-security; urgency=critical Patches listed below are in debian/patches/tbird-1.0.8a-1.0.8b * regression fixes: + 0003-regression-343713-was-introduced-by-fix-for-mfsa2006-31-336601.txt + 0004-regression-336875-was-introduced-by-fix-for-mfsa2006-31-336601.txt * late security patches left out in 2:1.7.8-1sarge7.1 CVE-2006-2779 (Issue 2/6) aka mfsa2006-32 (Part 2/7) + 0001-mfsa2006-32-325730-329982-Part-2-7.txt + 0002-mfsa2006-32-325730-329982-Part-2-7.txt * new security patches: CVE-2006-3805 (mfsa2006-50 Part 1) comprises 4 issues whose patches are: + 338804 - 0005-CVE-2006-3805-mfsa2006-50-Part-1-2-338804-Part-1-4.txt + 340129 - 0006-CVE-2006-3805-mfsa2006-50-Part-1-2-340129-Part-2-4.txt + 341877 - 0007-CVE-2006-3805-mfsa2006-50-Part-1-2-341877-Part-3-4.txt + 341956 - 0008-CVE-2006-3805-mfsa2006-50-Part-1-2-341956-Part-4-4.txt CVE-2006-3806 (mfsa2006-50 Part 2) comprises 4 issues: + 336409 - 0009-CVE-2006-3806-mfsa2006-50-Part-2-2-336409-Part-1-5.txt + 336410 - 0010-CVE-2006-3806-mfsa2006-50-Part-2-2-336410-Part-2-5.txt + 338001 - 0011-CVE-2006-3806-mfsa2006-50-Part-2-2-338001-Part-3-5.txt + 338121 - 0012-CVE-2006-3806-mfsa2006-50-Part-2-2-338121-Part-4-5.txt + 342960 - 0013-CVE-2006-3806-mfsa2006-50-Part-2-2-342960-Part-5-5.txt CVE-2006-3807 (mfsa2006-51) comprises 1 issue: + 340727 - 0014-CVE-2006-3807-mfsa2006-51-340727.txt CVE-2006-3808 (mfsa2006-52) comprises 1 issue: + 337389 - 0015-CVE-2006-3808-mfsa2006-52-337389.txt CVE-2006-3809 (mfsa2006-53) comprises 1 issue: + 340107 - 0016-CVE-2006-3809-mfsa2006-53-340107.txt CVE-2006-3810 (mfsa2006-55) comprises 6 issue: + 284219 - 0017-CVE-2006-3811-mfsa2006-55-284219-Part-1-6.txt + 329900 - 0018-CVE-2006-3811-mfsa2006-55-329900-Part-2-6.txt + 331679 - 0019-CVE-2006-3811-mfsa2006-55-331679-Part-3-6.txt + 336162 - 0020-CVE-2006-3811-mfsa2006-55-336162-Part-4-6.txt - 0023-CVE-2006-3811-mfsa2006-55-336162-Part-4-6-2nd-bits.txt + 337462 - 0021-CVE-2006-3811-mfsa2006-55-337462-Part-5-6.txt + 338129 - 0022-CVE-2006-3811-mfsa2006-55-338129-Part-6-6.txt stable/main/binary-sparc/mozilla-firefox_1.0.4-2sarge9_sparc.deb stable/main/binary-sparc/mozilla-firefox-dom-inspector_1.0.4-2sarge9_sparc.deb stable/main/binary-sparc/mozilla-firefox-gnome-support_1.0.4-2sarge9_sparc.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-s390/mozilla-firefox-gnome-support_1.0.4-2sarge9_s390.deb stable/main/binary-s390/mozilla-firefox_1.0.4-2sarge9_s390.deb stable/main/binary-s390/mozilla-firefox-dom-inspector_1.0.4-2sarge9_s390.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-powerpc/mozilla-firefox-dom-inspector_1.0.4-2sarge9_powerpc.deb stable/main/binary-powerpc/mozilla-firefox-gnome-support_1.0.4-2sarge9_powerpc.deb stable/main/binary-powerpc/mozilla-firefox_1.0.4-2sarge9_powerpc.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-mipsel/mozilla-firefox_1.0.4-2sarge9_mipsel.deb stable/main/binary-mipsel/mozilla-firefox-gnome-support_1.0.4-2sarge9_mipsel.deb stable/main/binary-mipsel/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mipsel.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-mips/mozilla-firefox_1.0.4-2sarge9_mips.deb stable/main/binary-mips/mozilla-firefox-gnome-support_1.0.4-2sarge9_mips.deb stable/main/binary-mips/mozilla-firefox-dom-inspector_1.0.4-2sarge9_mips.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-m68k/mozilla-firefox_1.0.4-2sarge9_m68k.deb stable/main/binary-m68k/mozilla-firefox-dom-inspector_1.0.4-2sarge9_m68k.deb stable/main/binary-m68k/mozilla-firefox-gnome-support_1.0.4-2sarge9_m68k.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-ia64/mozilla-firefox_1.0.4-2sarge9_ia64.deb stable/main/binary-ia64/mozilla-firefox-gnome-support_1.0.4-2sarge9_ia64.deb stable/main/binary-ia64/mozilla-firefox-dom-inspector_1.0.4-2sarge9_ia64.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-hppa/mozilla-firefox_1.0.4-2sarge9_hppa.deb stable/main/binary-hppa/mozilla-firefox-dom-inspector_1.0.4-2sarge9_hppa.deb stable/main/binary-hppa/mozilla-firefox-gnome-support_1.0.4-2sarge9_hppa.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-arm/mozilla-firefox_1.0.4-2sarge9_arm.deb stable/main/binary-arm/mozilla-firefox-gnome-support_1.0.4-2sarge9_arm.deb stable/main/binary-arm/mozilla-firefox-dom-inspector_1.0.4-2sarge9_arm.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-alpha/mozilla-firefox_1.0.4-2sarge9_alpha.deb stable/main/binary-alpha/mozilla-firefox-gnome-support_1.0.4-2sarge9_alpha.deb stable/main/binary-alpha/mozilla-firefox-dom-inspector_1.0.4-2sarge9_alpha.deb mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-i386/mozilla-firefox-dom-inspector_1.0.4-2sarge9_i386.deb stable/main/binary-i386/mozilla-firefox-gnome-support_1.0.4-2sarge9_i386.deb stable/main/binary-i386/mozilla-firefox_1.0.4-2sarge9_i386.deb stable/main/source/mozilla-firefox_1.0.4-2sarge9.diff.gz stable/main/source/mozilla-firefox_1.0.4-2sarge9.dsc mozilla-firefox (1.0.4-2sarge9) stable-security; urgency=critical * content/xul/templates/src/nsXULContentUtils.cpp, content/xul/templates/src/nsXULSortService.cpp: A couple of patches from Alexander Sack to fix regressions caused by the previous security fixes. stable/main/binary-sparc/mozilla-browser_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/libnspr-dev_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-js-debugger_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-calendar_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-psm_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-dom-inspector_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-chatzilla_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-dev_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/libnss-dev_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/mozilla-mailnews_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/libnspr4_1.7.8-1sarge7.1_sparc.deb stable/main/binary-sparc/libnss3_1.7.8-1sarge7.1_sparc.deb mozilla (2:1.7.8-1sarge7.1) stable-security; urgency=critical * dropped mozilla 1.7.14 patches in debian/patches that fix various security issues: + CVE-2006-2787 : 1_0001-mfsa2006-31-319263-336601-336313.txt + CVE-2006-2786 1/2 : 1_0002-mfsa2006-33-Part-1-2-329746.txt + CVE-2006-2786 2/2 : 1_0003-mfsa2006-33-Part-2-2-330214.txt + CVE-2006-2785 2/2 : 1_0004-mfsa2006-34-Part2-2-329521-suite.txt + CVE-2006-2775 : 1_0005-mfsa2006-35-329677.txt 1_0023-mfsa2006-35-335142-regression-1-2-for-329677.txt 1_0024-mfsa2006-35-337841-regression-part-2-2-for-329677.txt + CVE-2006-2784 : 1_0006-mfsa2006-36-330037.txt + CVE-2006-2776 : 1_0007-mfsa2006-37-330773-with-belt-and-braces.txt + CVE-2006-2778 : 1_0008-mfsa2006-38-330897.txt + CVE-2006-1942 : 1_0009-mfsa2006-39-CVE-2006-1942-334341-suite.txt + CVE-2006-2781 : 1_0010-mfsa2006-40-334384.txt + CVE-2006-2782 : 1_0011-mfsa2006-41-334977.txt + CVE-2006-2783 : 1_0012-mfsa2006-42-335816.txt + CVE-2006-2777 : 1_0013-mfsa2006-43-336830.txt + CVE-2006-2779 3/6 : 1_0014-mfsa2006-32-Part-3-7-326501.txt + CVE-2006-2779 4/6 : 1_0015-mfsa2006-32-Part-4a-7-326931.txt + CVE-2006-2785 2/2 : 1_0015-mfsa2006-34-Part-1-2-xpfe-329468-suite.txt + CVE-2006-2779 4/6 : 1_0016-mfsa2006-32-Part-4b-7-329219.txt + CVE-2006-2779 4/6 : 1_0017-mfsa2006-32-Part-4c-7-330818-proper-aviary.txt + CVE-2006-2779 6/6 : 1_0018-mfsa2006-32-Part-6-7-332971.txt + CVE-2006-2780 : 1_0019-js-src-jsstr.c-335535-mfsa2006-32-Part-7-7.txt + CVE-2006-2779 5/6 : 1_0021-mfsa2006-32-Part-5-7-327712.txt * Note: CVE-2006-2779 (mfsa2006-32) is only partially fixed. Missing are tricky parts 1/6 and 2/6 from advisory: 1/6: Removing nested