from:"Steve Kemp"

[SECURITY] [DSA-2158-1] cgiirc security update

2011-02-10 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-2158-1  secur...@debian.org
http://www.debian.org/security/   Steve Kemp
February 9, 2011  http://www.debian.org/security/faq
- 

Package: cgiirc
Vulnerability  : cross-site scripting
Problem type   : local
Debian-specific: no
CVE ID : CVE-2011-0050

Michael Brooks (Sitewatch) discovered a reflective XSS flaw in
cgiirc, a web based IRC client, which could lead to the execution
of arbitrary javascript.

For the old-stable distribution (lenny), this problem has been fixed in
version 0.5.9-3lenny1.

For the stable distribution (squeeze), and unstable distribution (sid),
this problem will be fixed shortly.

We recommend that you upgrade your cgiirc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk1TB8gACgkQwM/Gs81MDZ3jaQCglAutQanent4qxHuBCtV5ycLz
2qoAn1ARj+1zU5rK64N0rlmA15VbUn8B
=72nd
-END PGP SIGNATURE-

[SECURITY] [DSA-2156-1] pcscd security update

2011-01-31 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-2156-1  secur...@debian.org
http://www.debian.org/security/   Steve Kemp
January 31, 2011  http://www.debian.org/security/faq
- 

Package: pcscd
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE ID : CVE-2010-4531

MWR InfoSecurity identified a buffer overflow in pcscd, middleware
to access a smart card via PC/SC, which could lead to the execution
of arbitrary code.

For the stable distribution (lenny), this problem has been fixed in
version 1.4.102-1+lenny4.

For the testing distribution (squeeze), this problem has been fixed in
version 1.5.5-4.

For the unstable distribution (sid), this problem has been fixed in
version 1.5.5-4.

We recommend that you upgrade your pcscd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org


-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk1GmzEACgkQwM/Gs81MDZ16QACgtj//ggRf90v63iYv0M3NChBH
Qo4An2eHPeNMFlNqPcK2OAe5EzQ+6tRo
=CaqX
-END PGP SIGNATURE-

[SECURITY] [DSA 2147-1] Security update for pimd

2011-01-17 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -
Debian Security Advisory DSA-2147-1   secur...@debian.org
http://www.debian.org/security/Steve Kemp
January 16, 2011   http://www.debian.org/security/faq
- -

Package: pimd
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE ID : CVE-2011-0007

Vincent Bernat discovered that pimd, a multicast routing daemon, creates
files with predictable names upon the receipt of particular signals.

For the stable distribution (lenny), this problem has been fixed in
version 2.1.0-alpha29.17-8.1lenny1.

The testing distribution (squeeze) and the unstable distribution (sid)
will receive updates shortly.

We recommend that you upgrade your pimd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-annou...@lists.debian.org

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAk0zA3UACgkQwM/Gs81MDZ2ZYwCfRRqE/K+mw1xff/9Rct11Oeob
/HIAoMtm+Umsn24VfQcBtri6emmHzoZS
=pYkp
-END PGP SIGNATURE-

[SECURITY] [DSA 1668-1] New hf packages fix execution of arbitrary code

2008-11-22 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1668-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
November 22, 2008 http://www.debian.org/security/faq
- 

Package: hf
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-2378
Debian Bug : 504182

Steve Kemp discovered that hf, an amateur-radio protocol suite using 
a soundcard as a modem, insecurely tried to execute an external command
which could lead to the elevation of privileges for local users.

For the stable distribution (etch), this problem has been fixed in version
0.7.3-4etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.8-8.1.

We recommend that you upgrade your hf package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.diff.gz
Size/MD5 checksum:48134 aedcfbf8d991ebee97c1b1a57f677c32
  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3.orig.tar.gz
Size/MD5 checksum:   776437 78d855ea6fccdd5fd1d1ee19d2fd5ea1
  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1.dsc
Size/MD5 checksum:  665 c225ea8d68cac81421a85f960c26942c

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_alpha.deb
Size/MD5 checksum:   734206 5bd691c27b46f64ce98c68a48e0798ab

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_amd64.deb
Size/MD5 checksum:   690954 c966ca05f946b97569b38c9dccc7a80f

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_arm.deb
Size/MD5 checksum:   664202 aad2e7d38d7b6724f2e842e8048bf840

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_hppa.deb
Size/MD5 checksum:   731050 412d07e8cf470eba24b4a63994d3bb76

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_i386.deb
Size/MD5 checksum:   656534 10eaf8da9cd5deaa7fc0cc655df9e28c

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_ia64.deb
Size/MD5 checksum:   898636 2caa75fb4af2f56bd5ccfbf5b0387368

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mips.deb
Size/MD5 checksum:   705444 f41f671e6fc8a5980566c261dc3a6ee9

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_mipsel.deb
Size/MD5 checksum:   698476 6e9465ba686b513e22a023f31d4f8980

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_powerpc.deb
Size/MD5 checksum:   689566 3a6b281bb7a0fc7ae0d9bdba1e40dff6

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_s390.deb
Size/MD5 checksum:   661218 315d7ac125355a89b4a6e253a6fb0172

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/h/hf/hf_0.7.3-4etch1_sparc.deb
Size/MD5 checksum:   656572 86bb446f37a7801a26859d3db1a177c5


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJJ+X2wM/Gs81MDZ0RAvDvAKC2QslfDIGoZ8Kr3KDVFByYDPkEEwCfU8zU
8CxLLsV531z7KaGZJ96QtEM=
=4wBU
-END PGP SIGNATURE-

[SECURITY] [DSA 1657-1] New qemu packages fix denial of service

2008-10-20 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1657-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 20, 2008  http://www.debian.org/security/faq
- 


Package: qemu
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-4553
Debian Bug : 496394

Dmitry E. Oboukhov discovered that the qemu-make-debian-root script in qemu,
fast processor emulator, creates temporary files insecurely, which may lead
to a local denial of service through symlink attacks.

For the stable distribution (etch), this problem has been fixed in
version 0.8.2-4etch2.

For the testing (lenny) and unstable distribution (sid), this problem has
been fixed in version 0.9.1-6.

We recommend that you upgrade your qemu package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.dsc
Size/MD5 checksum: 1130 fd503742c9e3e64be60f8ff265f05edc
  http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2.orig.tar.gz
Size/MD5 checksum:  1501979 312eebc1386cca2e9b30a40763ab9c0d
  http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2.diff.gz
Size/MD5 checksum:65528 6b47c99fa9e0e99e4af47d5417bc497b

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_amd64.deb
Size/MD5 checksum:  3697974 1e88b4385a82864d386fe57608c8617a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_i386.deb
Size/MD5 checksum:  3676128 cd73888cc1915af94792085994b946e3

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/q/qemu/qemu_0.8.2-4etch2_powerpc.deb
Size/MD5 checksum:  3578592 86133e0b1804cc53f78f8eb71779a337


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFI/OoqwM/Gs81MDZ0RAi1KAJ9u7MPZCS56SYaALfmEYuN6GP7/eACeLmqE
81SKUu5vlFvKQDlu8IwoLE0=
=Szbv
-END PGP SIGNATURE-

[SECURITY] [DSA 1654-1] New libxml2 packages fix execution of arbitrary code

2008-10-14 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1654-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 14, 2008  http://www.debian.org/security/faq
- 

Package: libxml2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-3529
Debian Bug : 498768

It was discovered that libxml2, the GNOME XML library, didn't correctly
handle long entity names.  This could allow the execution of arbitrary
code via a malicious XML file.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-5.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-4.

We recommend that you upgrade your libxml2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.diff.gz
Size/MD5 checksum:   220443 48cafbb8d1bd2c6093339fea3f14e4a0
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5.dsc
Size/MD5 checksum:  893 0dc1f183dd20741e5b4e26a7f8e1c652

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-5_all.deb
Size/MD5 checksum:  1328144 c1c5f0ceb391893a94e61c074b677ee9

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum:   820850 fac5556241bb0fde20913f25fb9c73ac
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum:37980 725b1c6925e610b5843ba0ad554dc7bc
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum:   184754 5ccbaf07b44dcfe528167074050bf270
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum:   916830 17d71480b7e2a447dabde99c11d752fa
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_alpha.deb
Size/MD5 checksum:   881834 cac19a28b37f7afb9e07966f44ddd5b2

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum:   184130 a13372752d162d0fb2ccd58da6b73e20
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum:36684 8a0265229bebf9245dc7bb7cc6f41d36
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum:   796194 6019e59020269cca8fa8fea40f83c118
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum:   891922 606fc28448bead2709c39a1d3e529a25
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_amd64.deb
Size/MD5 checksum:   745758 95bd39eb2818772c43c3351b22326fcd

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum:   741876 1b670c6bac3aa9f7df28f7ea3f1e5725
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum:34678 9a992dc251b137a919a813eed2af8489
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum:   165290 732b4e94b91a086c6b950d187af160bc
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum:   817514 299c93a812ac02a8aa9da88f4cb5aedf
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-5_arm.deb
Size/MD5 checksum:   673192 d2ff2c26ee8dae05f81c24aa6dfce9b5

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-5_hppa.deb
Size/MD5 checksum:   191876 4d2e33090237b47bc10e9526329f0bc5
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg

[SECURITY] [DSA-1645-1] New lighttpd packages fix various problems

2008-10-06 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1645-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 06, 2008  http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : various
Problem type   : remote
Debian-specific: No
CVE Id(s)  : CVE-2008-4298 CVE-2008-4359 CVE-2008-4360

Several local/remote vulnerabilities have been discovered in lighttpd,
a fast webserver with minimal memory footprint. 

The Common Vulnerabilities and Exposures project identifies the following 
problems:

CVE-2008-4298
A memory leak in the http_request_parse function could be used by
remote attackers to cause lighttpd to consume memory, and cause a
denial of service attack.

CVE-2008-4359
Inconsistent handling of URL patterns could lead to the disclosure
of resources a server administrator did not anticipate when using
rewritten URLs.

CVE-2008-4360
Upon file systems which don't handle case-insensitive paths differently
it might be possible that unanticipated resources could be made available
by mod_userdir.

For the stable distribution (etch), these problems have been fixed in version
1.4.13-4etch11.

For the unstable distribution (sid), these problems will be fixed shortly.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.dsc
Size/MD5 checksum: 1108 d747ed7b2063ad6696064bf821c50a00
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11.diff.gz
Size/MD5 checksum:38244 c6de19903fcf9972a3db86af50c3dfb6

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch11_all.deb
Size/MD5 checksum:   100436 4b00f0a8ec894c84f01e0924121ddc16

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:   298530 b1ebecc6e7bf459f367d7cd697cfc826
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:70718 17ccecf27a1fd3889cafbcf99b438959
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:64420 7eeeab5dac95d1318f7c0ccafdc88db3
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:59536 8c6c8f79f475e1168e7c6034fab19e7e
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:61266 51b5201427b3ef3b14f1fd8346a2be69
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_amd64.deb
Size/MD5 checksum:64070 d2558ad437f37b51370649f61bd594fa

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch11_arm.deb
Size/MD5 checksum:70076 9e71864930a9b029faa7d06cb83ad368
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch11_arm.deb
Size/MD5 checksum:61170 bf9adc9694e8079789f74c1ef7f159d7
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_arm.deb
Size/MD5 checksum:63226 613c8ac801f2897c61e9ff0e2da39e64
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch11_arm.deb
Size/MD5 checksum:59046 939e326f979ffd4ec524a37398a9a668
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_arm.deb
Size/MD5 checksum:   287252 373373dbe20c5073e93e8ecb2a7c293e
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch11_arm.deb
Size/MD5 checksum:63434 b653d9e0dfefb364724ea7495cd98c39

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch11_hppa.deb
Size/MD5 checksum:   324728 73b5dd3a1ffd0f0b0190ff0cdf95
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch11_hppa.deb
Size/MD5

[SECURITY] [DSA 1639-1] New twiki packages execution of arbitrary code

2008-09-19 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1639-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 19, 2008http://www.debian.org/security/faq
- 

Package: twiki
Vulnerability  : command execution
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-3195
Debian Bug : 499534 

It was discovered that twiki, a web based collaboration platform,
didn't properly sanitize the image parameter in its configuration script.
This could allow remote users to execute arbitrary commands upon the 
system, or read any files which were readable by the webserver user.

For the stable distribution (etch), this problem has been fixed in version
1:4.0.5-9.1etch1.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your twiki package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.dsc
Size/MD5 checksum:  657 402a4ba19643a0a537c9f790bd03c9d0
  http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5.orig.tar.gz
Size/MD5 checksum:  4264148 d984b90886c12601b76f51419bb5352b
  
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1.diff.gz
Size/MD5 checksum:40238 265511661493e751ffce5ba2b00c1555

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/t/twiki/twiki_4.0.5-9.1etch1_all.deb
Size/MD5 checksum:  4254028 cd6524136eca86aefb207cc86abce619


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFI0/xqwM/Gs81MDZ0RAuyxAKDkEOe+fr78WK0CUe56xuVypEmB2ACg097f
dvE1s1Hj/XgkcgG1Y4PDwno=
=hzuq
-END PGP SIGNATURE-

[SECURITY] [DSA 1635-1] New freetype packages fix multiple vulnerabilities

2008-09-10 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1635-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 10, 2008   http://www.debian.org/security/faq
- 

Package: freetype
Vulnerability  : multiple
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-1806 CVE-2008-1807 CVE-2008-1808

Several local vulnerabilities have been discovered in freetype,
a FreeType 2 font engine, which could allow the execution of arbitrary
code.

The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2008-1806
An integer overflow allows context-dependent attackers to execute
arbitrary code via a crafted set of values within the Private
dictionary table in a Printer Font Binary (PFB) file.

CVE-2008-1807
The handling of an invalid number of axes field in the PFB file could
trigger the freeing of aribtrary memory locations, leading to 
memory corruption.

CVE-2008-1808
Multiple off-by-one errors allowed the execution of arbitrary code
via malformed tables in PFB files, or invalid SHC instructions in
TTF files.


For the stable distribution (etch), these problems have been fixed in version
2.2.1-5+etch3.

For the unstable distribution (sid), these problems have been fixed in
version 2.3.6-1.

We recommend that you upgrade your freetype package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.diff.gz
Size/MD5 checksum:33815 16f3a9f45c8ba0743fcce4db637b11bf
  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch3.dsc
Size/MD5 checksum:  806 5a9af398d4749d9b1da47b6d9dbab821

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_alpha.deb
Size/MD5 checksum:   169018 c99046707c48ee95504b3584e3acaffa
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_alpha.deb
Size/MD5 checksum:   733276 3db91ded5b0de609d968ab8e53920289
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_alpha.deb
Size/MD5 checksum:   386320 bf7f4273b546ef4826416b2b33e4f94a
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_alpha.udeb
Size/MD5 checksum:   279290 57b6163945dcedbc6269f4a9779c0fd1

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_amd64.deb
Size/MD5 checksum:   673858 0501dce4dff1621ecee0e2ce3eaef4aa
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_amd64.udeb
Size/MD5 checksum:   248168 9b5d402a5937e847a5e950384421d86c
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_amd64.deb
Size/MD5 checksum:   151546 2a6ff47137700ff8730440ccd7f7d151
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_amd64.deb
Size/MD5 checksum:   355500 87b2fb3932e86863c46c74916c1a5dde

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch3_arm.deb
Size/MD5 checksum:   646720 cd1705ecfef442f90d80e1fb83db292c
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_arm.deb
Size/MD5 checksum:   333838 060a4e7f6977045c5d7f35a721edc041
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_arm.deb
Size/MD5 checksum:   134028 e6dcac8b5abd633c83547bd34515dd82
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_arm.udeb
Size/MD5 checksum:   227294 41c45c91535b5325ae06649a1e4a3b1c

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch3_hppa.deb
Size/MD5 checksum:   369068 3bcfc3bbe665b9aae3b3933b25a04661
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch3_hppa.udeb
Size/MD5 checksum:   260548 5cc41d234eea28201f11485b610fb046
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch3_hppa.deb
Size/MD5 checksum:   151538

[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service

2008-08-26 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1631-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 26, 2008   http://www.debian.org/security/faq
- 

Package: libxml2
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-3281

The previous security update of the libxml2 package introduced
some problems with other packages, most notably with librsvg.
This update corrects these problems whilst still fixing the
reported scurity problem.

For reference the text of the previous security announcement
follows:

Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU  memory resources were exhausted.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-4.

For the unstable distribution (sid), this problem has been fixed in
version 2.6.32.dfsg-3.

We recommend that you upgrade your libxml2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.dsc
Size/MD5 checksum:  893 71d8dbd9fb4d082a273289513941da33
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4.diff.gz
Size/MD5 checksum:   145887 5579bcc5d4fb2e33789853d826e265a3

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-4_all.deb
Size/MD5 checksum:  1328140 adb1d2d477eacbaf8347aa50eac782bb

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_alpha.deb
Size/MD5 checksum:   820516 31ef1df11042703555ae2be4cd070d77
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_alpha.deb
Size/MD5 checksum:   881632 3ed598806d32756af480a32db50d29bb
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_alpha.deb
Size/MD5 checksum:   184762 9dcde3e1f90ff7dfc42b2c8ce0c0e24e
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_alpha.deb
Size/MD5 checksum:   916300 ed1c5f1efa3dc141d5d4c79820bfef3c
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_alpha.deb
Size/MD5 checksum:37978 47fe74c3d93abc8e596d836ef4eb8fcb

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_amd64.deb
Size/MD5 checksum:   184120 58ab6cccdd5484e4bfcf4b6dd27c9e00
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_amd64.deb
Size/MD5 checksum:36680 dd0b6f7984f011ae92bd7e09bf83f02f
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_amd64.deb
Size/MD5 checksum:   795770 4063d07d3876bfbc3f6fcf19e5cafb4a
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_amd64.deb
Size/MD5 checksum:   891790 b727f5ae98ce30abe97a1fba3ac40d38
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_amd64.deb
Size/MD5 checksum:   745276 5af9ee2e1337339b2e892fedba428e3c

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-4_arm.deb
Size/MD5 checksum:   165294 ad35b56851b1593e360b686ecfec65fc
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-4_arm.deb
Size/MD5 checksum:   672778 b08822852ad4599685c9dc3188373c4d
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-4_arm.deb
Size/MD5 checksum:   741398 47071e65bd39d46da2671a307254ae1e
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-4_arm.deb
Size/MD5 checksum:   816988 f52a68650d018f67aab33ae26d5dd143
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-4_arm.deb
Size/MD5 checksum:34672 a936724e14d1319ca9a79a0f3711d250

hppa architecture (HP PA

[SECURITY] [DSA 1631-1] New libxml2 packages fix denial of service

2008-08-22 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1631-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 22, 2008   http://www.debian.org/security/faq
- 

Package: libxml2
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-3281

Andreas Solberg discovered that libxml2, the GNOME XML library,
could be forced to recursively evaluate entities, until available
CPU  memory resources were exhausted.

For the stable distribution (etch), this problem has been fixed in version
2.6.27.dfsg-3.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your libxml2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg.orig.tar.gz
Size/MD5 checksum:  3416175 5ff71b22f6253a6dd9afc1c34778dec3
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3.dsc
Size/MD5 checksum:  901 800082d165a5627f571f019994bee93c
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3.diff.gz
Size/MD5 checksum:   146017 10fc8479d96fb23d17ac8a51bfe40db9

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.27.dfsg-3_all.deb
Size/MD5 checksum:  1325318 11e64cd82ae7b549fa975a657f773f73

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_alpha.deb
Size/MD5 checksum:37976 909bab48a2b4a6c29e11b8b880dd464d
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_alpha.deb
Size/MD5 checksum:   184758 2dbe0e48211dff90726296ee6786b73b
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_alpha.deb
Size/MD5 checksum:   881704 110adb2bde79f8feb121beaa9ae8e15d
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_alpha.deb
Size/MD5 checksum:   916192 fd97550bc89ee18ef4c58da00b2c8b1c
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_alpha.deb
Size/MD5 checksum:   820740 47ba8095722f2bbdf6e88fa6881b365e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_amd64.deb
Size/MD5 checksum:36774 78fbbff7c5a940d516ddab2145af3a04
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_amd64.deb
Size/MD5 checksum:   891114 54574b53e6e1d243c9a3a8db7a7ff845
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_amd64.deb
Size/MD5 checksum:   182908 28cfebcd7ab010cf63e9261147be9806
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_amd64.deb
Size/MD5 checksum:   746356 96ee63f89da370e08d4d7cf2d656c414
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_amd64.deb
Size/MD5 checksum:   796450 d9e1bc7ac6e9ac08a50e4cc7fd245433

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_arm.deb
Size/MD5 checksum:   672716 21723fdd5875eb16170ec69734fa4cd4
  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_arm.deb
Size/MD5 checksum:   165296 091714fdcb9c7c7909496ac14d9af71d
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.27.dfsg-3_arm.deb
Size/MD5 checksum:34676 d1acb4cd2a7036e35a7cfbcdc25362b7
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dbg_2.6.27.dfsg-3_arm.deb
Size/MD5 checksum:   816944 102757770541cb1d1336bb4d3c086aa8
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.27.dfsg-3_arm.deb
Size/MD5 checksum:   741122 35af939918be6655ca6994462a3b9610

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.27.dfsg-3_hppa.deb
Size/MD5 checksum:   192856 0f670bcbefb06ace1dcd643e4045d5ce
  
http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.27.dfsg-3_hppa.deb
Size/MD5 checksum:   857960

[SECURITY] [DSA 1609-1] New lighttpd packages fix multiple DOS issues

2008-07-15 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1609-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 15, 2008 http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : various
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-0983 CVE-2007-3948
Debian Bug : 434888 43

Several local/remote vulnerabilities have been discovered in lighttpd,
a fast webserver with minimal memory footprint.

The Common Vulnerabilities and Exposures project identifies the 
following problems:

CVE-2008-0983
  lighttpd 1.4.18, and possibly other versions before 1.5.0, does not
  properly calculate the size of a file descriptor array, which allows 
  remote attackers to cause a denial of service (crash) via a large number 
  of connections, which triggers an out-of-bounds access. 

CVE-2007-3948
  connections.c in lighttpd before 1.4.16 might accept more connections 
  than the configured maximum, which allows remote attackers to cause a
  denial of service (failed assertion) via a large number of connection
  attempts.

For the stable distribution (etch), these problems have been fixed in
version 1.4.13-4etch9.

For the unstable distribution (sid), these problems have been fixed in
version 1.4.18-2.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.dsc
Size/MD5 checksum: 1106 b9e468fa16bb1874ceef9596827a0aee
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9.diff.gz
Size/MD5 checksum:37524 b935ac31122e596b50393b32412c4634

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch9_all.deb
Size/MD5 checksum:99444 f4da891e3055833d72cedb093ebe961b

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:65236 07a7c10a1a9e8e5be6591eafdcb2af70
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:   319704 347221cd0521559c703e77a638101378
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:59970 cd8eebac5cafbfc86a94b7bdec622cdc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:71720 2243711e9b479e7201bd075375341570
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:61748 e082eba9bed47e7d41b97b8c3faf2ab4
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_alpha.deb
Size/MD5 checksum:64804 2300124052e6cd3d16b5d912771a43d2

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:70042 f216ba125297f9617e9b93ae5e9c1528
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:60890 0cf8ebc595c92cf0e5133cfb0fdb45f1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:64028 22bef6211d9afd320292721a796671fb
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:63726 1908fe9c6b35d03ac8cb8ca25bc119a8
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:59294 a0bc743d9720b97db28764c6c1e0f79c
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch9_amd64.deb
Size/MD5 checksum:   297536 0de34b9f4ef546ae5f38991f4676143a

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch9_arm.deb
Size/MD5 checksum

[SECURITY] [DSA 1606-1] poppler packages fix execution of arbitrary code

2008-07-09 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1606-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 09, 2008 http://www.debian.org/security/faq
- 

Package: poppler
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE 2008-1693
Debian Bug : 476842

It was discovered that poppler, a PDF rendering library, did not 
properly handle embedded fonts in PDF files, allowing attackers to
execute arbitrary code via a crafted font object.

For the stable distribution (etch), this problem has been fixed in version
0.4.5-5.1etch3.

For the unstable distribution (sid), this problem has been fixed in
version 0.8.0-1.

We recommend that you upgrade your poppler package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.dsc
Size/MD5 checksum:  757 1560882fd2916cf690dfab5b36caf393
  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5-5.1etch3.diff.gz
Size/MD5 checksum:   484328 8f9c696fb31d332b65515d263b9b29da
  
http://security.debian.org/pool/updates/main/p/poppler/poppler_0.4.5.orig.tar.gz
Size/MD5 checksum:   783752 2bb1c75aa3f9c42f0ba48b5492e6d32c

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:30352 3a20e8e3a5f60e0c8a676a290e858a61
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:43058 9bb013f968577d9320de44b82e7fd1f1
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:   772710 d2b3b2490771162ac139f5246e85b231
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:86580 c396dba838001d108bf56d477f08cd4b
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:34056 5f12b52c57a11f9881e433bb9710acaa
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:55052 fd976b4ba5a06387095fd5ab0eb1ddd3
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_alpha.deb
Size/MD5 checksum:   504476 19e19093f81f966f0e8e2da723f8e07b

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:   613694 30e519a2a6a52073527556f7be56e368
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-qt-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:30656 879a9f7b40b84395dec8667fbaed7a30
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:46070 3fca3fa3a27cd8591e3b654e0063d818
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:41768 0e876f9dde8c94548fb5a5f973d4d1fb
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:   456526 1aa5b6834c6605b9c0c89d76c527b085
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-qt_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:29706 252693ce004ebe4da029cb8cac60c8ad
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_amd64.deb
Size/MD5 checksum:83614 4f3e6d766e655a6a6e48ce379853e720

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2-glib_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum:40176 c220cbc637a1898a24f3d6facf2334b5
  
http://security.debian.org/pool/updates/main/p/poppler/poppler-utils_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum:81782 513ca3c03a1d48caa5ab2ddd4ada7aed
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler0c2_0.4.5-5.1etch3_arm.deb
Size/MD5 checksum:   438142 f4b166156f43a8715d2cc8b27c621e53
  
http://security.debian.org/pool/updates/main/p/poppler/libpoppler-glib-dev_0.4.5-5.1etch3_arm.deb
Size/MD5

[SECURITY] [DSA 1560-1] New sympa packages fix denial of service

2008-07-01 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1600-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2008 http://www.debian.org/security/faq
- 

Package: sympa
Vulnerability  : dos
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-1648
Debian Bug : 475163

It was discovered that sympa, a modern mailing list manager, would
crash when processing certain types of malformed messages.

For the stable distribution (etch), this problem has been fixed in version
5.2.3-1.2+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 5.3.4-4.

We recommend that you upgrade your sympa package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.dsc
Size/MD5 checksum:  625 c7e720e56b1c4e9778cea822ed150a19
  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1.diff.gz
Size/MD5 checksum:96804 a93d8ec3dcbc0a0aed99e513c5749c0e
  http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3.orig.tar.gz
Size/MD5 checksum:  5102528 355cb9174841205831191c93a83da895

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_alpha.deb
Size/MD5 checksum:  3589148 26b92215ed7b17531c3702ff76b30901

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_amd64.deb
Size/MD5 checksum:  3591854 531781d522ad5f02e6c5b658883ed37d

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_arm.deb
Size/MD5 checksum:  3590606 dc3437760b7db4761f90e992e3638c52

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_hppa.deb
Size/MD5 checksum:  3591482 5601933860831577cb017cb0aa3b31fe

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_i386.deb
Size/MD5 checksum:  3567454 0c6e3d6046f7d0e9920ed7ce9780b103

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_ia64.deb
Size/MD5 checksum:  3571256 c294184494968264ff0857fc2b907711

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_mips.deb
Size/MD5 checksum:  3584362 1b3371fe22966b198a3c338167e71909

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_powerpc.deb
Size/MD5 checksum:  3568314 57c566c13cd31f66bbe3652b4c9ea3e7

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_s390.deb
Size/MD5 checksum:  3568574 afab57a71590dcdd685746b6500040b0

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/s/sympa/sympa_5.2.3-1.2+etch1_sparc.deb
Size/MD5 checksum:  3568016 0bf312e31bb5df28404ea40842845caf


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIapKKwM/Gs81MDZ0RAqAtAJ4qQlnuRralKZTMQhtDqYvMXfaqdQCgof4S
6REh7OX9zxqgWYGHqQWtEpQ=
=ANTa
-END PGP SIGNATURE-

[SECURITY] [DSA 1584-1] New libfissound packages fix execution of arbitrary code

2008-05-21 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1584-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
May 21, 2008  http://www.debian.org/security/faq
- 

Package: libfishsound
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-1686
Debian Bug : 475152

It was discovered that libfishsound, a simple programming interface that
wraps Xiph.Org audio codecs, didn't correctly handle negative values in
a particular header field.  This could allow malicious files to execute
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
0.7.0-2etch1.

For the unstable distribution (sid), this problem has been fixed in
version 0.7.0-2.2.

We recommend that you upgrade your libfishsound package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0.orig.tar.gz
Size/MD5 checksum:   426487 00ece8c9a0363b37957ce670bcf270d3
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.dsc
Size/MD5 checksum:  659 d72d4922c70c6bb10dff6ace5a814455
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound_0.7.0-2etch1.diff.gz
Size/MD5 checksum:16054 c5842b27bd7a05ef9bd26e701dfc56dc

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_alpha.deb
Size/MD5 checksum:34582 9ef817deb3b892d9fa9f7fdc4a94e6a5
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_alpha.deb
Size/MD5 checksum:15304 eed92cc88865ae99cc768c0a7b33019c
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_alpha.deb
Size/MD5 checksum: 7740 57cd0eae0976b9d78be65d0aeba32a3e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_amd64.deb
Size/MD5 checksum:30786 64fd312521a927ceb867f63e5f4734a5
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_amd64.deb
Size/MD5 checksum: 7794 8fb36c5bdd40a8dc5c370802da6ec050
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_amd64.deb
Size/MD5 checksum:14334 a6845973bc2f61f4783710a5797e5484

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_arm.deb
Size/MD5 checksum:29224 35d4c9d5a750ba8dd53ba6fd5bb248df
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_arm.deb
Size/MD5 checksum:12462 6693b054221d19c6da6c2069466ef7dc
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_arm.deb
Size/MD5 checksum: 7882 560e18366ae1e15d5aef32855f0ab731

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_hppa.deb
Size/MD5 checksum:15162 68e6bc1466fcfa4d73edb3d760a9e5b8
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_hppa.deb
Size/MD5 checksum: 7802 5922374807b136070b2f002ba716807f
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_hppa.deb
Size/MD5 checksum:31662 3c9fbc584f7942ff0ea88dd27daebbfd

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dev_0.7.0-2etch1_i386.deb
Size/MD5 checksum:29344 74a5b956c3dc3450f3da2ec91dcf2a34
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1_0.7.0-2etch1_i386.deb
Size/MD5 checksum:13384 559730ed3949728fc0dcf77d19a05712
  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_i386.deb
Size/MD5 checksum: 7614 c2b9b6a8343bda423068fa8965411bf6

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/libf/libfishsound/libfishsound1-dbg_0.7.0-2etch1_ia64.deb
Size/MD5 checksum: 7832

[SECURITY] [DSA 1570-1] New kazehakase packages fix execution of arbitrary code

2008-05-06 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1570-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
May 06, 2008  http://www.debian.org/security/faq
- 

Package: kazehakase
Vulnerability  : various
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2006-7227 CVE-2006-7228 CVE-2006-7230 CVE-2007-1659 
CVE-2007-1660 CVE-2007-1661 CVE-2007-1662 CVE-2007-4766 CVE-2007-4767 
CVE-2007-4768
Debian Bug : 464756

Andrews Salomon reported that kazehakase, a GTK+-base web browser that
allows pluggable rendering engines, contained an embedded copy of the
PCRE library in its source tree which was compiled in and used in preference
to the system-wide version of this library.

The PCRE library has been updated to fix the security issues reported
against it in previous Debian Security Advisories.  This update ensures that
kazehakase  uses that supported library, and not its own embedded and
insecure version.

For the stable distribution (etch), this problem has been fixed in version
0.4.2-1etch1.

We recommend that you upgrade your kazehakase package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.diff.gz
Size/MD5 checksum:29821 9ed08939091d62c63e28dd2448076879
  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2.orig.tar.gz
Size/MD5 checksum:  1377901 439ba54dc27509a2ef518f0efc775acc
  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1.dsc
Size/MD5 checksum:  812 59f2a6ef066de3819891e121b0111b8c

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_alpha.deb
Size/MD5 checksum:   831296 01e7938bbf1336d0c6a8b96645f3e79f

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_amd64.deb
Size/MD5 checksum:   785472 c3eaac04243b72ab3b64458b0052aa3a

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_arm.deb
Size/MD5 checksum:   739870 5952c1fc0c8eaaa521262118d2172736

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_hppa.deb
Size/MD5 checksum:   882844 470611add8502f4a341e8cdef4499f4a

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_i386.deb
Size/MD5 checksum:   759278 c679e8a553436a11345bca1bc88df09f

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mips.deb
Size/MD5 checksum:   721080 2cbff04efc16533a2b54c779ed1f04db

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_mipsel.deb
Size/MD5 checksum:   717176 12c4bbbd600c7d6161a3707634a6017d

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_powerpc.deb
Size/MD5 checksum:   769382 6e14ed4f3a1fadc97f5996ff29601a8b

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_s390.deb
Size/MD5 checksum:   798436 f956cf4e29625f8d324bc5b2fd7b2300

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/k/kazehakase/kazehakase_0.4.2-1etch1_sparc.deb
Size/MD5 checksum:   757522 befeaed6fcca5045fda96b8450522768


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIIKfSwM/Gs81MDZ0RAnRSAKDdza14GlOXLf/Y3GwcJXF16x/ArwCgvKR2
Rnhh/Db/KhgdAg0g8+tMgC0=
=41vh
-END PGP SIGNATURE-

[SECURITY] [DSA 1566-1] New cpio packages fix denial of service

2008-05-02 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1566-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
May 02, 2008  http://www.debian.org/security/faq
- 

Package: cpio
Vulnerability  : programming error
Problem type   : local (remote)
Debian-specific: no
CVE Id(s)  : CVE-2007-4476

Dmitry Levin discovered a vulnerability in path handling code used by
the cpio archive utility.  The weakness could enable a denial of
service (crash) or potentially the execution of arbitrary code if a
vulnerable version of cpio is used to extract or to list the contents
of a maliciously crafted archive.

For the stable distribution (etch), these problems have been fixed in
version 2.6-18.1+etch1.

For the unstable distribution (sid), these problems have been fixed in
version 2.9-5.

We recommend that you upgrade your cpio packages.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration. 


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6.orig.tar.gz
Size/MD5 checksum:   556018 76b4145f33df088a5bade3bf4373d17d
  http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.dsc
Size/MD5 checksum:  556 fdcfe9fa17130663f3fcb21aebb52924
  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1.diff.gz
Size/MD5 checksum:92775 78d1098c15d92c0d5bfe6c5dcc4e5652

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_alpha.deb
Size/MD5 checksum:   146740 167eeae5237940f15b9eea7b1f754b65

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_amd64.deb
Size/MD5 checksum:   136734 f827f70099b66a518fbd3e6782e7909b

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_arm.deb
Size/MD5 checksum:   132108 b4ecfb2b81f84d1f82c268c0ccb0081d

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_hppa.deb
Size/MD5 checksum:   143166 b7ca87731e442f3eaaf117113bfc941a

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_i386.deb
Size/MD5 checksum:   132096 c490f550663e524725544d389546e56f

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_ia64.deb
Size/MD5 checksum:   171990 be7ca34414f4bfa4129379c9eea3473f

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mips.deb
Size/MD5 checksum:   146084 f57b7e09e1705692427220cd1932ea1a

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_mipsel.deb
Size/MD5 checksum:   145348 2010baf76d3039417c6b6bca1eba1246

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_powerpc.deb
Size/MD5 checksum:   138322 229edae58b3b4387dcfdcf8717932cb4

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_s390.deb
Size/MD5 checksum:   143878 60c6e036d5df8c67e74f301fa14b4e9f

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/c/cpio/cpio_2.6-18.1+etch1_sparc.deb
Size/MD5 checksum:   131248 63a51ec9ac633327f21d27c616d604ba


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFIGyxnwM/Gs81MDZ0RAka1AJ99sbmauR0AiUqM7utuOjCOPru/sQCgsjTU
8N0s+d1hbnAmCRe6DzExPAU=
=YK94
-END PGP SIGNATURE-

[SECURITY] [DSA 1540-2] New lighttpd packages fix denial of service

2008-04-15 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1540-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
April 15, 2008http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : DOS
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-1531

It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors.  This could allow
a remote attacker to disconnect all active SSL connections.

This security update fixes a regression in the previous one, which caused
SSL failures.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch8.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.diff.gz
Size/MD5 checksum:37420 89efdab79fcbac119000a64cab648fcd
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8.dsc
Size/MD5 checksum: 1098 87a04c4e704dd7921791bc44407b5e0e

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch8_all.deb
Size/MD5 checksum:99618 ae68b64b7c0df0f0b3a9d19b87e7c40a

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:   297300 19f5b871d2a9a483e1ecdaa2325c45cb
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:63586 750cf5f5d7671986b195366f2335c9cc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:63884 72ee2b52772010ae7c63a0a2b4761ff5
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:59138 45672a1a3af65311693a3aee58be5566
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:69890 b84d4ea8c9af282e2aeeb5c05847a95a
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_amd64.deb
Size/MD5 checksum:60742 f48ef372b71be1b2683d03b411c7e7cf

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:59896 60a4e61e9b5e2bafbf53474d677b36bb
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:   323946 642f46921f99dfdf8e52ed3777847cbc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:61890 4feb260d9f611c26979872b49b09ebc1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:65000 2ce28ddd20bcd1bf407e14bae053537b
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:72946 33c93c114c3807d63bb18a5a9b3f33b9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_hppa.deb
Size/MD5 checksum:65520 82a4460351af3d4c8b9d84ec831bd006

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch8_i386.deb
Size/MD5 checksum:63884 96876134f02cf6b3c5079d5deecca7d9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch8_i386.deb
Size/MD5 checksum:59086 f928fd96f37229e72661fa7140a0daa9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch8_i386.deb
Size/MD5 checksum:   289088 477ce333d4a1b9f506645ff22193191f
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch8_i386.deb
Size/MD5 checksum:70932 90cd2be30fb0f0e0ff97820e1b8c19f1
  
http://security.debian.org/pool/updates/main/l

[SECURITY] [DSA 1540-1] New lighttpd packages fix denial of service

2008-04-07 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1540-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
April 07, 2008http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : DOS
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-1531

It was discovered that lighttpd, a fast webserver with minimal memory
footprint, was didn't correctly handle SSL errors.  This could allow
a remote attacker to disconnect all active SSL connections.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch7.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.dsc
Size/MD5 checksum: 1098 0d420a477511699665602b3c64b39179
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7.diff.gz
Size/MD5 checksum:37428 1f54c20fa199127e6db25176bcbe5902

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch7_all.deb
Size/MD5 checksum:99548 11dbb6f839e908c0d641249fb3d4fdc4

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:64532 d799861c011b78a8238777f49c6fb92d
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:   318940 0e6314a5e9254d6500fb67555844d71b
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:64964 bd1d1cd3aa8c601b9cfad9e48528cb75
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:61294 55daca76be0d34892687511d3f4f1be9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:71764 74606f3ddea8f458c2ede8395bedb305
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_alpha.deb
Size/MD5 checksum:59532 267cff02d1ecbfa394bba4128d475fc8

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:60706 f8be0d85f9fbeb4c13812193f5d9fd97
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:69852 e827323f52a4705c7181d183d4d91e28
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:59104 310716e9e2e8c2f52bef3d6c604d6db0
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:   297296 dbfccf2a8da12c6ebe829322be356345
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:63842 b0f28737f30018c175bf880134b3a125
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch7_amd64.deb
Size/MD5 checksum:63542 64b3baf663b5da3ecb2768583aea88db

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch7_arm.deb
Size/MD5 checksum:58644 dca9be439e843773122daa5116961f47
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch7_arm.deb
Size/MD5 checksum:60770 834dbe952f348107cb9c67725a1f10a9
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch7_arm.deb
Size/MD5 checksum:   286372 92f55d65c3270e7a7686e9dcc4238891
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch7_arm.deb
Size/MD5 checksum:63016 3d2e94666a3a202be5c5a827fbdcb1b7
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch7_arm.deb
Size/MD5 checksum:69550

[SECURITY] [DSA 1522-1] New xwine packages fix several vulnerabilities

2008-03-20 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1526-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
March 20, 2008http://www.debian.org/security/faq
- 

Package: xwine
Vulnerability  : various
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-0930 CVE-2008-0931

Steve Kemp from the Debian Security Audit project discovered several local
vulnerabilities have been discovered in xwine, a graphical user interface
for the WINE emulator.

The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2008-0930
  The xwine command makes unsafe use of local temporary files when
  printing.  This could allow the removal of arbitrary files belonging
  to users who invoke the program.

CVE-2008-0931
  The xwine command changes the permissions of the global WINE configuration
  file such that it is world-writable.  This could allow local users to edit
  it such that arbitrary commands could be executed whenever any local user
  executed a program under WINE.

For the stable distribution (etch), these problems have been fixed in version
1.0.1-1etch1.

We recommend that you upgrade your xwine package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.diff.gz
Size/MD5 checksum:27365 a7f1316789d0d54fbfdfbbbca8fb5c27
  http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1.dsc
Size/MD5 checksum:  619 477cc8074941df31e0d3c04c2d5ecf90
  http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1.orig.tar.gz
Size/MD5 checksum:  1527684 2748b66d5ab0b4cc172cbb296cc8363b

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_alpha.deb
Size/MD5 checksum:  1078778 f7f62194f4bcfcf08b3f24c2caad2cf0

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_amd64.deb
Size/MD5 checksum:  1044810 5a9c6db84637c399f53ac631685d359d

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_arm.deb
Size/MD5 checksum:  1042890 88b6f1cc95a3d1064be79c420535b70c

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_hppa.deb
Size/MD5 checksum:  1054266 9eb4ea73d3ea9eef16f9f8002e9b3d43

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_i386.deb
Size/MD5 checksum:  1049258 caf4aeb5e2a45b6c38abe8f5e0c7fb61

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_ia64.deb
Size/MD5 checksum:  1099784 a3a5facdb404d481df42ee386402b4fa

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_powerpc.deb
Size/MD5 checksum:  1045496 74235e48bda3cb5b43f589be5962c65f

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_s390.deb
Size/MD5 checksum:  1021898 374b7326c9092fba9d34eea4e3d69ce0

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/x/xwine/xwine_1.0.1-1etch1_sparc.deb
Size/MD5 checksum:  1037724 32c6b9725b87a9f81074667290fab29b


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFH4rYOwM/Gs81MDZ0RAhM/AKClVPQIykIm2h9v/Te/vgF6Tb5RkgCgrWlL
kEKXH2c6/XFtM4lF0jSFrIM=
=Iknm
-END PGP SIGNATURE-

[SECURITY] [DSA 1513-1] New lighttpd packages fix CGI source disclosure

2008-03-06 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1513-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
March 06, 2008http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : information disclosure
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-

It was discovered that lighttpd, a fast webserver with minimal memory
footprint, would display the source to CGI scripts if their execution
failed in some circumstances.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch5.

For the unstable distribution, this problem will be fixed soon.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.diff.gz
Size/MD5 checksum:36835 fa55bbf4bf1b9a555cc4b7b368a059f6
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5.dsc
Size/MD5 checksum: 1098 52f5881ec943188d8276c600902c84f5

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch5_all.deb
Size/MD5 checksum:99430 b13f37c0c8b55e145e6f823d5dd82dee

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:71646 3d0308407b0b089bb8d8a215503f20d8
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:59412 cf3dc4218076b66d5fb04e40cb6e6a03
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:64832 c58a1cfc4a506351ef2425f4e4018113
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:61170 0a2a5196ed776076f29fb8a85976387e
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:64402 58268f6c0dc00b8e0fe16f5cf93a6d86
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_alpha.deb
Size/MD5 checksum:   318776 55890a8afec6ff4fba50ff2e8ac4df6c

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:69738 92677861a76629b9a3361c2c338d5bb0
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:63434 98b26e827bb4c8a023239a90bfdb45a2
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:60586 a3c573b8d1f921fb93fd28e33ee86d4f
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:58994 de8951a3316888b5874f3b3ee0abe755
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:63726 0ca9bf4df2ca8260495146011e6d3a53
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_amd64.deb
Size/MD5 checksum:   297048 a12c33257671acdd291f41b7b7f8c64d

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch5_arm.deb
Size/MD5 checksum:   286092 3821f3f07c614ccf1a98cdec79301a18
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch5_arm.deb
Size/MD5 checksum:58528 1e3e7f75c172bb082c7b083110194c9f
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch5_arm.deb
Size/MD5 checksum:60664 489518ec1610f510562a1d0a2dfcb940
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch5_arm.deb
Size/MD5 checksum:69414 41096405646828e7a63a6e4b208d5497
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13

[SECURITY] [DSA 1511-1] New libicu packages fix multiple problems

2008-03-03 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1511-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
March 03, 2008http://www.debian.org/security/faq
- 

Package: libicu
Vulnerability  : various
Problem type   : local
Debian-specific: no
CVE Id(s)  : 2007-4770 2007-4771
Debian Bug : 463688

Several local vulnerabilities have been discovered in libicu,
International Components for Unicode, The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-4770
  libicu in International Components for Unicode (ICU) 3.8.1 and earlier
  attempts to process backreferences to the nonexistent capture group
  zero (aka \0), which might allow context-dependent attackers to read
  from, or write to, out-of-bounds memory locations, related to
  corruption of REStackFrames.

CVE-2007-4771
  Heap-based buffer overflow in the doInterval function in regexcmp.cpp
  in libicu in International Components for Unicode (ICU) 3.8.1 and
  earlier allows context-dependent attackers to cause a denial of
  service (memory consumption) and possibly have unspecified other
  impact via a regular expression that writes a large amount of data to
  the backtracking stack.

For the stable distribution (etch), these problems have been fixed in
version 3.6-2etch1.

For the unstable distribution (sid), these problems have been fixed in
version 3.8-6.

We recommend that you upgrade your libicu package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum:  9778863 0f1bda1992b4adca62da68a7ad79d830
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc
Size/MD5 checksum:  591 13dcea6b1c9a282147b99c4867db6ee8
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz
Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb
Size/MD5 checksum:  3332194 5da76263265814905245b97daec4c1c3

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb
Size/MD5 checksum:  7028746 b6b13d0fa262501923c97a859b400d10
  
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb
Size/MD5 checksum:  5581984 0cd37ce9f234b9207accc424dc191f49

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb
Size/MD5 checksum:  6585582 9fe0ee74625a985628c9af096dd13827
  
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb
Size/MD5 checksum:  5444228 250851db4a613e9a5d0029d73c1196c0

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb
Size/MD5 checksum:  6631114 a73ff442415ca3bc336f1fb49e3aa701
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb
Size/MD5 checksum:  5458358 c6d533fd7c1c51efbac58d2a96a386fb

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb
Size/MD5 checksum:  7090294 aadca0bc8fb9307ea7fe293406a10e5f
  
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb
Size/MD5 checksum:  5909956 07bd8e6c733072fca8b96cc10e210a68

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb
Size/MD5 checksum:  5468656 532aa02d6d67d4b6527ac8c29c9d110e
  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb
Size/MD5 checksum:  6465540 bfd4d908b552bba2d871771f86369ec7

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb
Size/MD5 checksum:  7238880 10b410fcd460e47c3619de88167b74f5
  
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb
Size/MD5 checksum:  5865536 dbc0ec913f08682cec4f1b75d35e0531

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb
Size/MD5 checksum:  7047506

[SECURITY] [DSA 1507-1] New turba2 packages fix permission testing

2008-02-25 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1507-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
February 24, 2008 http://www.debian.org/security/faq
- 

Package: turba2
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2008-0807
Debian Bug : 464058

Peter Paul Elfferich discovered that turba2, a contact management component
for horde framework did not correctly check access rights before allowing
users to edit addresses.  This could result in valid users being able to
alter private address records.

For the stable distribution (etch), this problem has been fixed in version
2.1.3-1etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.0.2-1sarge1.

For the unstable distribution (sid), this problem has been fixed in version
2.1.7-1.

We recommend that you upgrade your turba2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.dsc
Size/MD5 checksum:  626 78ef803c5a5c3c0564ddd8b23a96da4d
  
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1.diff.gz
Size/MD5 checksum: 8049 8ccfd8d4f1886141a916d706217d8a73
  http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2.orig.tar.gz
Size/MD5 checksum:  1221378 43381a9620d08ad17758fc533e865db3

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.0.2-1sarge1_all.deb
Size/MD5 checksum:  1282950 ee4a5791cb7b942305f9095b9b3ae697


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.diff.gz
Size/MD5 checksum: 7434 fcef7709711274ebf26b99e3032f4e7e
  http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3.orig.tar.gz
Size/MD5 checksum:  1790717 a0407717f3f64fb33f6a57e2244a12b4
  http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1.dsc
Size/MD5 checksum:  722 0aa309ef908c6ab95b62fa6fbb97d7c5

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/t/turba2/turba2_2.1.3-1etch1_all.deb
Size/MD5 checksum:  1860044 0fb704f257a5d583196e10de104289f0


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHwWuDwM/Gs81MDZ0RAinaAJ9711WgcsQv3xAQ8dOautoN5BKMzgCfV4Ck
Azcmd1e9g/lOp0fVreD+G+Y=
=CWD7
-END PGP SIGNATURE-

[SECURITY] [DSA 1500-1] New splitvt packages fix privilege escalation

2008-02-21 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1500-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
February 21, 2008 http://www.debian.org/security/faq
- 

Package: splitvt
Vulnerability  : privilege escalation
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2008-0162

Mike Ashton discovered that splitvt, a utility to run two programs in a
split screen, did not drop group privileges prior to executing 'xprop'.
This could allow any local user to gain the privileges of group utmp.

For the stable distribution (etch), this problem has been fixed in version
1.6.5-9etch1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.6-4.

We recommend that you upgrade your splitvt package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.dsc
Size/MD5 checksum:  602 38c5d340fe95abbd78edfa806618fce8
  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1.diff.gz
Size/MD5 checksum:10746 ea95a61da623237d715e5b1fdce9e92a

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_alpha.deb
Size/MD5 checksum:41314 06622ad249f48ee2009f03ef1b4ba1ad

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_amd64.deb
Size/MD5 checksum:37754 dd591bff5b03378ab225dbf41648e037

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_hppa.deb
Size/MD5 checksum:38398 f9c5dc35197dcd1b8a2843a29c200bbb

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_i386.deb
Size/MD5 checksum:34754 70d76970fb5017197c78861c4d070cab

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_ia64.deb
Size/MD5 checksum:50166 d2328ca3f1d1114cc9a2497d59e0ff9a

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_mips.deb
Size/MD5 checksum:39434 3205ddfd371fd0edd5175333a5c94c1b

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_powerpc.deb
Size/MD5 checksum:37800 7c8d9c7f20e4a4fc92531f0a5cd7bb26

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/s/splitvt/splitvt_1.6.5-9etch1_s390.deb
Size/MD5 checksum:37854 9c39d0109f6600022862c3ee6d1fb0c8


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHvd1awM/Gs81MDZ0RAg06AKDJ/V4YC2YkBD2zeAgBxlaZQagpnQCfUkSm
EM24FdX8f8pceWCmyHPKnA8=
=BVtM
-END PGP SIGNATURE-

[SECURITY] [DSA 1498-1] New libimager-perl packages fix arbitrary code execution

2008-02-19 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1498-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
February 19, 2008 http://www.debian.org/security/faq
- 

Package: libimager-perl
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2459
Debian Bug : 421582


It was discovered that libimager-perl, a Perl extension for Generating 24
bit images, did not correctly handle 8-bit per-pixel compressed images,
which could allow the execution of arbitrary code.

For the stable distribution, this problem has been fixed in version
0.50-1etch1.

We recommend that you upgrade your libimager-perl package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.diff.gz
Size/MD5 checksum: 3049 e82e882633056ddef2beec5107085163
  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1.dsc
Size/MD5 checksum:  702 a2325e2e5fd0522924e1c394260fb902
  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50.orig.tar.gz
Size/MD5 checksum:   757843 19cfffe047909599226f76694155f996

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_alpha.deb
Size/MD5 checksum:   648188 54c4d2bfd5fc8db396cf8d9f30ee138e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_amd64.deb
Size/MD5 checksum:   610124 06b382fe65e0ab39f66436c9a7574c9e

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_arm.deb
Size/MD5 checksum:   589256 185b679c399cbafeae33ceefe39e679c

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_hppa.deb
Size/MD5 checksum:   620720 445a0a72c32922d42e7c37afb8c5a361

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_i386.deb
Size/MD5 checksum:   605222 38189ae2167604712b8cb74dbefd5f7a

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_ia64.deb
Size/MD5 checksum:   751930 17f9e9c322ed61445eea4a7c38b2b0fc

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mips.deb
Size/MD5 checksum:   557940 0e37144272d8f1aed97986e6af175870

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_mipsel.deb
Size/MD5 checksum:   556756 b67b32674f7951f62496cce70e079f00

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_s390.deb
Size/MD5 checksum:   571872 2472728525f114e0faebc7832eeb66c4

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/libi/libimager-perl/libimager-perl_0.50-1etch1_sparc.deb
Size/MD5 checksum:   607238 eab7744246cea808db37625cc46aac6f


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHuzlawM/Gs81MDZ0RAnmoAJ4uDJZ/IVXuS3B3+KIo+h22JfA6UwCaA2Nf
zc9AiJJUB/Y2QRhRrGyLzwQ=
=CIt+
-END PGP SIGNATURE-

[SECURITY] [DSA 1486-1] New gnatsweb packages fix cross-site scripting

2008-02-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1486-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
February 04, 2008 http://www.debian.org/security/faq
- 

Package: gnatsweb
Vulnerability  : cross-site scripting
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-2808
Debian Bug : 427156


r0t discovered that gnatsweb, a web interface to GNU GNATS, did not
correctly sanitize the database parameter in the main CGI script.  This
could allow the injection of arbitrary HTML, or javascript code.

For the stable distribution (etch), this problem has been fixed in version
4.00-1etch1.

We recommend that you upgrade your gnatsweb package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.dsc
Size/MD5 checksum:  566 2f4db4f88a4018f68c19598e9b3781e1
  
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00.orig.tar.gz
Size/MD5 checksum:87656 1d715610ea05ad3aa498d20158b01667
  
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1.diff.gz
Size/MD5 checksum: 2396 82f3180801f111b682a8e94c41c2627c

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/g/gnatsweb/gnatsweb_4.00-1etch1_all.deb
Size/MD5 checksum:56190 2decb55d6c8e571474b4375394fc14f0


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHqJgOwM/Gs81MDZ0RAr5PAJ4qyIYx7LWxsBtH/wSd/mY9iffMPwCfSF1K
DcDb53eqirDDP0JmknAt73Q=
=xmAs
-END PGP SIGNATURE-

[SECURITY] [DSA 1465-2] New apt-listchanges packages fix arbitrary code execution

2008-01-17 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1465-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 17, 2008  http://www.debian.org/security/faq
- 

Package: apt-listchanges
Vulnerability  : programming error
Problem type   : local
Debian-specific: yes
CVE Id(s)  : CVE-2008-0302

Felipe Sateler discovered that apt-listchanges, a package change history
notification tool, used unsafe paths when importing its python libraries.
This could allow the execution of arbitary shell commands if the root user
executed the command in a directory which other local users may write
to.

This security update fixes a regression in the previous one, which caused
the package to fail to work.

For the stable distribution (etch), this problem has been fixed in version
2.72.5etch1.

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution (sid), this problem has been fixed in version
2.82.

We recommend that you upgrade your apt-listchanges package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Debian GNU/Linux 4.0 alias etch
- ---


Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.tar.gz
Size/MD5 checksum:82907 2269a7d6e2bc1c964d214aa09696674f
  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2.dsc
Size/MD5 checksum:  665 3f7898a52530e876b443dd8984b58f98

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch2_all.deb
Size/MD5 checksum:65308 323f63a82a48342fa5a2dbfd8c045c14


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHj365wM/Gs81MDZ0RAgWSAKCquI3zg3sRhylg7kZtPkL/HFE6EACcDL9z
NStMOkJ9uvo7YpqNnnQrrvU=
=fp/A
-END PGP SIGNATURE-

[SECURITY] [DSA 1465-1] New apt-listchanges packages fix arbitrary code execution

2008-01-17 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1465-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 17, 2008  http://www.debian.org/security/faq
- 

Package: apt-listchanges
Vulnerability  : programming erorr
Problem type   : local
Debian-specific: yes
CVE Id(s)  : CVE-2008-0302

Felipe Sateler discovered that apt-listchanges, a package change history
notification tool, used unsafe paths when importing its python libraries.
This could allow the execution of arbitary shell commands if the root user
executed the command in a directory which other local users may write
to.

For the stable distribution (etch), this problem has been fixed in version
2.72.5etch1.

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution (sid), this problem has been fixed in version
2.82.

We recommend that you upgrade your apt-listchanges package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1.dsc
Size/MD5 checksum:  665 6dbbc030dc907a2358874c07a157f27d
  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1.tar.gz
Size/MD5 checksum:82788 e38490ef0a5515aae72011c95270dd92

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/a/apt-listchanges/apt-listchanges_2.72.5etch1_all.deb
Size/MD5 checksum:65254 b452757a483df5f805e7ee7b6f112b71


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHj2gtwM/Gs81MDZ0RAi45AJ9Zxpq7Z6rhUW0GfV4JdMNg66Vf9ACgzIcF
g/Zz9PAY8L+WRLZMcfZIkYE=
=bEDP
-END PGP SIGNATURE-

[SECURITY] [DSA 1455-1] New libarchive1 packages fix several problems

2008-01-08 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1455-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 08, 2008  http://www.debian.org/security/faq
- 

Package: libarchive1
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-3641, CVE-2007-3644, CVE-2007-3645
Debian Bug : 432924

Several local/remote vulnerabilities have been discovered in libarchive1,
a single library to read/write tar, cpio, pax, zip, iso9660, archives.

The Common Vulnerabilities and Exposures project identifies the following
problems:

CVE-2007-3641

  It was discovered that libarchive1 would miscompute the length of a buffer
  resulting in a buffer overflow if yet another type of corruption occurred
  in a pax extension header.

CVE-2007-3644

  It was discovered that if an archive prematurely ended within a pax
  extension header the libarchive1 library could enter an infinite loop.

CVE-2007-3645

  If an archive prematurely ended within a tar header, immediately following
  a pax extension header, libarchive1 could dereference a NULL pointer.


The old stable distribution (sarge), does not contain this package.

For the stable distribution (etch), these problems have been fixed in
version 1.2.53-2etch1.

For the unstable distribution (sid), these problems have been fixed in
version 2.2.4-1.

We recommend that you upgrade your libarchive package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.diff.gz
Size/MD5 checksum: 6474 454b6a56eec392fff05fde2e39b33241
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53.orig.tar.gz
Size/MD5 checksum:   522540 2e2df461fef05049b3a92e5bedc2de2c
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive_1.2.53-2etch1.dsc
Size/MD5 checksum:  723 6bd6417d5da3132138dfec988dd0b484

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_alpha.deb
Size/MD5 checksum:   125468 c5f6ca3fbd4dc58994e3322c54665189
  
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_alpha.deb
Size/MD5 checksum:98258 7052caa8ea03fb8f8028e779c38007a9
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_alpha.deb
Size/MD5 checksum:80802 e1cbce6999ca08b7c1873a2aa6f37ace

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_amd64.deb
Size/MD5 checksum:86144 75bbf5bd14366b2750a9fd07b94ea651
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_amd64.deb
Size/MD5 checksum:   100862 d7d29d3b8712a1affdd661ce8671cc47
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_amd64.deb
Size/MD5 checksum:73082 965a207cd79e4516897997dd4aa38224

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_arm.deb
Size/MD5 checksum:71100 ccb4fadaa27c86e51657bcd364900a12
  
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_arm.deb
Size/MD5 checksum:81560 6f300693d1c7e58758ffb58cb3792aa7
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_arm.deb
Size/MD5 checksum:94672 f9153798aead194d92167ffce2eebac8

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/liba/libarchive/bsdtar_1.2.53-2etch1_hppa.deb
Size/MD5 checksum:95492 fed8bf705c7d5376bccf45caaedccdaf
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_hppa.deb
Size/MD5 checksum:84962 69e703f5aaa825319b89038d0a69e5ac
  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive-dev_1.2.53-2etch1_hppa.deb
Size/MD5 checksum:   112720 4fee8dd2b8ff9d8c9d76cbfba4306899

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/liba/libarchive/libarchive1_1.2.53-2etch1_i386.deb
Size/MD5 checksum:73122 9ae44a93dbe577fea5a3121b32e00bf5
  
http

[SECURITY] [DSA 1452-1] New wzdftpd packages fix denial of service

2008-01-07 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1452-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 06, 2008  http://www.debian.org/security/faq
- 

Package: wzdftpd
Vulnerability  : denial of service
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-5300
Debian Bug : 446192

k1tk4t discovered that wzdftpd, a portable, modular, small and efficient
ftp server, did not correctly handle the receipt of long usernames.  This
could allow remote users to cause the daemon to exit.

For the stable distribution (etch), this problem has been fixed in version
0.8.1-2etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 0.5.2-1.1sarge3.

For the unstable distribution (sid), this problem has been fixed in version
0.8.2-2.1.

We recommend that you upgrade your wzdftpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- -

Source archives:

  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2.orig.tar.gz
Size/MD5 checksum:   818860 62a4af39801fe581f85cd063c5fc4717
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.dsc
Size/MD5 checksum:  769 56ce84eafc6683eae084c1edbe5a4567
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3.diff.gz
Size/MD5 checksum: 8531 80784497bc6ccee3adc676584fe1df75

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_alpha.deb
Size/MD5 checksum:   294374 3b7e0d4266cdc03f93c1b3734f606287
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_alpha.deb
Size/MD5 checksum:49304 c1c1978ecd2b95b805e207e3a245682f
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_alpha.deb
Size/MD5 checksum:30788 dd38408c8485348f8bc8164958a04860
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_alpha.deb
Size/MD5 checksum:   312336 6cb966eb16081a8d5ee88cd77d5ed95c
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_alpha.deb
Size/MD5 checksum:31594 2adefb9d0050b4f98d862271bb1f81a3

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_amd64.deb
Size/MD5 checksum:47248 f8b780ddb9256ef41b7ea0a8c7e23001
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_amd64.deb
Size/MD5 checksum:   217964 6de9a4f433f49c2fcbf98b4e445ad793
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_amd64.deb
Size/MD5 checksum:   286510 0814035329e48155cb473be2b0dd3568
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_amd64.deb
Size/MD5 checksum:30964 54692932158750e896d11eda8cda4d2d
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_amd64.deb
Size/MD5 checksum:30066 c1bf50b51cfc2e6c2ffb9a98d4d66ee9

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_arm.deb
Size/MD5 checksum:29288 e9833e4f4693378b7c989d3540d8ca25
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_arm.deb
Size/MD5 checksum:   214440 53f72f4bfa1df22bade8f46b4666a2a9
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-tcl_0.5.2-1.1sarge3_arm.deb
Size/MD5 checksum:29590 7af9d441be7afc5584783869e7b4ad67
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-mod-perl_0.5.2-1.1sarge3_arm.deb
Size/MD5 checksum:45970 dec5a70db33cdc64bfd4354a9b4dedb3
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd_0.5.2-1.1sarge3_arm.deb
Size/MD5 checksum:   264860 0a452abd94a4f4f94449bd297bbe93fc

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-back-mysql_0.5.2-1.1sarge3_hppa.deb
Size/MD5 checksum:31272 21683dbdfe11b648f69eeb66b8d1efba
  
http://security.debian.org/pool/updates/main/w/wzdftpd/wzdftpd-dev_0.5.2-1.1sarge3_hppa.deb
Size/MD5 checksum:   241864

[SECURITY] [DSA 1450-1] New util-linux packages fix programming error

2008-01-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1450-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 05, 2008  http://www.debian.org/security/faq
- 

Package: util-linux
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-5191
Debian Bug : XXX


It was discovered that util-linux, Miscellaneous system utilities, didn't
drop privileged users and groups in the correct order in the mount and
umount commands.  This could potentially allow a local user to gain
additional privileges.

For the stable distribution (etch), this problem has been fixed in version
2.12r-19etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.

We recommend that you upgrade your util-linux package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.dsc
Size/MD5 checksum:  712 c16f823e59f4e6e844abb42a5d0d74c5
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2.diff.gz
Size/MD5 checksum:74396 9e13a2463ef33b2bd1596072742f8da8
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p.orig.tar.gz
Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux-locales_2.12p-4sarge2_all.deb
Size/MD5 checksum:  1070176 a6404671c68d7f06a9da77b1dafc7a42

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_alpha.deb
Size/MD5 checksum:   440162 5d79ed3df525038d07eee80e2872e625
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_alpha.deb
Size/MD5 checksum:   161046 c8f09ca56ba1d2e557ca8c730b02585e
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_alpha.deb
Size/MD5 checksum:69054 6b36255a732ac7b3bddb4ed53d202e55
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_alpha.udeb
Size/MD5 checksum:   563462 dd3b17badda1e17440a29cc29ff439a4

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_arm.deb
Size/MD5 checksum:   387470 3df157ef832ed95ac9f92ff94383a7f1
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_arm.deb
Size/MD5 checksum:65422 c57935c9e9d5e3d9c3bbdda78b0047b1
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_arm.udeb
Size/MD5 checksum:   548928 c29b3f44c372b9129138d89ab17178a7
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_arm.deb
Size/MD5 checksum:   136594 6f762a670c52c716ef21b0fdca700447

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_hppa.deb
Size/MD5 checksum:   423190 d15fcccebc85a5c173eb862eed237cab
  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_hppa.udeb
Size/MD5 checksum:   562828 4b3f69108bacc9f576125d55b450158d
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_hppa.deb
Size/MD5 checksum:   149524 a7f26a0b62035eb0f395db4a0fb05cf6
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_hppa.deb
Size/MD5 checksum:68018 2966417cb1dbb3bd7321e78cf819953b

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/u/util-linux/fdisk-udeb_2.12p-4sarge2_i386.udeb
Size/MD5 checksum:   541402 f73c85cc3e687ce28163e1ec10aa25e6
  
http://security.debian.org/pool/updates/main/u/util-linux/bsdutils_2.12p-4sarge2_i386.deb
Size/MD5 checksum:65834 198a771b904f201e49d04a0a401f02ea
  
http://security.debian.org/pool/updates/main/u/util-linux/util-linux_2.12p-4sarge2_i386.deb
Size/MD5 checksum:   380538 c2cba4219351e9af5a90e772461d7015
  
http://security.debian.org/pool/updates/main/u/util-linux/mount_2.12p-4sarge2_i386.deb
Size/MD5 checksum:   140038 41d4c24fcd78ef78253ffe7d0dceab22

ia64 architecture (Intel ia64)

  
http://security.debian.org

[SECURITY] [DSA 1449-1] New loop-aes-utils packages fix programming error

2008-01-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1449-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 05, 2008  http://www.debian.org/security/faq
- 

Package: loop-aes-utils
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-5191

It was discovered that loop-aes-utils, tools for mounting and manipulating
filesystems, didn't drop privileged users and groups in the correct order
in the mount and umount commands.  This could potentially allow a local
user to gain additional privileges.

For the stable distribution (etch), this problem has been fixed in version
2.12r-15+etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 2.12p-4sarge2.

We recommend that you upgrade your loop-aes-utils package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.dsc
Size/MD5 checksum:  684 df895a3729db10a19896a9251d4af5b2
  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p.orig.tar.gz
Size/MD5 checksum:  2001658 d47e820f6880c21c8b4c0c7e8a7376cc
  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2.diff.gz
Size/MD5 checksum:69885 c9e24c3959fbac7e69f4d3ac1c6e672b

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_alpha.deb
Size/MD5 checksum:   170466 00b1327015aec6a2b3956ffa8bfdee89

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_amd64.deb
Size/MD5 checksum:   150678 e17bf96e4c9867deb261202ef4eeca54

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_arm.deb
Size/MD5 checksum:   138000 0d8676188c35b75983c57028712bf47f

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_hppa.deb
Size/MD5 checksum:   156870 61d0ebc346c6c30ac65a23d2dd41589d

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_i386.deb
Size/MD5 checksum:   142336 caa1aa50c22e9de3beb71ee7ab40df94

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_ia64.deb
Size/MD5 checksum:   191160 9283e92cd4264c0f569eafba62857543

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_m68k.deb
Size/MD5 checksum:   132518 77916de1d6874cc2892f81c50e48d317

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mips.deb
Size/MD5 checksum:   159770 3620a7cce148a8a4220dbfcd82045151

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_mipsel.deb
Size/MD5 checksum:   160354 e23471a1fb0de436cfd564b14192d1b8

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_powerpc.deb
Size/MD5 checksum:   155348 0ef3e79e1772e4af4f145900faa09fc1

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_s390.deb
Size/MD5 checksum:   153500 5895ea5a39a63451214a5fb4885f851c

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12p-4sarge2_sparc.deb
Size/MD5 checksum:   142348 9305eddb7b241033025ea36261a2ef77


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.diff.gz
Size/MD5 checksum:   101918 90793118f962ba30a5fb4be50181477e
  
http://security.debian.org/pool/updates/main/l/loop-aes-utils/loop-aes-utils_2.12r-15+etch1.dsc
Size/MD5 checksum:  735 9e405af43b332e2b023ce6aa61d2649a

alpha architecture

[SECURITY] [DSA 1448-1] New eggdrop packages fix arbitrary code execution

2008-01-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1448-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 05, 2008  http://www.debian.org/security/faq
- 

Package: eggdrop
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-2807
Debian Bug : 427157

It was discovered that eggdrop, an advanced IRC robot, was vulnerable
to a buffer overflow which could result in a remote user executing
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.6.18-1etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 1.6.17-3sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.18-1.1

We recommend that you upgrade your eggdrop package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
Size/MD5 checksum:36928 cfaa50371d39bd8e2994e37fecc6ff86
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
Size/MD5 checksum:  1030413 a0f9befca240072e45cd57908bb819d0
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
Size/MD5 checksum:  651 b3522add4d8a7d6ca05072fa2e733509

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
Size/MD5 checksum:   410510 bb84e646defd5d2f29eef07a4bcddc35

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
Size/MD5 checksum:   602006 bd5130ad50ff7a265a1a52bccf41ee4e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
Size/MD5 checksum:   535646 67bf2ced5e6c6b7fd36a4f31e0dd563f

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
Size/MD5 checksum:   494010 03361c7e85a481bf32991fab01ebc544

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
Size/MD5 checksum:   594058 a7b7fedc13f8fff6812d02878c8ef871

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
Size/MD5 checksum:   470438 f3a8dde2d859cbd72cfa8a50ef7c500d

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
Size/MD5 checksum:   733390 f5e186d15eb55594c203fc76f03fc6b4

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
Size/MD5 checksum:   439430 876fa0049e3eae163c88f4fc21ef3991

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
Size/MD5 checksum:   514084 8a2c0716911a4f14a79525f4bda97558

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
Size/MD5 checksum:   516766 f9d2046d98a283c253b6bd0890e19a76

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
Size/MD5 checksum:   516616 5e26e11c8cc8248ab55abb047469268d

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
Size/MD5 checksum:   524026 e1a9c4e11d1ef39a5e9c95fa13b82d36

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
Size/MD5 checksum:   496820 f6226930abbc54b1c9f6f12ca16b0c4b


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
Size/MD5 checksum:  642 51a806bb57b49ad48aaf33de7ee68a22
  
http://security.debian.org/pool/updates/main/e/eggdrop

[SECURITY] [DSA 1448-1] New eggdrop packages fix execution of arbitrary code

2008-01-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1448-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 05, 2008  http://www.debian.org/security/faq
- 

Package: eggdrop
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-2807
Debian Bug : 427157

It was discovered that eggdrop, an advanced IRC robot, was vulnerable
to a buffer overflow which could result in a remote user executing
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.6.18-1etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 1.6.17-3sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 1.6.18-1.1.

We recommend that you upgrade your eggdrop package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.diff.gz
Size/MD5 checksum:36928 cfaa50371d39bd8e2994e37fecc6ff86
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17.orig.tar.gz
Size/MD5 checksum:  1030413 a0f9befca240072e45cd57908bb819d0
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1.dsc
Size/MD5 checksum:  651 b3522add4d8a7d6ca05072fa2e733509

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop-data_1.6.17-3sarge1_all.deb
Size/MD5 checksum:   410510 bb84e646defd5d2f29eef07a4bcddc35

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_alpha.deb
Size/MD5 checksum:   602006 bd5130ad50ff7a265a1a52bccf41ee4e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_amd64.deb
Size/MD5 checksum:   535646 67bf2ced5e6c6b7fd36a4f31e0dd563f

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_arm.deb
Size/MD5 checksum:   494010 03361c7e85a481bf32991fab01ebc544

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_hppa.deb
Size/MD5 checksum:   594058 a7b7fedc13f8fff6812d02878c8ef871

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_i386.deb
Size/MD5 checksum:   470438 f3a8dde2d859cbd72cfa8a50ef7c500d

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_ia64.deb
Size/MD5 checksum:   733390 f5e186d15eb55594c203fc76f03fc6b4

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_m68k.deb
Size/MD5 checksum:   439430 876fa0049e3eae163c88f4fc21ef3991

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mips.deb
Size/MD5 checksum:   514084 8a2c0716911a4f14a79525f4bda97558

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_mipsel.deb
Size/MD5 checksum:   516766 f9d2046d98a283c253b6bd0890e19a76

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_powerpc.deb
Size/MD5 checksum:   516616 5e26e11c8cc8248ab55abb047469268d

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_s390.deb
Size/MD5 checksum:   524026 e1a9c4e11d1ef39a5e9c95fa13b82d36

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.17-3sarge1_sparc.deb
Size/MD5 checksum:   496820 f6226930abbc54b1c9f6f12ca16b0c4b


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18.orig.tar.gz
Size/MD5 checksum:  1025608 c2734a51926bdf0380d8bb53f5a7b2ee
  
http://security.debian.org/pool/updates/main/e/eggdrop/eggdrop_1.6.18-1etch1.dsc
Size/MD5 checksum:  642 51a806bb57b49ad48aaf33de7ee68a22
  
http://security.debian.org/pool/updates/main/e/eggdrop

[SECURITY] [DSA 1433-1] New centericq packages fix execution of code

2007-12-17 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1433-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 16, 2007 http://www.debian.org/security/faq
- 

Package: centericq
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-3713

Several remote vulnerabilities have been discovered in centericq,
a text-mode multi-protocol instant messenger client, which could allow
remote attackers to execute arbitary code due to insufficient bounds-testing.

For the stable distribution (etch), this problem has been fixed in version
4.21.0-18etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 4.20.0-1sarge5.

We recommend that you upgrade your centericq package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.dsc
Size/MD5 checksum:  875 0e3de98bb55d5af241acbb7c42c47cd0
  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5.diff.gz
Size/MD5 checksum:   117817 a0d486891cbf0dbafd36acda7d329e7a
  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
Size/MD5 checksum:  1796894 874165f4fbd40e3be677bdd1696cee9d

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_alpha.deb
Size/MD5 checksum:  1651664 69022dfe5342b1056abca9c9b433532d
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_alpha.deb
Size/MD5 checksum:   337338 b408f37c75ebff4cca8e0fd9bae2a2e2
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_alpha.deb
Size/MD5 checksum:  1652642 b1e027154c70c15250c131bcd1584c30
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_alpha.deb
Size/MD5 checksum:  1651712 1fc9e5fbf1d193d8d6ec6c2fa9cf28bf

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_amd64.deb
Size/MD5 checksum:   335496 e89f821a32c11d314b397ee454da5094
  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_amd64.deb
Size/MD5 checksum:  1355704 f3371f5f48e1057f1fb80714c0ea98bc
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_amd64.deb
Size/MD5 checksum:  1355942 dbaa8f53bcddceb3828e3b8b857bf833
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_amd64.deb
Size/MD5 checksum:  1355764 2752c6ff95628f99693521617bc32d73

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_arm.deb
Size/MD5 checksum:  2184304 34cd68e7c3f0374c40e545a61446f48c
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_arm.deb
Size/MD5 checksum:  2185094 7cbfa8db84b905a267ddf518415a7553
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_arm.deb
Size/MD5 checksum:   336124 19e8fc68148e1ebc8dc6a51c2c488689
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_arm.deb
Size/MD5 checksum:  2184366 b5ac5dffa73e7273a3e03b91e4413be0

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge5_hppa.deb
Size/MD5 checksum:  1812692 c21a00400546a5fbf571cf517bd34657
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge5_hppa.deb
Size/MD5 checksum:  1813624 f48400ea56e3027d2e828b3353442131
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge5_hppa.deb
Size/MD5 checksum:   336228 035a6af70173afb011a9a77631bdab3b
  
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_hppa.deb
Size/MD5 checksum:  1812750 10f3220cf0a0334113b4eb6b03e7f63c

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge5_i386.deb
Size/MD5 checksum:  1350010 fbf767b42da3ffc738073577afea697a
  
http

[SECURITY] [DSA 1432-1] New link-grammar packages fix execution of code

2007-12-17 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1432-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 16, 2007 http://www.debian.org/security/faq
- 

Package: link-grammar
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-5395
Debian Bug : 450695

Alin Rad Pop discovered that link-grammar, Carnegie Mellon University's
link grammar parser for English, performed insufficient validation within
its tokenizer, which could allow a malicious input file to execute
arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
4.2.2-4etch1.

For the old stable distribution (sarge), this package was not present.

For the unstable distribution (sid), this problem was fixed in version
4.2.5-1.

We recommend that you upgrade your link-grammar package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2.orig.tar.gz
Size/MD5 checksum:   742163 798c165b7d7f26e60925c30515c45782
  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.dsc
Size/MD5 checksum:  669 535a962c3aefbf92b3d09bd9355d3b57
  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1.diff.gz
Size/MD5 checksum: 8231 fa03dfbb7a2e0a47130c9f1385eb48d3

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar-dictionaries-en_4.2.2-4etch1_all.deb
Size/MD5 checksum:   267530 52ef5d6278b5f8a5a0c0894b3d99235e

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_alpha.deb
Size/MD5 checksum:   169386 f866bf37b179cf8f1c31f13b0ab9100a
  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_alpha.deb
Size/MD5 checksum:1 14b288d946738d5eefed5dc50e84040f
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_alpha.deb
Size/MD5 checksum:   108456 826d5896c36850255bedfcc3b70a8ea1

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_amd64.deb
Size/MD5 checksum:16038 ea80489f9db4f247d5009bf435f40707
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_amd64.deb
Size/MD5 checksum:95996 0851ea02bd3b4b600d68df09016915cf
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_amd64.deb
Size/MD5 checksum:   127934 a43908000f552820cdcd2c1a7819f62f

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_arm.deb
Size/MD5 checksum:15074 5a881ae17e13efc9ae731b9f86d7a0ff
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_arm.deb
Size/MD5 checksum:   110896 54d4534ce7a06ed675d9c4d2c957e519
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_arm.deb
Size/MD5 checksum:87732 5dfce7e3245ab16bbab0f2325d462192

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_hppa.deb
Size/MD5 checksum:16202 3f8cbe2ab057f5d3b387c1e52e4e9e51
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_hppa.deb
Size/MD5 checksum:   139488 2411aae738f8467e4180debc87b265ee
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_hppa.deb
Size/MD5 checksum:   104292 105899d1fa1a37a2690a6d3372572912

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/l/link-grammar/link-grammar_4.2.2-4etch1_i386.deb
Size/MD5 checksum:15458 9b43845e6fdb26319c4dd3d88afe5fb4
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4_4.2.2-4etch1_i386.deb
Size/MD5 checksum:89456 ffa178b41a336d1a9e11bca02a3d2232
  
http://security.debian.org/pool/updates/main/l/link-grammar/liblink-grammar4-dev_4.2.2-4etch1_i386.deb
Size/MD5 checksum:   111356

[SECURITY] [DSA 1430-1] New libnss-ldap packages fix denial of service

2007-12-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1430-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 11, 2007 http://www.debian.org/security/faq
- 

Package: libnss-ldap
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-5794
Debian Bug : 453868

It was reported that a race condition exists in libnss-ldap, an
NSS module for using LDAP as a naming service, which could cause
denial of service attacks when applications use pthreads.

This problem was spotted in the dovecot IMAP/POP server but
potentially affects more programs.

For the stable distribution (etch), this problem has been fixed in version
251-7.5etch1.

For the old stable distribution (sarge), this problem has been fixed in
version 238-1sarge1.

For the unstable distribution (sid), this problem has been fixed in
version 256-1.

We recommend that you upgrade your libnss-ldap package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238.orig.tar.gz
Size/MD5 checksum:   219945 97fd929b381329b972b3c3ddca5a4bbf
  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.diff.gz
Size/MD5 checksum:26236 c7191ee3845dc23ccf2712e78daed8f1
  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1.dsc
Size/MD5 checksum:  681 3176fefa1d8d04afa9d3b458e40694a6

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_alpha.deb
Size/MD5 checksum:86756 30a9c1691dcec614e36fdea923ba3906

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_amd64.deb
Size/MD5 checksum:80218 18d9da468326040f466c10cac6f50734

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_arm.deb
Size/MD5 checksum:79216 adf473266dd1de600cc0360f697ec7d2

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_hppa.deb
Size/MD5 checksum:86324 f98ade45a20c5426ef30cb1290e34164

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_i386.deb
Size/MD5 checksum:78894 7bb744d57899867a0b1c326372de76ce

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_ia64.deb
Size/MD5 checksum:91930 d25cce59d45f8b8dc90b0fe3fcbf3ce0

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_m68k.deb
Size/MD5 checksum:76894 3c574bc294eb02c337664de43e814f7f

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mips.deb
Size/MD5 checksum:80482 0e54d051dde87e3b7984650c47bc3b3e

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_mipsel.deb
Size/MD5 checksum:80594 9f3f4b5d6d7c9e6f84edd9ab40767e04

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_powerpc.deb
Size/MD5 checksum:81652 7ca152887a041fc3dc674a77e707d23f

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_s390.deb
Size/MD5 checksum:83806 eab2386a51d35e31a4dd7fd0ed832a6d

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_238-1sarge1_sparc.deb
Size/MD5 checksum:79224 7d2ec91b89037fd137e98d3640ba1bb4


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251-7.5etch1.diff.gz
Size/MD5 checksum:   149322 04aa24732e69f40e5c3ab629b7e412d4
  
http://security.debian.org/pool/updates/main/libn/libnss-ldap/libnss-ldap_251.orig.tar.gz
Size/MD5 checksum:   228931

[SECURITY] [DSA 1429-1] New htdig packages fix cross site scripting

2007-12-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1429-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 11, 2007 http://www.debian.org/security/faq
- 

Package: htdig 
Vulnerability  : cross site scripting
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-6110
Debian Bug : 453278

Michael Skibbe discovered that htdig, a WWW search system for an intranet
or small internet, did not adequately quote values submitted to the search
script, allowing remote attackers to inject arbitrary script or HTML
into specially crafted links.

For the stable distribution (etch), this problem has been fixed in version
1:3.2.0b6-3.1etch1

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution (sid), this problem has been fixed in version
1:3.2.0b6-4.

We recommend that you upgrade your htdig package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.dsc
Size/MD5 checksum:  616 cd4c8534f4615e145331c49ce61d6dc8
  http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6.orig.tar.gz
Size/MD5 checksum:  3104936 8a6952f5b97e305dbb7489045bad220f
  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1.diff.gz
Size/MD5 checksum:86277 c604a5e5b383b92701751cc59dc42f64

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/h/htdig/htdig-doc_3.2.0b6-3.1etch1_all.deb
Size/MD5 checksum:   528278 8ef47406cfd1e8e443a1fd52600f5852

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_alpha.deb
Size/MD5 checksum:  2325066 ef903816a813b83eed9b02c2dbb3077f

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_amd64.deb
Size/MD5 checksum:  1999104 8a655e8fdc0afff79c3fef3abd398511

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_arm.deb
Size/MD5 checksum:  1895400 06661a4521788928c65eb8182108eb66

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_hppa.deb
Size/MD5 checksum:  2080404 ef595c4bc3044c90cd88516e9efd1355

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_i386.deb
Size/MD5 checksum:  1850284 eb919a14cb3b39e5bb897d1402d70c52

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_ia64.deb
Size/MD5 checksum:  2716226 2180649c4865fbdf33f05bb62c1ac0bf

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mips.deb
Size/MD5 checksum:  1949730 7b2188c83ce9e299f6994fe3af69fefc

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_mipsel.deb
Size/MD5 checksum:  1941926 645a9efbaa025dbd39ec27b4b915c00e

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_powerpc.deb
Size/MD5 checksum:  1888214 2dd55523e8ac8b405b34bba39da0e6ca

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_s390.deb
Size/MD5 checksum:  2034030 22069288eb255b5d6bb975f14562813b

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/h/htdig/htdig_3.2.0b6-3.1etch1_sparc.deb
Size/MD5 checksum:  1866588 a523c05f8841bfed3009c92617fc585f


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHXwrowM/Gs81MDZ0RAmseAJ4icZcOwT3pJ0Bt+A4G0J+LwvKDlgCgtK1j
eVbp3JLUj/U/ksWvVcN5o1Y=
=bbnD
-END

[SECURITY] [DSA 1422-1] New e2fsprogs packages fix arbitrary code execution

2007-12-07 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1422[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 07, 2007 http://www.debian.org/security/faq
- 

Package: e2fsprogs
Vulnerability  : integer overfows
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-5497

Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs,
ext2 file system utilities and libraries, contained multiple
integer overflows in memory allocations, based on sizes taken directly
from filesystem information.  These could result in heap-based
overflows potentially allowing the execution of arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.39+1.40-WIP-2006.11.14+dfsg-2etch1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your e2fsprogs package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.diff.gz
Size/MD5 checksum: 2999 c17813eabc624458c075952683f41015
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1.dsc
Size/MD5 checksum:  911 9dd650fdce44d6405b4b61710abefcab
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg.orig.tar.gz
Size/MD5 checksum:  4086966 fa654126ecf51b2951213b3d244fb109

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
Size/MD5 checksum:   201182 f88beeddc2218431fb47b17a01f7ccb1
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:28098 458373f4e2c8af58e2bf808e476dad25
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsck-static_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:   573948 7a34a3f443d4038cfb3084557c8a46f3
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:35022 d50d8289431be1c69f6ddd85afc7a9fa
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs-dev_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:   171438 2240b6ed7f1becbe50b0c440474440ab
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/uuid-dev_1.2-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:51800 bec047bfcd4253cb7b54bdf88c0c30b6
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/ss-dev_2.0-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:22386 38042c7524b527cdc222849acec1cd2f
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:45872 7e79a7ec8446e22993706eeabf76f631
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libuuid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
Size/MD5 checksum: 6782 b89df6d88e1c32a1828d27b5f2d20a29
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fslibs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:   105292 8d5ba24d9d75e8c33659aa032db5ea8f
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libss2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:39660 2bbf9f54f5cbed48aae170e31141afd5
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/comerr-dev_2.1-1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:42508 69e1c635785190ed13c44a5385fb67a3
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libblkid1-udeb_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.udeb
Size/MD5 checksum:16978 692e2ae97b4815f99975645b79aa1abc
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/e2fsprogs_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:   632450 bf1208dc1eca192bd4cdf1a2bb1f0e28
  
http://security.debian.org/pool/updates/main/e/e2fsprogs/libcomerr2_1.39+1.40-WIP-2006.11.14+dfsg-2etch1_alpha.deb
Size/MD5 checksum:32550 9a1599978bb6bf49193c9bce62bb1a12

[SECURITY] [DSA 1423-1] New sitebar packages fix several vulnerabilities

2007-12-07 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1423-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 07, 2007 http://www.debian.org/security/faq
- 

Package: sitebar
Vulnerability  : various
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-5491, CVE-2007-5492, CVE-2007-5693, CVE-2007-5694, 
CVE-2007-5695, CVE-2007-5692
Debian Bug : 447135, 448690, 448689

Several remote vulnerabilities have been discovered in sitebar, a
web based bookmark manager written in PHP.  The Common Vulnerabilities
Exposures project identifies the following problems:

CVE-2007-5491
   A directory traversal vulnerability in the translation module allows
   remote authenticated users to chmod arbitrary files to 0777 via ..
   sequences in the lang parameter.

CVE-2007-5492
   A static code injection vulnerability in the translation module allows
   a remote authenticated user to execute arbitrary PHP code via the value
   parameter.

CVE-2007-5693
   An eval injection vulnerability in the translation module allows
   remote authenticated users to execute arbitrary PHP code via the
   edit parameter in an upd cmd action.

CVE-2007-5694
   A path traversal vulnerability in the translation module allows
   remote authenticated users to read arbitrary files via an absolute
   path in the 'dir' parameter.

CVE-2007-5695
   An error in command.php allows remote attackers to redirect users
   to arbitrary web sites via the forward parameter in a Log In action.

CVE-2007-5692
   Multiple cross site scripting flaws allow remote attackers to inject
   arbitrary script or HTML fragments into several scripts.


For the stable distribution (etch), these problem have been fixed in version
3.3.8-7etch1.

For the old stable distribution (sarge), these problems have been fixed in
version 3.2.6-7.1sarge1

For the unstable distribution (sid), these problems have been fixed in version
3.3.8-12.1.

We recommend that you upgrade your sitebar package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.diff.gz
Size/MD5 checksum:12821 c38ed9e586c8b07b23349588f2be23b2
  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6.orig.tar.gz
Size/MD5 checksum:   52 a86243f7a70a1a9ac80342fbcca14297
  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1.dsc
Size/MD5 checksum:  580 7654849ce1ea822b9b70c52a98def837

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.2.6-7.1sarge1_all.deb
Size/MD5 checksum:   341570 6e106cf5dddb0ee63f29efdcf93d8d74


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.dsc
Size/MD5 checksum:  583 8af7750ff9a808798bf1b898c69b84d6
  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1.diff.gz
Size/MD5 checksum:22552 cdc186193c2ad2d4e69f220dd8372ccd
  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8.orig.tar.gz
Size/MD5 checksum:   686944 fa7b5367808966c8db6241f475f3ef2f

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/s/sitebar/sitebar_3.3.8-7etch1_all.deb
Size/MD5 checksum:   709524 16eb8791acea7cf1c99ac61b7b47e4b1


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD4DBQFHWZclwM/Gs81MDZ0RAhwvAJY5qk56jr8xBSSoGonFR/T0hl0wAJ9ONcOq
DVImtWUfKE4M1Ed/0yF1oQ==
=PCk5
-END PGP SIGNATURE-

[SECURITY] [DSA 1409-3] New samba packages fix several vulnerabilities

2007-11-29 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1409-3  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
November 29, 2007 http://www.debian.org/security/faq
- 

Package: samba
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4572, CVE-2007-5398

This update fixes all currently known regressions introduced with
the previous two revisions of DSA-1409.

Several local/remote vulnerabilities have been discovered in samba,
a LanManager-like file and printer server for Unix. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-5398

   Alin Rad Pop of Secunia Research discovered that nmbd did not properly
   check the length of netbios packets. When samba is configured as a WINS
   server, a remote attacker could send multiple crafted requests resulting
   in the execution of arbitrary code with root privileges.

CVE-2007-4572
   Samba developers discovered that nmbd could be made to overrun a buffer
   during the processing of GETDC logon server requests.  When samba is
   configured as a Primary or Backup Domain Controller, a remote attacker
   could send malicious logon requests and possibly cause a denial of
   service.

For the stable distribution (etch), these problems have been fixed in
version 3.0.24-6etch8.

For the old stable distribution (sarge), these problems have been fixed in
version 3.0.14a-3sarge10.

For the unstable distribution (sid), these problems have been fixed in
version 3.0.27-1.

We recommend that you upgrade your samba packages.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.dsc
Size/MD5 checksum: 1083 0bfa07175e6a85cfb61a3830fb734eb3
  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8
  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10.diff.gz
Size/MD5 checksum:   129540 5ea7188f82fa906546a6662b28af8297

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge10_all.deb
Size/MD5 checksum: 12117242 6c204acdb31569e289aadda70c68a654

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  1015718 c33f6ca75b9d1f6d73ffc13bab96d11c
  
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  4224078 1cc205092e39efdbdf4ec9bee64a5e0c
  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:   660394 829cc98a9a966343d322a8dd496d6c64
  
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  1824874 38b963ae9101140895bd57ff53a44ab9
  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  3129422 e6602430b35d167c3578c9975fe4e606
  
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum: 20270272 0a0ef0b4578ce431c0d828513d5ee2cf
  
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:   459810 41b20720299851b45346b930d2fc36d0
  
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  3251748 f4493391e5ab09339760837b172b72a5
  
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:   402474 de7b02b496661c57c2b978aa4724ac36
  
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  2409218 8eafa00fffe5522860b4679640c93897
  
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge10_alpha.deb
Size/MD5 checksum:  5238790 b028a1ebf6a60cbe2a27ebdddcaeca2e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge10_amd64.deb
Size/MD5 checksum:  4123250 78b704b1cd7eb5bb3aaa2b7b885df247
  
http

[SECURITY] [DSA 1409-2] New samba packages fix several vulnerabilities

2007-11-26 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1409-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
November 26, 2007 http://www.debian.org/security/faq
- 

Package: samba
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4572, CVE-2007-5398

The previous security update for samba introduced regressions in
the handling of the depreciated filesystem smbfs.  This update fixes
the regression(s) whilst still fixing the security problems.
The original text is reproduced below:

Several local/remote vulnerabilities have been discovered in samba,
a LanManager-like file and printer server for Unix. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-5398

   Alin Rad Pop of Secunia Research discovered that nmbd did not properly
   check the length of netbios packets. When samba is configured as a WINS
   server, a remote attacker could send multiple crafted requests resulting
   in the execution of arbitrary code with root privileges.

CVE-2007-4572
   Samba developers discovered that nmbd could be made to overrun a buffer
   during the processing of GETDC logon server requests.  When samba is
   configured as a Primary or Backup Domain Controller, a remote attacker
   could send malicious logon requests and possibly cause a denial of
   service.

For the stable distribution (etch), these problems have been fixed in
version 3.0.24-6etch7.

For the old stable distribution (sarge), these problems have been fixed in
version 3.0.14a-3sarge9.

For the unstable distribution (sid), these problems have been fixed in
version 3.0.27-1.

We recommend that you upgrade your samba packages.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8
  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge8.dsc
Size/MD5 checksum: 1081 d219867f057194fe6027bcc4a441e149
  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge9.diff.gz
Size/MD5 checksum:   127722 98c7c8134087743f45d05b9fcb5f1f1b
  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge9.dsc
Size/MD5 checksum: 1081 f2bd424bc431d249b9f04843a67a9b1d
  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge8.diff.gz
Size/MD5 checksum:   124733 62e97fe98730a4a021df7742f8be4f46

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge9_all.deb
Size/MD5 checksum: 12117160 d6a86a56e2be89c94a658c420b98c53e
  
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge8_all.deb
Size/MD5 checksum: 12117174 bec97a8962199166fd0854fdf746e6e2

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:   660324 95cdfed08605455004e48eca649af142
  
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:  4224024 85ce3744a7d6163b025cadeb7bb24eeb
  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:  1015664 33022c61325c9ce01d7c68fba9aca501
  
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:   402412 3975101b4b222c230d018a2e6be9fdfb
  
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:   459738 c37efa95bc22c9cce33dd34f3f7e1700
  
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum: 20270056 27b5bd651813fe2d7c42be3741538349
  
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:  2409142 6acedbfdff75b2e598babcc9cfc63cc3
  
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge9_alpha.deb
Size/MD5 checksum:  5238732 53f615c7f5848c4b58de15d04e2ebbd9
  
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge9_alpha.deb
Size/MD5

[SECURITY] [DSA 1409-1] New samba packages fix several vulnerabilities

2007-11-22 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory 1409[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
November 22, 2007 http://www.debian.org/security/faq
- 

Package: samba
Vulnerability  : several
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4572, CVE-2007-5398

Several local/remote vulnerabilities have been discovered in samba,
a LanManager-like file and printer server for Unix. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-5398

   Alin Rad Pop of Secunia Research discovered that nmbd did not properly
   check the length of netbios packets. When samba is configured as a WINS
   server, a remote attacker could send multiple crafted requests resulting
   in the execution of arbitrary code with root privileges.

CVE-2007-4572
   Samba developers discovered that nmbd could be made to overrun a buffer
   during the processing of GETDC logon server requests.  When samba is
   configured as a Primary or Backup Domain Controller, a remote attacker
   could send malicious logon requests and possibly cause a denial of
   service.

For the stable distribution (etch), these problems have been fixed in
version 3.0.24-6etch5.

For the old stable distribution (sarge), these problems have been fixed in
version 3.0.14a-3sarge7.

For the unstable distribution (sid), these problems have been fixed in
version 3.0.27-1.

We recommend that you upgrade your samba packages.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7.diff.gz
Size/MD5 checksum:   126599 dd69715fbe533f86261dba9c6df4121b
  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8
  http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7.dsc
Size/MD5 checksum: 1081 9d0458572d346c0007f5ad69f5884f0d

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge7_all.deb
Size/MD5 checksum: 12117138 fddb40f38a2fa55babbb4dc80c5fc67b

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:   660190 52f63b13c5a43948920c686767178471
  
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum: 20269910 1ceef52818b1beedf40bd4da1c510a93
  
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:   402276 41642d0e295f9fbbeea6a7325b305096
  
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  4223920 5231db946b3527c24c860a9100819b6e
  
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  1824694 b9e8dd0b3eeefa6aac54648290506520
  
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  3129116 cc5b557ba1ae5b2fd791215e782db96b
  
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  3251528 8e835a384359a4662beae0f84de0b396
  
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  5238590 0185e710feb3e56007be537744db93fe
  
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  2409008 46477a46365492bcb50610eadf5b2758
  
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:   459612 f013c425117b90a440b9670204d062ad
  
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge7_alpha.deb
Size/MD5 checksum:  1015522 7cceff444f8053c998e307d0e3bbd0ba

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge7_arm.deb
Size/MD5 checksum:  2599536 8ae40ec58f87a12bd2101132fa1dde9a
  
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge7_arm.deb
Size/MD5 checksum:  1484914 6795a1c5c38080bb7402d70745e396bc

[SECURITY] [DSA 1402-1] New gforge packages fix several vulnerabilities

2007-11-07 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1402-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
November 07, 2007 http://www.debian.org/security/faq
- 

Package: gforge
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-3921

Steve Kemp from the Debian Security Audit project discovered that gforge,
a collaborative development tool, used temporary files insecurely which
could allow local users to truncate files upon the system with the privileges
of the gforge user, or create a denial of service attack.

For the stable distribution (etch), this problem has been fixed in version
4.5.14-22etch3.

For the old stable distribution (sarge), this problem has been fixed in
version 3.1-31sarge4.

We recommend that you upgrade your gforge package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.dsc
Size/MD5 checksum:  868 4005b2a103656a62f38e1786a227b1d0
  http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz
Size/MD5 checksum:  1409879 c723b3a9efc016fd5449c4765d5de29c
  
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4.diff.gz
Size/MD5 checksum:   297962 8fd56957c8fbab462ac619339c2f00d3

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge4_all.deb
Size/MD5 checksum:55884 f4b7e0aee840e3574a0febf1615070be
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge4_all.deb
Size/MD5 checksum:70804 967a22a70e3ee974962073ab74cfb980
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge4_all.deb
Size/MD5 checksum:61044 7b10ab898c539af9aa118b38fcd77843
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge4_all.deb
Size/MD5 checksum:72508 7ad6f5e0672cbb256fd12f270130adc6
  
http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge4_all.deb
Size/MD5 checksum:56432 fc8ee68a79928b0833e2a183228a3493
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge4_all.deb
Size/MD5 checksum:59388 d0db9082a30227f4b9b60491d58a8c78
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge4_all.deb
Size/MD5 checksum:99248 6fb788e20a56a3b39688723a1c285680
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge4_all.deb
Size/MD5 checksum:59914 79c5932a61e0382017da8e1893307e66
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge4_all.deb
Size/MD5 checksum:   148476 e22948a815a5ffa5b4c829b926f04d8c
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge4_all.deb
Size/MD5 checksum:93924 12005d816bb895cb93c3add804d137bf
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge4_all.deb
Size/MD5 checksum:64834 bea186826f61ae4b1d473d45d2821538
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge4_all.deb
Size/MD5 checksum:65198 b17e85bb88554d2e083d9dcb799e6da7
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge4_all.deb
Size/MD5 checksum:  1108056 f812bd185a9dede06dec099e9abaa335
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge4_all.deb
Size/MD5 checksum:58298 c3abd99679008d3919d59e373589d8cd
  
http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge4_all.deb
Size/MD5 checksum:64732 941c0d9bc65f37e3e8860adf3181a3fc


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.dsc
Size/MD5 checksum:  950 6099abb16f573f57a3bef4a5fec2df30
  
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14-22etch3.diff.gz
Size/MD5 checksum:   196475 94131f4f4040768e173c4568894f052f
  
http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz
Size/MD5

[SECURITY] [DSA 1395-1] New xen-utils packages fix file truncation

2007-10-25 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1395-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 25th, 2007http://www.debian.org/security/faq
- 

Package: xen-utils
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-3919
Debian Bug : 447795


Steve Kemp from the Debian Security Audit project discovered that xen-utils,
a collection of XEN administrative tools, used temporary files insecurely
within the xenmon tool allowing local users to truncate arbitrary files.

For the stable distribution (etch) this problem has been fixed in version
3.0.3-0-4.

For the old stable distribution (sarge) this package was not present.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your xen-3.0 (3.0.3-0-4) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Source archives:

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz
Size/MD5 checksum:  6127238 71257a2d977a601594c70c9eac0a121b
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.dsc
Size/MD5 checksum: 1107 9aaf5bf33920673789b8b74e2ecd9e6e
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-4.diff.gz
Size/MD5 checksum:29265 c74760e053d31133c5fdf346690a53c0

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-4_all.deb
Size/MD5 checksum:   533424 88d27d762a7148cdce99a72535107c63

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_amd64.deb
Size/MD5 checksum:   365688 bd9812950fa970847a076938c32055da
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-4_amd64.deb
Size/MD5 checksum:   270154 df8969438463aa3a003f6dd4fb257125
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_amd64.deb
Size/MD5 checksum:   330978 d70e88b68bb0b8f1a8dbe17bec6bf2a4

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-4_i386.deb
Size/MD5 checksum:   349816 6d1ae523449ca20d0ebd0eb52d9b2e59
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-4_i386.deb
Size/MD5 checksum:   248516 7742820766a6b9d1b6fd3ce68f2dd162
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-4_i386.deb
Size/MD5 checksum:   269058 1ae056e97944833d690efd4951e627c2
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-4_i386.deb
Size/MD5 checksum:   316968 ea0b46058b45188db6488a386d494868


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHIK45wM/Gs81MDZ0RAuFiAKDUQn0500QsCrJ4PaI9JaBPLv1KiQCgtQbZ
a0ZnOPpUbBjBNgY4LHmTaac=
=opLF
-END PGP SIGNATURE-

[SECURITY] [DSA 1393-1] New xfce4-terminal packages fix arbitrary command execution

2007-10-23 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1393-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 23rd, 2007 http://www.debian.org/security/faq
- 

Package: xfce4-terminal
Vulnerability  : insecure execution
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-3770
Debian Bug : 437454


It was discovered that xfce-terminal, a terminal emulater for the xfce 
environment, did not correctly escape arguments passed to the processes
spawned by Open Link.  This allowed malicious links to execute arbitary
commands upon the local system.

For the stable distribution (etch), this problem has been fixed in version
0.2.5.6rc1-2etch1.

For the unstable distribution (sid), this problem has been fixed in version
0.2.6-3.

We recommend that you upgrade your xfce4-terminal package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.dsc
Size/MD5 checksum:  973 a767bcd32857b6dcaf9408bdb4de3f4d
  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1.diff.gz
Size/MD5 checksum:13295 a1acf7fdea075e053c0bd84d0c8348f1
  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1.orig.tar.gz
Size/MD5 checksum:  1931925 25f5c03da6d048f68db208ac97cd4b78

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_alpha.deb
Size/MD5 checksum:  1243092 c55bded377b1649d1ee5974e050c31ba

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_amd64.deb
Size/MD5 checksum:  1235646 e15c9137067ee951ac59a97dd5408ef8

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_arm.deb
Size/MD5 checksum:  1229456 0aad07c1e2d8b4ee9aef6d14a18122aa

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_hppa.deb
Size/MD5 checksum:  1235794 ac1de3bf6a19a6ef9606c4c9d49980bf

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_i386.deb
Size/MD5 checksum:  1231226 9bd92a74e55983f42062b905cb075b76

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_ia64.deb
Size/MD5 checksum:  1260480 2d3fdb96fad9b22c9735fb1814d66b1f

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mips.deb
Size/MD5 checksum:  1229220 57c8120bc3bfda7d06b2f45a4689eddc

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_mipsel.deb
Size/MD5 checksum:  1228860 82f722ba9179ab366db71870272d0ce5

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_powerpc.deb
Size/MD5 checksum:  1228390 1d71e441159f19e6a0590791cbcae7b0

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_s390.deb
Size/MD5 checksum:  1233762 1768822b2d7f3b58aba7746bd7a646e3

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/x/xfce4-terminal/xfce4-terminal_0.2.5.6rc1-2etch1_sparc.deb
Size/MD5 checksum:  1226378 7f230e00b3ed8fb6f64445af8ec0f489


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHHkGkwM/Gs81MDZ0RApMtAKDWnoG+wyk02RIJlszz8Ev5koo3mACgyHRW
GvpCyy+xitbC/ERORiaM/Dk

[SECURITY] [DSA 1372-2] New ktorrent packages fix directory traversal

2007-10-23 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1373-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 23th, 2007http://www.debian.org/security/faq
- 

Package: ktorrent
Vulnerability  : directory traversal
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-1799
Debian Bug : 432007

It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable
to a directory traversal bug which potentially allowed remote users to
overwrite arbitrary files.

This updated advisory correctly increases the version number of the
fixed package such that it is installable upon the etch release of Debian.

For the stable distribution (etch), this problem has been fixed in version
2.0.3+dfsg1-2.2etch1.

For the old stable distribution (sarge), this package was not present.

For the unstable distribution (sid), this problem was fixed in version
2.2.1.dfsg.1-1.

We recommend that you upgrade your ktorrent package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.diff.gz
Size/MD5 checksum:12627 1b6b0147d315efb6eb18aad0bfe9d81c
  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
Size/MD5 checksum:  2183095 3aef60283e457b7e13c1719387251612
  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1.dsc
Size/MD5 checksum:  667 caee4d3c81f64c004e7938019f9dd4a8

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_alpha.deb
Size/MD5 checksum:  1678792 991f0a7a383cab54d05a150c188e399c

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_amd64.deb
Size/MD5 checksum:  1588368 530a9f34f87c0536d6d5aaaca102fa67

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_hppa.deb
Size/MD5 checksum:  1760924 f7599a003c13ea0ea7fff966a854a31d

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_i386.deb
Size/MD5 checksum:  1580648 f62cffe248fd3d5789ce68367e5ed604

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_ia64.deb
Size/MD5 checksum:  1801342 09fd6b644031eae012b63e1a7f3ea4d1

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mips.deb
Size/MD5 checksum:  1537896 c321b042f44b6ba5a29d112400f16ee5

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_mipsel.deb
Size/MD5 checksum:  1518866 5602bbcc1edee4649f4fb269e0b7fa00

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_powerpc.deb
Size/MD5 checksum:  1589362 37d8b62e6c350c5f6a7f500b9cc2f485

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_s390.deb
Size/MD5 checksum:  1563700 de2364aa5aa3f2fe782927a525f20acf

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2.2etch1_sparc.deb
Size/MD5 checksum:  1553124 df9cb0e0277295f58b8e95e039571dc3


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHHj9nwM/Gs81MDZ0RAreaAKCs6fUKGBuQmzYEJtvaHOzUXxNmtACgmSk8
+LnqESoXz25ZwsRfRRdpctY=
=/wVl
-END PGP SIGNATURE-

[SECURITY] [DSA 1388-1] New dhcp packages fix arbitrary code execution

2007-10-18 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1388-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 18th, 2007http://www.debian.org/security/faq
- 

Package: dhcp
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-5365
Debian Bug : 446354

It was discovered that dhcp, a DHCP server for automatic IP address assignment,
didn't correctly allocate space for network replies.  This could potentially
allow a malicious DHCP client to execute arbitary code upon the DHCP server.

For the old stable distribution (sarge), this problem has been fixed in
version 2.0pl5-19.1sarge3.

For the stable distribution (etch), this problem has been fixed in
version 2.0pl5-19.5etch1.

For the unstable distribution (sid), this problem will be fixed shortly.

We recommend that you upgrade your dhcp package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3.diff.gz
Size/MD5 checksum:86946 9a8f4a8219d0df0ea8d00a766afb1cb3
  http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3.dsc
Size/MD5 checksum:  687 22ac1bac4dbdd4bb034921b496eb7ad8

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_alpha.udeb
Size/MD5 checksum:53920 bdcdd8fe476006baff32bba6797ce8f6
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_alpha.deb
Size/MD5 checksum:80140 e2a2bea48927595e106b4f1261107e0b
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_alpha.deb
Size/MD5 checksum:   122328 d6090dcc6f6ea0dd216723fe67495485
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_alpha.deb
Size/MD5 checksum:   115802 b9e74f333e37f9cb54b417f436eb3ef7

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_amd64.deb
Size/MD5 checksum:   108782 e2c5b850e6d2cfaeee28e8a0cea6e978
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_amd64.deb
Size/MD5 checksum:76042 4482f2e622739b61bb36fa5709b7ba97
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_amd64.deb
Size/MD5 checksum:   116080 c3be5b81038f5f29ccf50726fb111cfc
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_amd64.udeb
Size/MD5 checksum:47164 34edcdd4ec9571f151dd7ba763967fa2

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_arm.deb
Size/MD5 checksum:   113770 046155a2ebcaeff5177fa053acbf38b9
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_arm.udeb
Size/MD5 checksum:45586 e167fa982d418f5139d0acada21e582d
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_arm.deb
Size/MD5 checksum:73770 46378f1b6fd06f3861cea60854847f68
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_arm.deb
Size/MD5 checksum:   106770 c1c4485c8c2cf462c532fae2a59805ab

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client_2.0pl5-19.1sarge3_i386.deb
Size/MD5 checksum:   102632 c536a455a338b39df9e422f8014aee5c
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-relay_2.0pl5-19.1sarge3_i386.deb
Size/MD5 checksum:71246 e83e575491184c6e43311cbb9a3b7c76
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_i386.udeb
Size/MD5 checksum:40786 0521d5a40275999472be2c6adea13dcd
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_i386.deb
Size/MD5 checksum:   108930 fc742b760b3130fc35fbdca1b543e9ab

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp-client-udeb_2.0pl5-19.1sarge3_ia64.udeb
Size/MD5 checksum:74626 02a39276494c2c4d574450c84b9d308e
  
http://security.debian.org/pool/updates/main/d/dhcp/dhcp_2.0pl5-19.1sarge3_ia64.deb
Size/MD5 checksum:   144928 8bc8479e568cdea075d4b0cf198e8592
  
http

[SECURITY] [DSA 1362-2] New lighttpd packages fix buffer overflow

2007-10-08 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory 1362-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 7th, 2007 http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : buffer overflow
Problem type   : repmote
Debian-specific: no
CVE Id(s)  : CVE-2007-4727


A problem was discovered in lighttpd, a fast webserver with minimal memory
footprint, which could allow the execution of arbitary code via the
overflow of CGI variables when mod_fcgi was enabled.

This updated advisory correctly patches the security issue, which was
not handled in DSA-1362-1.

For the stable distribution (etch), this problem has been fixed in version
1.4.13-4etch4.

We recommend that you upgrade your lighttpd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.dsc
Size/MD5 checksum: 1098 17dfd0625a22e95cfd3e9ec509fbdb5b
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4.diff.gz
Size/MD5 checksum:36522 13f9e5815efe59582a154beaa70d8330

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch4_all.deb
Size/MD5 checksum:99910 e787e67007923593212e2d96f3fe8895

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:   318704 b25cf2719b09d58f9dcfebc7798699f1
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:64748 a9fcb23262d0d958b90a93d1b9aa
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:64318 91f28b1d19baea7957d057e97146e537
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:71554 2a74fb10316f0f5972f6401a367566b3
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:61084 5af9bcebd8c89cdde6fd980c61fb3e2d
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_alpha.deb
Size/MD5 checksum:59324 020186058063587f76a9762b6b226665

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:64016 eb011dc4ccd17d1894faa08871aa62d6
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:   297074 f5003c131e1fd7a277ae003c429baa10
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:59410 01be5c483651d0fac93a2d68a71cd2c4
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:64360 1d712d6a59dfb479f3ec55e4bc68d7c2
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:70276 babe9aed7e17f4bfea149f5caf07055c
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_amd64.deb
Size/MD5 checksum:61180 fee215a88ad56aa4c70178d9a15c2ba4

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch4_arm.deb
Size/MD5 checksum:60574 c73a4104a545eff1308aa271df02d4df
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch4_arm.deb
Size/MD5 checksum:62628 c9d8a757fe8fb002c60726c1984ec441
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch4_arm.deb
Size/MD5 checksum:58442 0d8a6b26363ff9a9459f40cb54b9ea57
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch4_arm.deb
Size/MD5 checksum:   285928 ef4d45b093734a86734031ccf8119a24
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch4_arm.deb
Size/MD5 checksum:62830 a889a64793663a3634217a0845e5d34c
  
http

[SECURITY] [DSA 1384-1] New xen-utils packages fix several vulnerabilities

2007-10-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1384-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 5th, 2007 http://www.debian.org/security/faq
- 

Package: xen-utils
Vulnerability  : various
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-4993, CVE-2007-1320
Debian Bug : 30, 444007


Several local vulnerabilities have been discovered in the Xen hypervisor
packages which may lead to the execution of arbitrary code. The Common
Vulnerabilities and Exposures project identifies the following problems:

CVE-2007-4993

   By use of a specially crafted grub configuration file a domU user
  may be able to execute arbitary code upon the dom0 when pygrub is
  being used.

CVE-2007-1320

   Multiple heap-based buffer overflows in the Cirrus VGA extension,
  provided by QEMU, may allow local users to execute arbitrary code
  via bitblt heap overflow.


For the stable distribution (etch), these problems have been fixed in version
3.0.3-0-3.

For the unstable distribution (sid), these problems will be fixed soon.

We recommend that you upgrade your xen-utils package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Source archives:

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0.orig.tar.gz
Size/MD5 checksum:  6127238 71257a2d977a601594c70c9eac0a121b
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.diff.gz
Size/MD5 checksum:28697 64f2dd856726a95d88fe48531e987ff4
  http://security.debian.org/pool/updates/main/x/xen-3.0/xen-3.0_3.0.3-0-3.dsc
Size/MD5 checksum: 1115 d42726f5a374bfb8eb1a6618174ff893

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-docs-3.0_3.0.3-0-3_all.deb
Size/MD5 checksum:   533396 b91af7395e7a1169be06ced33ef56daa

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_amd64.deb
Size/MD5 checksum:   368012 b4ceb2935cf07339c98b7aa67709a508
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_amd64.deb
Size/MD5 checksum:   331438 f7f8a51f48c87072fe2c0ffd03e066aa
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-amd64_3.0.3-0-3_amd64.deb
Size/MD5 checksum:   269956 7957630a8fcd612e7492b7d14a36512d

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386-pae_3.0.3-0-3_i386.deb
Size/MD5 checksum:   273756 f36f6d51efa2c545d98275e63965569c
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-ioemu-3.0.3-1_3.0.3-0-3_i386.deb
Size/MD5 checksum:   326526 b198abda8622589fb4dd0141744dddf0
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-utils-3.0.3-1_3.0.3-0-3_i386.deb
Size/MD5 checksum:   347860 954ccb3ddf9aea5fa5a09e08abd6c95c
  
http://security.debian.org/pool/updates/main/x/xen-3.0/xen-hypervisor-3.0.3-1-i386_3.0.3-0-3_i386.deb
Size/MD5 checksum:   253984 b92b82d449805ff4a8d8f90b655be600


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHBpFKwM/Gs81MDZ0RAvZsAKCnXLupWqXyaSLVVtQwHmloeFo7lwCfXJGw
tM93ku81ukvZcGVP2yG86C4=
=NXa2
-END PGP SIGNATURE-

[SECURITY] [DSA 1380-1] New elinks packages fix information disclosure

2007-10-03 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1380-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 2nd, 2007 http://www.debian.org/security/faq
- 

Package: elinks
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-5034
Debian Bug : 443891

Kalle Olavi Niemitalo  discovered that elinks, an advanced text-mode WWW 
browser, sent HTTP POST data in cleartext when using an HTTPS proxy server
potentially allowing private information to be disclosed.

For the stable distribution (etch), this problem has been fixed in version
0.11.1-1.2etch1.

For the unstable distribution (sid), this problem has been fixed in version
0.11.1-1.5.

We recommend that you upgrade your elinks package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1.orig.tar.gz
Size/MD5 checksum:  3863617 dce0fa7cb2b6e7194ddd00e34825218b
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.diff.gz
Size/MD5 checksum:30543 87f297355ad1e6d20bab5569672aad5e
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1.dsc
Size/MD5 checksum:  872 a4af1ff56a8d39bdf1a92cedce2f335c

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_alpha.deb
Size/MD5 checksum:   497732 f553f66a91b2245cfa42088a2b4d4517
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_alpha.deb
Size/MD5 checksum:  1260704 10b023af79e9d90a7cd664328f5118b5

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_amd64.deb
Size/MD5 checksum:   458734 41f1f71a5e3fccf0dde9597bd871cb39
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_amd64.deb
Size/MD5 checksum:  1222408 c3ad38db3fbc3a1c130115ab83506bda

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_arm.deb
Size/MD5 checksum:   416964 f7c68b19da989a205d0aa045c91c87eb
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_arm.deb
Size/MD5 checksum:  1179150 c3560026dc7aa46613ddbb2a24f070cb

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_hppa.deb
Size/MD5 checksum:  1245642 0a9eb32d625456d171a987d5efe50296
  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_hppa.deb
Size/MD5 checksum:   480962 ca0f2c3876e1eb5c1b66f7ce5661cc39

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_i386.deb
Size/MD5 checksum:   423676 5e433eb3f0c5f6f004ea2285282a4455
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_i386.deb
Size/MD5 checksum:  1187014 557a2322c1f91a8debb9993cb46a8f51

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_ia64.deb
Size/MD5 checksum:  1432774 4a2706c3945ae2fdc842a67b5d25ca10
  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_ia64.deb
Size/MD5 checksum:   624134 4c2e59b24b38c3b9fbeb104fb373160b

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mips.deb
Size/MD5 checksum:  1229684 e05d34e21f29f58c93c05c203c448d4b
  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mips.deb
Size/MD5 checksum:   470490 a7c54a8151b9b3268e00b3f517f60eb7

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/e/elinks/elinks-lite_0.11.1-1.2etch1_mipsel.deb
Size/MD5 checksum:   466824 53be2f6ef576c97a3aaa01c6af2bb0ac
  
http://security.debian.org/pool/updates/main/e/elinks/elinks_0.11.1-1.2etch1_mipsel.deb
Size/MD5 checksum:  1223900 a6463ca7afd8ec0781c797c3dfc56e91

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main

[SECURITY] [DSA 1379-1] New quagga packages fix denial of service

2007-10-03 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1379-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Florian Weimer
October 1st, 2007 http://www.debian.org/security/faq
- 

Package: quagga
Vulnerability  : null pointer dereference
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2007-4826
Debian Bug : 442133

It was discovered that BGP peers can trigger a NULL pointer dereference
in the BGP daemon if debug logging is enabled, causing the BGP daemon to
crash.

For the old stable distribution (sarge), this problem has been fixed in
version 0.98.3-7.5.

For the stable distribution (etch), this problem has been fixed in
version 0.99.5-5etch3.

For the unstable distribution (sid), this problem has been fixed in
version 0.99.9-1.

We recommend that you upgrade your quagga packages.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- 

Source archives:

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum:  2118348 68be5e911e4d604c0f5959338263356e
  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz
Size/MD5 checksum:43910 8bfd06c851172358137d7b67d5f90490
  http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc
Size/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb
Size/MD5 checksum:   488996 4f150df3d0d7c1b26d648590ac02541a

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb
Size/MD5 checksum:  1613894 c0064c06d8eeed92b7607bc9d1c03c0f

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb
Size/MD5 checksum:  1413484 399d4fe967343eb586eb4f17348d2f4b

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb
Size/MD5 checksum:  1291326 cc876fbb2cf8e3602cde4ea1e93e75e0

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb
Size/MD5 checksum:  1447854 ae9502f1d97de52c875f0eb82ab8cf3e

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb
Size/MD5 checksum:  1192432 e3057ed965a580381e7c15dc430df295

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb
Size/MD5 checksum:  1829272 e182c3ae76fe84b9b041498aef8807ee

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb
Size/MD5 checksum:  1159818 487dd9883427b87d886674996e6850a1

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb
Size/MD5 checksum:  1353182 411564875b0ecb39ffd166865392ed7b

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb
Size/MD5 checksum:  1356062 b828e6228e2b8389d61de6b97c1b6b56

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb
Size/MD5 checksum:  1317460 927a1768a1e2449981c0159d974658e8

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb
Size/MD5 checksum:  1401842 e30e4afa3570324cb913ae0b746f49a3

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb
Size/MD5 checksum:  1287860 17ad533f4dfc7b184812ad7634bf215f

Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
Size/MD5 checksum:  2311140 3f9c71aca6faa22a889e2f84ecfd0076
  http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc
Size/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f
  
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz
Size/MD5 checksum:33551 0de3c5021dbed0e4739f88b6f00a9c59

[SECURITY] [DSA 1376-1] New kdebase packages fix authentication bypass

2007-09-21 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1376[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 21, 2007http://www.debian.org/security/faq
- 

Package: kdebase
Vulnerability  : programming error
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-4569


iKees Huijgen discovered that under certain circumstances KDM, an X
session manage for KDE, it is possible for KDM to be tricked into
allowing user logins without a password.

For the stable distribution (etch), this problem has been fixed in version
4:3.5.5a.dfsg.1-6etch1.

For the old stable distribution (sarge), this problem was not present.

We recommend that you upgrade your kdebase package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Source archives:

  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.diff.gz
Size/MD5 checksum:   680950 a147755180984a77b3f512da2bd846f8
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1.orig.tar.gz
Size/MD5 checksum: 28613054 72aedf0a7be0ace9363ad0ba9fe89585
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1.dsc
Size/MD5 checksum: 2062 7616918057238c96be6994216f549fac

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase_3.5.5a.dfsg.1-6etch1_all.deb
Size/MD5 checksum:41038 a922b0428c8445cde739bf3486a4d898
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-data_3.5.5a.dfsg.1-6etch1_all.deb
Size/MD5 checksum:  9763624 da0e01a3a6deac38ce579e38f135f999
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc-html_3.5.5a.dfsg.1-6etch1_all.deb
Size/MD5 checksum:   390408 56eae457d3f49d7fce34b4d4767e9a7d
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-doc_3.5.5a.dfsg.1-6etch1_all.deb
Size/MD5 checksum:  1916664 2ef4c7189a7ac6715e449ca98dda8cd5

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/k/kdebase/kmenuedit_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   392430 711d621bb264e30d172958c7cad3c408
  
http://security.debian.org/pool/updates/main/k/kdebase/kpersonalizer_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   496870 7c0c21af47d2926999fccb1bbca6e252
  
http://security.debian.org/pool/updates/main/k/kdebase/kcontrol_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:  3120190 afaf77e08ca02aeee2b25b9e2979f460
  
http://security.debian.org/pool/updates/main/k/kdebase/kdesktop_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   796332 ce50b0bcdd6f85066c4b3a0ec3180d8a
  
http://security.debian.org/pool/updates/main/k/kdebase/khelpcenter_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:  412 12b352ec677cc32ba67ae0607ac20433
  
http://security.debian.org/pool/updates/main/k/kdebase/libkonq4_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   285008 931b0d4a6cd3a3931570457ae651503a
  
http://security.debian.org/pool/updates/main/k/kdebase/kicker_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:  2104618 e4c2604dd98ac111db4e8bc6fb1aab3e
  
http://security.debian.org/pool/updates/main/k/kdebase/kdebase-dbg_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum: 33814914 98d43406dccc44a4ba8269eb394954d0
  
http://security.debian.org/pool/updates/main/k/kdebase/kdm_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   665190 eb0417b64bfe2031644d1b70c4f01d97
  
http://security.debian.org/pool/updates/main/k/kdebase/kpager_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   120178 752be58902a498d7b8a257cfb30649ca
  
http://security.debian.org/pool/updates/main/k/kdebase/ksplash_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   722402 63545bb53717729557ca88d6efa8a0a2
  
http://security.debian.org/pool/updates/main/k/kdebase/klipper_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   286770 3e1a2d8c08861394a2884eda77b40a72
  
http://security.debian.org/pool/updates/main/k/kdebase/kate_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   813820 27da09d10f164b91840ac0d99469fe29
  
http://security.debian.org/pool/updates/main/k/kdebase/kdepasswd_3.5.5a.dfsg.1-6etch1_amd64.deb
Size/MD5 checksum:   247164 0b7692f4e11a83f99237ed565c5caa2d
  
http

[SECURITY] [DSA 1377-1] New fetchmail packages fix denial of service

2007-09-21 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1377[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 21, 2007http://www.debian.org/security/faq
- 

Package: fetchmail
Vulnerability  : null pointer dereference
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4565

Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP 
and IMAP mail gatherer/forwarder, can under certain circumstances 
attempt to dereference a NULL pointer and crash.

For the stable distribution (etch), this problem has been fixed in
version 6.3.6-1etch1.

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your fetchmail package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.diff.gz
Size/MD5 checksum:44533 19b72a3a0b2cf08f833ea21c3e18902c
  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6.orig.tar.gz
Size/MD5 checksum:  1680200 04175459cdf32fdb10d9e8fc46b633c3
  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1.dsc
Size/MD5 checksum:  874 0aa3d869aba6fdfe87d1c4a626f5380e

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.3.6-1etch1_all.deb
Size/MD5 checksum:61564 f587ce05ee98694f3bd4db0fa88742f7

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_amd64.deb
Size/MD5 checksum:   650278 b00d2237d26d9e588e6c03ad17f79a74

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_arm.deb
Size/MD5 checksum:   645026 67e5ebf76d55cc857610d3b326784d3c

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_hppa.deb
Size/MD5 checksum:   654006 58d5770e497d405c1e2f867add9d6f87

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_ia64.deb
Size/MD5 checksum:   700752 df4c57c97970537cb2f6a885bc03e54d

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_mips.deb
Size/MD5 checksum:   650540 49b888adc52c5bf8d4be82c4b51d68f5

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_powerpc.deb
Size/MD5 checksum:   647060 a278efba96b95e15977628bd85af5c85

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_s390.deb
Size/MD5 checksum:   646896 e520c2c6febf1e756a75b75cbc06c723

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_sparc.deb
Size/MD5 checksum:   641102 938f11eb5071c7e141c6ff8795af87e7


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG86n1wM/Gs81MDZ0RAvPVAKC4lgA5aDOauQRj+GuilRf6KQh4awCfRNIO
T3VniMNQLomlcq+S3Pv1uyU=
=bHlq
-END PGP SIGNATURE-

[SECURITY] [DSA 1377-2] New fetchmail packages fix denial of service

2007-09-21 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1377-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 21, 2007http://www.debian.org/security/faq
- 

Package: fetchmail
Vulnerability  : null pointer dereference
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4565

Matthias Andree discovered that fetchmail, an SSL enabled POP3, APOP 
and IMAP mail gatherer/forwarder, can under certain circumstances 
attempt to dereference a NULL pointer and crash.

For the stable distribution (etch), this problem has been fixed in
version 6.3.6-1etch1.

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution (sid), this problem will be fixed soon.

We recommend that you upgrade your fetchmail package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.3.6-1etch1_i386.deb
Size/MD5 checksum:   641344 2eadc43a18712b3a1763094f7c837475


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG8/RowM/Gs81MDZ0RAsV5AJ4zq/rWuYTHRafkjTPp5Eg0cv1teACfQztf
4GE7IYiy9jSuAA5hSvi0ccI=
=Qmk2
-END PGP SIGNATURE-

[SECURITY] [DSA 1372-1] New ktorrent packages fix directory traversal

2007-09-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1373-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 11th, 2007  http://www.debian.org/security/faq
- 

Package: ktorrent
Vulnerability  : directory traversal
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-1799
Debian Bug : 432007

It was discovered that ktorrent, a BitTorrent client for KDE, was vulnerable
to a directory traversal bug which potentially allowed remote users to
overwrite arbitrary files.

For the stable distribution (etch), this problem has been fixed in version
2.0.3+dfsg1-2etch1.

For the old stable distribution (sarge), this package was not present.

For the unstable distribution (sid), this problem was fixed in version
2.2.1.dfsg.1-1.

We recommend that you upgrade your ktorrent package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.dsc
Size/MD5 checksum:  663 ec1366a6819ce30b5891b7c4e0e51986
  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1.orig.tar.gz
Size/MD5 checksum:  2183095 3aef60283e457b7e13c1719387251612
  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1.diff.gz
Size/MD5 checksum:12570 09ef4b627881d0aa29f682dbcf860ae7

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_alpha.deb
Size/MD5 checksum:  1678764 e9fec2e0c67431d8df32f97fd42dd408

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_amd64.deb
Size/MD5 checksum:  1587096 dea2c2add2b28f51c37838104cbacab6

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_arm.deb
Size/MD5 checksum:  1676742 4b3494cbabc09ae553459934d3544536

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_hppa.deb
Size/MD5 checksum:  1760846 6f4a58a69b7b61d71f8269c38351d96c

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_i386.deb
Size/MD5 checksum:  1580584 0a98af7db2be8b6a01d4eeb4da3d20ef

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_ia64.deb
Size/MD5 checksum:  1801310 4c336b16545584e3047e5f4ba11a3994

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_mips.deb
Size/MD5 checksum:  1537750 36579943948e4d73039399978fbc138a

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_mipsel.deb
Size/MD5 checksum:  1518836 5d8c0b09e86c98680d083e903c4ca0cc

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_s390.deb
Size/MD5 checksum:  1563558 b4d85977441bd37b7390af3efe924ad4

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/k/ktorrent/ktorrent_2.0.3+dfsg1-2etch1_sparc.deb
Size/MD5 checksum:  1553024 cb40c3218f0c300590ea2ae91a577a36


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG5t/hwM/Gs81MDZ0RAgMVAJ9J9kX6N+2iSLVDUavqnMYeR6IudACgwcGX
dfu4uXcxECu8Vue8E9aMpGI=
=XXJk
-END PGP SIGNATURE-

[SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities

2007-09-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA 1374-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
September 11, 2007http://www.debian.org/security/faq
- 

Package: jffnms
Vulnerability  : several vulnerabilities
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-3189, CVE-2007-3190, CVE-2007-3191

Several vulnerabilities have been discovered in jffnms, a web-based
Network Management System for IP networks.  The Common Vulnerabilities
and Exposures project identifies the following problems:

CVE-2007-3189

Cross-site scripting (XSS) vulnerability in auth.php, which allows
a remote attacker to inject arbitrary web script or HTML via the
user parameter.

CVE-2007-3190

Multiple SQL injection vulnerabilities in auth.php, which allow 
remote attackers to execute arbitrary SQL commands via the
user and password parameters.

CVE-2007-3192

Direct requests to URLs make it possible for remote attackers to
access configuration information, bypassing login restrictions.


For the stable distribution (etch), these problems have been fixed in version
0.8.3dfsg.1-2.1etch1

For the unstable distribution (sid), these problems have been fixed in
version 0.8.3dfsg.1-4.

We recommend that you upgrade your jffnms package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1.orig.tar.gz
Size/MD5 checksum:   547656 6be7ef656cf0eea1d133a0bc71a4bba2
  
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.dsc
Size/MD5 checksum:  609 7a46a6cdefe38535235aa87dd8e6279c
  
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1.diff.gz
Size/MD5 checksum:76283 cf3fd349e3012b93a4d20711730b26f6

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/j/jffnms/jffnms_0.8.3dfsg.1-2.1etch1_all.deb
Size/MD5 checksum:   550292 94ec8551e3eaa20ae277a5aab47043ee


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG5uT5wM/Gs81MDZ0RAmvgAJ9voKojLJmyMF+VaB1B/aJNbbcTdwCfa/30
75t+GVJbnAqEuMHkj3xYZgQ=
=yEl5
-END PGP SIGNATURE-

[SECURITY] [DSA 1361-1] New postfix-policyd packages fix arbitrary code execution

2007-08-29 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1361[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 29th, 2007 http://www.debian.org/security/faq
- 

Package: postfix-policyd
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-3791
Debian Bug : 435735


It was discovered that postfix-policyd, an anti-spam plugin for postfix,
didn't correctly bounds-test incoming SMTP commands potentially allowing
the remote exploitation of arbitrary code.

For the stable distribution (etch), this problem has been fixed in version
1.80-2.1etch1.

For the old stable distribution (sarge), this package was not present.

For the unstable distribution (sid), this problem was fixed in version
1.80-2.2.

We recommend that you upgrade your postfix-policyd package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Source archives:

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.diff.gz
Size/MD5 checksum:11391 3b110e0653af37a0367abac9a2cc303b
  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1.dsc
Size/MD5 checksum:  661 1da40619537632f9986db4da5ec1f1bf
  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80.orig.tar.gz
Size/MD5 checksum:67138 3d6caea3c5ef4a1b97816180a21a94f3

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_alpha.deb
Size/MD5 checksum:77270 07b5622f7801eb74ec409337f49581b9

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_amd64.deb
Size/MD5 checksum:74814 4aae549d216b8653e0817ed7368ed70a

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_arm.deb
Size/MD5 checksum:74760 0eee0050d13f6aa3a41a52764fca3bce

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_hppa.deb
Size/MD5 checksum:76708 52fad04d43236faf0617d1585bff6632

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_i386.deb
Size/MD5 checksum:69196 be22b73cc4c4d9d050ba55170f161dc5

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_ia64.deb
Size/MD5 checksum:90026 9b788319cb954d7cf687c3eb0b410eef

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mips.deb
Size/MD5 checksum:75046 26f79e015c2d4df43d0fe96e9a128416

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_mipsel.deb
Size/MD5 checksum:75056 ec377db9df88eb197355451879f1c28b

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_s390.deb
Size/MD5 checksum:72406 53f9a23da464947ccd421ae5e1af99a8

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/p/postfix-policyd/postfix-policyd_1.80-2.1etch1_sparc.deb
Size/MD5 checksum:71428 548b97ce3a610f011f4e4c48d4f48dd0


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG1dotwM/Gs81MDZ0RAjzsAJ0U0GU5iQY6IbFDOTtRFPsBMq1VZQCgk5kW
f2oDHJ+WAH2CRzZAp+ZP5/4=
=MdGa
-END PGP SIGNATURE-

[SECURITY] [DSA 1362-1] New lighttpd packages fix several vulnerabilities

2007-08-29 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1362[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 29th, 2007 http://www.debian.org/security/faq
- 

Package: lighttpd
Vulnerability  : various
Problem type   : local/remote
Debian-specific: no
CVE Id(s)  : CVE-2007-3946
Debian Bug : 434888

Several vulnerabilities were discovered in lighttpd, a fast webserver with
minimal memory footprint.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CVE-2007-3946

The use of mod_auth could leave to a denial of service attack crashing
the webserver

CVE-2007-3947

The improper handling of repeated HTTP headers could cause a denial
of serve attack crashing the webserver.

CVE-2007-3949

A bug in mod_access potentially allows remote users to bypass
access restrictions via trailing slash characters.

CVE-2007-3950

On 32-bit platforms users may be able to create denial of service
attacks, crashing the webserver, via mod_webdav, mod_fastcgi, or
mod_scgi.


For the stable distribution (etch), these problems have been fixed in version
1.4.13-4etch3.

For the unstable distribution (sid), these problems have been fixed in
version 1.4.16-1.

We recommend that you upgrade your lighttpd package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.dsc
Size/MD5 checksum: 1098 e759ee83cf22697f62b11df286973b7a
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3.diff.gz
Size/MD5 checksum:33811 259574ed674f31dd8c44dc46809656bb

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch3_all.deb
Size/MD5 checksum:99376 c4ea0d3adca48f1c749b4c3e49293bba

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:71460 8b25398ab656e85d82ef611d7110191c
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:64650 d023bc4775d81b0f0be9d56043d2d893
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:   318496 54eb4b6bdfcf41c72f5d3b2f8f91778d
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:59244 6098a74659117029c062132179e88a96
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:60996 2c30d7179beeea97d1e868d34cc314c5
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_alpha.deb
Size/MD5 checksum:64226 36bdb8c2ecbe874aaec676cd7c3992c9

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:60664 8b1e4185d6961a8dd6823c90b698d1a0
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:63542 420d82c389da7a774118495eca87ae76
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:58986 17e377ca088aaa2f5fcb84902eaa75da
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:63870 02499705ef7a069be4df2fff55fbfd97
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:   297416 9931993931036ec2252d39cade28bc09
  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch3_amd64.deb
Size/MD5 checksum:70150 3665d99b3aa0153ad51168a392e3dbfd

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch3_arm.deb
Size/MD5 checksum:62766

[SECURITY] [DSA 1359-1] New dovecot packages fix directory traversal

2007-08-28 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1359-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 28th, 2007 http://www.debian.org/security/faq
- 

Package: dovecot
Vulnerability  : directory traversal
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-2231


It was discovered that dovecot, a secure mail server that supports mbox
and maildir mailboxes, when configured to use non-system-user spools
and compressed folders, may allow directory traversal in mailbox names.

For the stable distribution (etch), this problem has been fixed in
version 1.0.rc15-2etch1.

For the old stable distribution (sarge), this problem was not present.

For the unstable distribution this problem with be fixed soon.

We recommend that you upgrade your dovecot package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- 

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.dsc
Size/MD5 checksum: 1007 cde4bffef0b1c78324bc8adc6354eaa4
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15.orig.tar.gz
Size/MD5 checksum:  1463069 26f3d2b075856b1b1d180146363819e6
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot_1.0.rc15-2etch1.diff.gz
Size/MD5 checksum:94823 fbf56611ccca44cee2a4663c8fbb56c0

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_alpha.deb
Size/MD5 checksum:   618818 3b125c8d36e45fede3d73464a5e7f12a
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_alpha.deb
Size/MD5 checksum:  1373836 97c909a2774519f3d04a33c74212cb05
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_alpha.deb
Size/MD5 checksum:   580708 d840ccd638850f72014e89641fbe9569

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_amd64.deb
Size/MD5 checksum:   534118 8869870afff4eb25559457faece371d4
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_amd64.deb
Size/MD5 checksum:   568180 ebf3cfcb5343f48379ef14989a9482ef
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_amd64.deb
Size/MD5 checksum:  1224650 79fbf3019551461c68197a5e5f6a6620

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_arm.deb
Size/MD5 checksum:  1116470 a3774a96d2daf2534613cd75e9044726
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_arm.deb
Size/MD5 checksum:   503858 45c610525a211f80462ee8a30b997b98
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_arm.deb
Size/MD5 checksum:   534534 e7af01554616f50b38b63e76a0035402

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_hppa.deb
Size/MD5 checksum:  1293812 b77e446a414f88c05aa073c663e1aff3
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_hppa.deb
Size/MD5 checksum:   596290 207bcda07cad9d263b4543c87788553d
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_hppa.deb
Size/MD5 checksum:   559686 bab920cd7543cfaea2a76e03cc087d51

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_1.0.rc15-2etch1_i386.deb
Size/MD5 checksum:  1127680 80fab6db53d353058b801e5ad42cd305
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_1.0.rc15-2etch1_i386.deb
Size/MD5 checksum:   511940 b773c45daa6483d02af9f4f702a538f7
  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_i386.deb
Size/MD5 checksum:   544082 d4685011b8c8359f849a2fc3f65cb0b3

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_1.0.rc15-2etch1_ia64.deb
Size/MD5 checksum:   789702 84fb674f3f568db180c41cfb21088d5f
  
http://security.debian.org/pool

[SECURITY] [DSA 1360-1] New rsync packages fix arbitrary code execution

2007-08-28 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1360[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
August 28th, 2007 http://www.debian.org/security/faq
- 

Package: rsync
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-4091

Sebastian Krahmer discovered that rsync, a fast remote file copy program,
contains an off-by-one error which might allow remote attackers to execute
arbitary code via long directory names.

For the stable distribution (etch), this problem has been fixed in version
2.6.9-2etch1.

For the old stable distribution (sarge), this problem is not presnt.

For the unstable distribution (sid) this problem will be fixed soon.

We recommend that you upgrade your rsync package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9.orig.tar.gz
Size/MD5 checksum:   811841 996d8d8831dbca17910094e56dcb5942
  http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.dsc
Size/MD5 checksum:  566 88e831455ff40fb1304f9b24b172b4e8
  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1.diff.gz
Size/MD5 checksum:50070 acd89cbfb221bff96ca9732332e4ae43

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_alpha.deb
Size/MD5 checksum:   294200 a2ddf8c18592ca6e20fa33663d08dad6

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_amd64.deb
Size/MD5 checksum:   272024 3677f9d2cc84052aca640abdaeec1441

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_arm.deb
Size/MD5 checksum:   266872 188297b61849dc0b14d84efc90f686e3

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_hppa.deb
Size/MD5 checksum:   282476 1acb103997507f90c21fb2dce5b7acd8

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_i386.deb
Size/MD5 checksum:   261328 44920a341f482f28adc30822490d3478

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_ia64.deb
Size/MD5 checksum:   356938 dcbf3146f1e5957ff77485d56ba54443

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mips.deb
Size/MD5 checksum:   286592 13ce6e1a92a2ef6936f7895afadd2c4f

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_mipsel.deb
Size/MD5 checksum:   287174 fae85198a3dc65d38fe5a9d2d10eb860

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_s390.deb
Size/MD5 checksum:   278758 4d4d7e358e75cead3bc9b627efca35b6

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/r/rsync/rsync_2.6.9-2etch1_sparc.deb
Size/MD5 checksum:   264106 3e645f1c1563c4ed1f449daf3b48a658


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG1GQwwM/Gs81MDZ0RAjhuAJ4s0btmOFWqXbz4I2hpnKMCMRk/MQCghAFZ
k9FyN9EoJEBLAfakZiHpY4I=
=HChL
-END PGP SIGNATURE-

[SECURITY] [DSA 1333-1] New libcurl3-gnutls packages fix certificate handling

2007-07-18 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1333[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 18th, 2007
- 

Package: libcurl3-gnutls
Vulnerability  : input validation
Problem type   : local and remote
Debian-specific: no
CVE Id(s)  : CVE-2007-3564

It has been discovered that the GnuTLS certificate verification methods
implemented in libcurl-gnutls, a solid, usable, and portable multi-protocol
file transfer library, did not check for expired or invalid dates.

For the stable distribution (etch), this problem has been fixed in
version 7.15.5-1etch1.

We recommend that you upgrade your libcurl3-gnutls package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- 

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.dsc
Size/MD5 checksum:  948 1eacdb0c127ad12b860033f743563df8
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5.orig.tar.gz
Size/MD5 checksum:  1897973 61997c0d852d38c3a85b445f4fc02892
  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1.diff.gz
Size/MD5 checksum:19029 cbd30d40f3026e020182e665a7f5d5be

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dev_7.15.5-1etch1_all.deb
Size/MD5 checksum:22198 b6b9a429b9ae513c5e0c8472c6509907

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   811542 dbc6cd819cff1b717c46e11caa1dd331
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   815608 03e1eb1961a7e58e82e4ac2380aa8c8a
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   181660 30c703c8b17a42b63d2fbe575bafe562
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   823850 23eb2600b1da596a04bfd5043effc13d
  
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   166814 7a9f90444bd58d38c9452a44ff71ea98
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_alpha.deb
Size/MD5 checksum:   175316 0167fc5805b8f8c363165dff64dafe98

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   772978 675235b32ac91f3b91f86ee28e70d1e2
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   824246 a0547976a45ee4d4be2c43b179459404
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   767648 4852d415582c564eb50cb9f8cbc677f7
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   170008 ff8b0b14022f291265324243579abf2d
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   164638 ae44174a768af4786637cb6292800b21
  
http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_amd64.deb
Size/MD5 checksum:   163440 c7410d7b8efc16abf1e138c1bb7a5712

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/c/curl/curl_7.15.5-1etch1_arm.deb
Size/MD5 checksum:   162094 001980ca743312ca37513877ad7d19f6
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3_7.15.5-1etch1_arm.deb
Size/MD5 checksum:   164634 436490a717543532135cfaafb4fb4a99
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-openssl-dev_7.15.5-1etch1_arm.deb
Size/MD5 checksum:   757356 3a74f9c27504a758b95dfb6ba5fb96a3
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-dbg_7.15.5-1etch1_arm.deb
Size/MD5 checksum:   782328 40e1890d559f3efb927af1d0bc0c8c6e
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3-gnutls-dev_7.15.5-1etch1_arm.deb
Size/MD5 checksum:   750218 82456f7c8a985993fd50eb482f715a70
  
http://security.debian.org/pool/updates/main/c/curl/libcurl3

[SECURITY] [DSA 1334-1] New freetype packages fix arbitary code execution

2007-07-18 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1334[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 18th, 2007
- 

Package: freetype
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2754
Debian Bug : 425625


A problem was discovered with freetype, a FreeType2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

For the old stable distribution (sarge), this problem has been fixed in
version 2.1.7-8.

We recommend that you upgrade your freetype package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.diff.gz
Size/MD5 checksum:57953 d94a3a7e7575ab5c5aa67d5fc630077d
  http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7-8.dsc
Size/MD5 checksum:  754 f04967ca8fffb4340fd8ef716d8fbfb5
  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.1.7.orig.tar.gz
Size/MD5 checksum:  1245623 991ff86e88b075ba363e876f4ea58680

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_amd64.deb
Size/MD5 checksum:76244 53d4356cfbea6313e1ee0990d2d83b49
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_amd64.udeb
Size/MD5 checksum:   238290 afadfd7dd3c2a2063826e1116740f04e
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_amd64.deb
Size/MD5 checksum:   390326 6ed30e4b053950c321e4c2010a8265cc
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_amd64.deb
Size/MD5 checksum:   723758 231145ee63a527899fea4d049e95b58d

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_arm.deb
Size/MD5 checksum:   714504 dbe9287cce58eea37c754e8d0a3e7e41
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_arm.udeb
Size/MD5 checksum:   201950 a7811a90eefb9d9e468ab7e93327bcc2
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_arm.deb
Size/MD5 checksum:   352948 b3a8d18cde53bee6b5b6840541b999f4
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_arm.deb
Size/MD5 checksum:58750 9bea9b63383a79219152946274113d80

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_hppa.deb
Size/MD5 checksum:80764 f2233eae737a535cbd3a30093d89bde6
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_hppa.udeb
Size/MD5 checksum:   256256 45ad964f89b8d1d51e5bca8a446e40c1
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_hppa.deb
Size/MD5 checksum:   734426 9a831f2c775dd9dae5a237681dedfffb
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_hppa.deb
Size/MD5 checksum:   407518 659cedf86f7e23bbc492bab1049783a3

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.1.7-8_i386.udeb
Size/MD5 checksum:   212968 df44023a71960bb13e8cbc868a99805c
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_i386.deb
Size/MD5 checksum:   695068 7e558fc40413ac96d54a6e187619923a
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_i386.deb
Size/MD5 checksum:   364974 7abd8cdd3d0b864b0f593eb391e95dc8
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.1.7-8_i386.deb
Size/MD5 checksum:63184 e6c2ceadaa8a74247d1fe3eb4eead534

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.1.7-8_ia64.deb
Size/MD5 checksum:   493880 945ff8b8ae11ce35e6dbf53c0068eec7
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.1.7-8_ia64.deb
Size/MD5 checksum:   843972 e7838653f9bbc9cf243e00f26d435ff6
  
http://security.debian.org/pool/updates/main/f/freetype

[SECURITY] [DSA 1329-1] New gfax packages fix privilege escalation

2007-07-05 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1329-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 05, 2007
- 

Package: gfax
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2839
Debian Bug : 431893

Steve Kemp from the Debian Security Audit project discovered that
gfax, a GHOME frontend for fax programs, uses temporary files in an
unsafe manner which may be exploited to execute arbitary commands
with the privileges of the root user.

For the old stable distribution (sarge) this problem has been fixed
in version 0.4.2-11sarge1.

The stable distribution (etch) is not affected by this problem.

The unstable distribution (sid) is not affected by this problem.

We recommend that you upgrade your gfax package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- 

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2.orig.tar.gz
Size/MD5 checksum:   396636 815523780287a97133e85585f0319a20
  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.diff.gz
Size/MD5 checksum:14946 7393373a40448daf52e4b64ff1d4f6a7
  http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1.dsc
Size/MD5 checksum:  632 ed841ab6349ff80527cb49fb1fc6595f

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_alpha.deb
Size/MD5 checksum:   125376 57c5e15d94699b99fabbf4f692df667e

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_amd64.deb
Size/MD5 checksum:   123102 9926dfcd4d62b4407f58f34e31a069c3

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_arm.deb
Size/MD5 checksum:   118812 57168963066d0f0473ea9e34f8d208ef

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_i386.deb
Size/MD5 checksum:   122306 1e13b2d599ca2e0a2a63bda455ab13ab

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_ia64.deb
Size/MD5 checksum:   133284 c87980b9a8895817fce94c40b20f52f7

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_m68k.deb
Size/MD5 checksum:   117290 8f7352fcec87f588168777690c081f99

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_s390.deb
Size/MD5 checksum:   122588 e23038de978cf94e5d1a710a406797f6

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/g/gfax/gfax_0.4.2-11sarge1_sparc.deb
Size/MD5 checksum:   118830 2ed8af350418bdfaebea02e318c1e0f3


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGjVBXwM/Gs81MDZ0RAptCAJ97uSQPp1gEQnKFKFlaj2xR0v0MUQCgiGdq
PjQGwmV9iE3+1gCLtlJxGfk=
=YgPj
-END PGP SIGNATURE-

[SECURITY] [DSA 1326-1] New fireflier-server packages fix unsafe temporary files

2007-07-02 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1326[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: fireflier-server
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2837

Steve Kemp from the Debian Security Audit project discovered that
fireflier-server, an interactive firewall rule creation tool, uses
temporary files in an unsafe manner which may be exploited to remove
arbitary files from the local system.

For the old stable distribution (sarge) this problem has been fixed in
version 1.1.5-1sarge1.

For the stable distribution (etch) this problem has been fixed in
version 1.1.6-3etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your fireflier-server package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GN/Linux 3.1 alias sarge
- ---

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.dsc
Size/MD5 checksum:  754 fd653a7d7e2c4475d1a2c2640b3e142a
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier_1.1.5-1sarge1.tar.gz
Size/MD5 checksum:   499949 4ae52e40866c6ca977ddcbf8a8b5fd65

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:75194 8c878fe74627e6a6246333d5b14c228f
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:   177850 027ca26aabb6aafae2acdc748d3f4050
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:74840 d5a498e131e51d76f4044218f9298e24
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_alpha.deb
Size/MD5 checksum:51402 84350d096372ab3f0aa41608adf3772f

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:66538 34a5b65429e8ebdf4646d93ae8fc37c7
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:66370 6f3614d84a690531039e5b7b0adc2b6b
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:47130 68d9276db6afc61f3eec2091c6e57634
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_amd64.deb
Size/MD5 checksum:   147046 d0aafacb99d698957a91df99ff6eddd5

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:61610 ad9b1e6b0d0532a3494f22e6811798a9
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:64002 50b762fe9a28aa55bda45d134de95a5e
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:46878 dc55fb97f5d9a4bf8fc192d7f1f22620
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_arm.deb
Size/MD5 checksum:   163486 70254f114e19769e74a02f977e70856c

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:66070 f65bbd16b3b9349271dd643b67fe5fe6
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-server_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:45686 d43fa251a29fde160e5be343ac18a5e8
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-gtk_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:   145080 803aa15f76f167ec61751ab4d4726011
  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-qt_1.1.5-1sarge1_i386.deb
Size/MD5 checksum:63804 8935c1620e21f806b72ac23567cfde7b

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/f/fireflier/fireflier-client-kde_1.1.5-1sarge1_ia64

[SECURITY] [DSA 1327-1] New gsambad packages fix unsafe temporary files

2007-07-02 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1327[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: gsambad
Vulnerability  : insecurity temporary files
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2838


Steve Kemp from the Debian Security Audit project discovered that gsambad,
a GTK+ configuration tool for samba, uses temporary files in an unsafe
manner which may be exploited to truncate arbitary files from the local
system.

For the stable distribution (etch) this problem has been fixed in
version 0.1.4-2etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your gsambad package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.diff.gz
Size/MD5 checksum:24766 8ac63c3ecf53c7243f6f8675d3e2bb48
  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1.dsc
Size/MD5 checksum:  609 35dc69c7f48b6b327b782d310037eac6
  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4.orig.tar.gz
Size/MD5 checksum:   385776 ced255218e024b43de6d42c9fc1653d2

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_alpha.deb
Size/MD5 checksum:   109878 5aadc8c608d516df18c4bffb0cee70a9

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_amd64.deb
Size/MD5 checksum:92416 9f332e4530c72917193402535c9f83e4

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_arm.deb
Size/MD5 checksum:88570 7f540eb27987fe1d8130279f1a3f41e1

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_i386.deb
Size/MD5 checksum:93918 4f47a220caba72b7daadf205545dd214

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_ia64.deb
Size/MD5 checksum:   120170 68f5483b3c10a787b7d8c6f3a7a39a34

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_mipsel.deb
Size/MD5 checksum:87426 7f4408ddd5cb502067dcea364344cfe8

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_powerpc.deb
Size/MD5 checksum:92822 4995be1a528256e86bb254dee1b0cc0f

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_s390.deb
Size/MD5 checksum:85148 8ad37130b346472026e0171d09036729

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/g/gsambad/gsambad_0.1.4-2etch1_sparc.deb
Size/MD5 checksum:87174 b4a354e57e38c7dcaad14bff8a183975


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGh/dAwM/Gs81MDZ0RAmahAKDiHd4jeEEP7/2szSHWbjEe0XWKzQCfZq9F
J2BGQIUY5fRnFXthRMTUQv8=
=i6Ld
-END PGP SIGNATURE-

[SECURITY] [DSA 1328-1] New unicon-imc2 packages fix buffer overflow

2007-07-02 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1328[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
July 01, 2007
- 

Package: unicon-imc2
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2835


Steve Kemp from the Debian Security Audit project discovered that
unicon-imc2, a Chinese input method library, makes unsafe use of
an environmental variable, which may be exploited to execute arbitary
code.

For the stable distribution (etch) this problem has been fixed in
version 3.0.4-11etch1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your unicon-imc2 package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.



Debian GNU/Linux 4.0 alias etch
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.diff.gz
Size/MD5 checksum:14966 c3a081d69f9f81055de331690bf85e70
  http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4.orig.tar.gz
Size/MD5 checksum:  5704272 dfb8650debe038f85270b4ad60ad313b
  http://security.debian.org/pool/updates/main/u/unicon/unicon_3.0.4-11etch1.dsc
Size/MD5 checksum:  603 711b8ba2894e03f257f7d6a74f526563

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_alpha.deb
Size/MD5 checksum:  4376642 8cfd1066d51dc11862115179be4ce4e4

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_amd64.deb
Size/MD5 checksum:  4362080 bad015c61850c9a4fe5d85edc77073fd

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_arm.deb
Size/MD5 checksum:  4152566 0d8b6a4a3bab316d49eea2211affea61

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_hppa.deb
Size/MD5 checksum:  4546634 dbdc37a0fb794ac2d806a1c960ff7c43

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_i386.deb
Size/MD5 checksum:  4153202 24ddede20e4b9ad3b15694275ad9d597

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_ia64.deb
Size/MD5 checksum:  4387184 c9494e9f38687b4cafb6b291942ddf6a

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_mipsel.deb
Size/MD5 checksum:  4159956 05c58cfe2805a3cd5a20171943e241c4

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_powerpc.deb
Size/MD5 checksum:  4516520 cb01b1bbc9bf724b7c6e97231945a964

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_s390.deb
Size/MD5 checksum:  4544838 7c2e4aa746330e0d94417a7254f03714

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/u/unicon/unicon-imc2_3.0.4-11etch1_sparc.deb
Size/MD5 checksum:  4501702 246893314e59799c4cabc3353fa8998f


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGh/x0wM/Gs81MDZ0RAhBEAKCTnKdYgVekvJvX8B9cz2r++tdoowCgsjNn
x0APOWgiDchUvmcOce+s4Hc=
=6JOd
-END PGP SIGNATURE-

[SECURITY] [DSA 1324-1] New hiki packages fix missing input sanitising

2007-06-30 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1324[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 28, 2007
- 

Package: hiki
Vulnerability  : missing input sanitising
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2007-2836
Debian Bug : 430691


Kazuhiro Nishiyama found a vulnerability in hiki, a Wiki engine written
in Ruby, which could allow a remote attacker to delete arbitary files
which are writable to the Hiki user, via a specially crafted session
parameter.

For the stable distribution (etch), this problem has been fixed in version
0.8.6-1etch1.

For the unstable distribution (sid) this problem has been fixed in version
0.8.7-1.

We recommend that you upgrade your hiki (0.8.6-1etch1) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.diff.gz
Size/MD5 checksum: 5418 b57f6debe38f903c7615d738f5030060
  http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1.dsc
Size/MD5 checksum:  571 22358a8449ae12c19fe6a80f8607a82f
  http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6.orig.tar.gz
Size/MD5 checksum:   244885 990212929cabf29e72df10a5b76ff27d

Architecture independent packages:

  http://security.debian.org/pool/updates/main/h/hiki/hiki_0.8.6-1etch1_all.deb
Size/MD5 checksum:   228092 fdbc68fca2b4939ceace21f282b0c2fb


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGhCIiwM/Gs81MDZ0RAqHyAKCux4dbxMkR5+uTsXopaovpCdvMdgCgkeCY
Jm5WtleaZ53cBKoLOSXSyb0=
=4Ool
-END PGP SIGNATURE-

[SECURITY] [DSA 1317-1] New tinymux packages fix buffer overflow

2007-06-23 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA 1317-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 23, 2007
- 

Package: tinymux
Vulnerability  : buffer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-1655
BugTraq ID : 23292
Debian Bug : 417539

duskwave discovered that tinymux, a text-based multi-user virtual world server,
performs insufficient boundary checks when working with user-supplied data,
which might lead to the execution of arbitary code.

For the stable distribution (etch), this problem has been fixed in version 
2.4.3.31-1etch1.

We recommend that you upgrade your tinymux package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- ---

Source archives:

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.diff.gz
Size/MD5 checksum:25768 5561f8f373ba594299fb08935d0d28b8
  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31.orig.tar.gz
Size/MD5 checksum:   925630 7b149de6a1ef5c26b989f05f7f894ba0
  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1.dsc
Size/MD5 checksum:  609 43a81f38076f544c7d5dcee9b4805082

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_alpha.deb
Size/MD5 checksum:   660202 f789e47d312651b2acdfec1bd62f35f7

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_amd64.deb
Size/MD5 checksum:   646318 a715fedaa66a6656d413086c0c349c84

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_arm.deb
Size/MD5 checksum:   613350 546c1d9f0346a649104a32fce0ee5501

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_hppa.deb
Size/MD5 checksum:   690748 2c15696925b7ea1e2c60f56613f3477e

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_i386.deb
Size/MD5 checksum:   610106 82526fb744024fb62dc3db8eebe58f14

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_ia64.deb
Size/MD5 checksum:   790390 77d75edb1dc316e0f6943ebb9005d7f0

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mips.deb
Size/MD5 checksum:   681474 8342b25f33cab216dbb7b2fdef538daa

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_mipsel.deb
Size/MD5 checksum:   683480 28543164a051516b60abd88f6d008a72

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_powerpc.deb
Size/MD5 checksum:   626322 6d66856f933ebc1771116dbe75a4f445

s390 architecture (IBM S/390)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_s390.deb
Size/MD5 checksum:   635518 86dfa4021ef7ed8834d2e4005c7b95c4

sparc architecture (Sun SPARC/UltraSPARC)

  
http://security.debian.org/pool/updates/main/t/tinymux/tinymux_2.4.3.31-1etch1_sparc.deb
Size/MD5 checksum:   622104 574396c035379caed5d0997f491518fb


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: [EMAIL PROTECTED]
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGfHK4wM/Gs81MDZ0RAuhqAKClWULI5wj6HNemXeQ4fvtu3sJWNwCfU6DH
Z6zl2q7oKeV6U+zEpgWYBz8=
=KGoY
-END PGP SIGNATURE-

[SECURITY] [DSA 1316-1] New emacs21 packages fix denial of service

2007-06-21 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory dsa-1316[EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 21, 2007
- 

Package: emacs21 (21.4a+1-3etch1)
Vulnerability  : denial of service
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2833
Debian Bug : 408929


It has been discovered that emacs, the GNU Emacs editor, will crash when
processing certain types of images.

For the stable distribution (etch), this problem has been fixed in version XXX


We recommend that you upgrade your emacs21 (21.4a+1-3etch1) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1.orig.tar.gz
Size/MD5 checksum: 15188829 2614ad1ce5c547e682e76049717a704d
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.diff.gz
Size/MD5 checksum:   189123 efad0ca53f0dbddb93b2cbef0edb350d
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.dsc
Size/MD5 checksum:  893 01f93796b7e4cbfb0c07fc211b49ebfa

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-common_21.4a+1-3etch1_all.deb
Size/MD5 checksum:  9450540 eb73296f7683a65384cd41905f6dc39c
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-el_21.4a+1-3etch1_all.deb
Size/MD5 checksum:  7218194 cac7a6629afe81db77af34e344194852
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs_21.4a+1-3etch1_all.deb
Size/MD5 checksum:23846 b8675a67384a58f59befec0577eca744

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:  2329172 9468d7d11509518ec4d6e97caf26cc86
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:  2085080 6576dd8ef28a1055cb1017ffcc9aad74
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:   182974 565e5a66ab03c426078faa70c3305349

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:  1969826 691f4641f9c3e3fd37b149ae5478d65d
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:  2187854 9fcfd83efc6ce06c675e68fa43b8fded
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:   162136 1973e185e0c221c03dbf77df2e460df7

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:  1828924 f6bce578f44fb1f1a1ab31217f926708
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:  2030164 e3991619fdb58d75d95ab480fb191c79
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:   147964 84453604acd1f52971da2bdd785fad17

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:  1961192 f169821c8a1f27c44c3a2f41ca2f3651
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:  2187120 37e9cc501a0ed894506700f3979a9cc0
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:   162908 be7bc21995279915d27c5755904373d5

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:   146884 f295798eef85bf559ca830f0a87de5c1
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:  2029074 0ad01edbae57f38fd98b7e166363c15d
  
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:  1837132 3228c6d0f29ef3367c962893e6ea7325

ia64 architecture (Intel ia64)

  
http

[SECURITY] [DSA 1309-1] New libexif packages fix integer overflow

2007-06-18 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1309-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 16, 2007
- 

Package: libexif (0.6.9-6sarge1)
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2006-4168
Debian Bug : 424775


A vulnerability has been discovered in libexif, a library to parse EXIF
files, which allows denial of service and possible execution of arbitary
code via malformed EXIF data.

For the old-stable distribution (sarge), this problem has been fixed
in version 0.6.9-6sarge1.

We recommend that you upgrade your libexif (0.6.9-6sarge1) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (oldstable)
- --

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.diff.gz
Size/MD5 checksum: 4786 7f1c3acc1bd7a5cbba3d5902243641f3
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9-6sarge1.dsc
Size/MD5 checksum:  591 42d25baee97586f3ea1498a8f48ccf4a
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.9.orig.tar.gz
Size/MD5 checksum:   520956 0aa142335a8a00c32bb6c7dbfe95fc24

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum:87472 b89fd309bcdbffe922868fdc94ae3995
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_alpha.deb
Size/MD5 checksum:87512 dfe1e955fa930314229d7bb60e3ff836

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum:82032 4c5f701021eb2000bc3ef6f883567ce2
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_amd64.deb
Size/MD5 checksum:67686 16b056d71ca768c86008dcee30866f60

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_arm.deb
Size/MD5 checksum:77166 2aa58aba802cace8d19c69bde064353f
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_arm.deb
Size/MD5 checksum:63856 c4d53b9592202e1fdd33488fd60c6d34

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum:72520 ee8e668619021e6b7835008ff995b7d9
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_hppa.deb
Size/MD5 checksum:87552 98de1cc25069f89469b2d27163f5899b

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_i386.deb
Size/MD5 checksum:81852 c160054570be46b37aea3eab9b4eaccb
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_i386.deb
Size/MD5 checksum:67106 d068596d9648d1ce07eab1cc960cc64c

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum:84206 0246ab59dabd154efd976ff66bc92f41
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_ia64.deb
Size/MD5 checksum:95380 154b1660da3aa9de555d2a01771069f6

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum:79144 d4efcd6b0d598fbdb5f63a8737f49964
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_m68k.deb
Size/MD5 checksum:57968 d746fafbc55a58c83920a6630b416365

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.9-6sarge1_mips.deb
Size/MD5 checksum:68116 231d9384f29995322dca3d138aa0bd41
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mips.deb
Size/MD5 checksum:77876 d245ced8cef61e9b29c01891fb28be83

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif10_0.6.9-6sarge1_mipsel.deb
Size/MD5 checksum:77066

[SECURITY] [DSA 1310-1] New libexif packages fix integer overflow

2007-06-18 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1310-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 16, 2007
- 

Package: libexif (0.6.13-5etch1)
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2006-4168
Debian Bug : 424775

A vulnerability has been discovered in libexif, a library to parse EXIF
files, which allows denial of service and possible execution of arbitary
code via malformed EXIF data.

For the stable distribution (etch), this problem has been fixed in version
0.6.13-5etch1.

We recommend that you upgrade your libexif (0.6.13-5etch1) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.dsc
Size/MD5 checksum:  611 1ef82262d96e0b157f7ee74bfad7cf1f
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13.orig.tar.gz
Size/MD5 checksum:   727418 e5ad93c170bfb4fed6dc3e1c7a7948cb
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif_0.6.13-5etch1.diff.gz
Size/MD5 checksum: 9163 476ae8f1ef4103144ca0f3ea59e88ca4

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_alpha.deb
Size/MD5 checksum:  1067984 e5c33b25fd459761ea2d19d9142b5cdf
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_alpha.deb
Size/MD5 checksum:   148336 88bc8cc66ad78ddf4b096015148dba82

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_amd64.deb
Size/MD5 checksum:   142954 ceeccbe1112250949070f1c06b78536c
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_amd64.deb
Size/MD5 checksum:  1044550 b55daeeb41735e7f3024d68186643805

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_arm.deb
Size/MD5 checksum:   997646 18411c1a63d5d4e537992140cbdf7721
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_arm.deb
Size/MD5 checksum:   135988 1195dbf898c9550590a2a76b327a4eb4

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_hppa.deb
Size/MD5 checksum:   147200 dece4fe67839197f3f4cbac78aec2a43
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_hppa.deb
Size/MD5 checksum:  1013194 6de2cec24dffdeffa1abf69175d48962

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_i386.deb
Size/MD5 checksum:   998686 19d1987a4222f5da26521ba96dbf20cf
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_i386.deb
Size/MD5 checksum:   139954 73713093a5b8e423284e7bc5bd55a120

ia64 architecture (Intel ia64)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_ia64.deb
Size/MD5 checksum:   159424 f1a821774f55ffc4e1aa1238d05835e3
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_ia64.deb
Size/MD5 checksum:  1028554 c599bc392ff53a2f1b8da9d0270dd6b1

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mips.deb
Size/MD5 checksum:   13 42403f5fe88c1608fbd99e24b0fba51a
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mips.deb
Size/MD5 checksum:  1008580 24c2d6980675f456a8771b665ea43b75

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif12_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum:   136120 fea308e90afe74d83dbc00d800d08a3d
  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_mipsel.deb
Size/MD5 checksum:  1008154 6c88505ee31716eb604d1d1ccdbf33f0

powerpc architecture (PowerPC)

  
http://security.debian.org/pool/updates/main/libe/libexif/libexif-dev_0.6.13-5etch1_powerpc.deb
Size/MD5 checksum:  1005486 997bbd5a30ba6012c8394df7bd95d095

[SECURITY] [DSA 1302-1] New freetype packages fix integer overflow

2007-06-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1302-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
June 10, 2007
- 

Package: freetype (2.2.1-5+etch1)
Vulnerability  : integer overflow
Problem type   : local
Debian-specific: no
CVE Id(s)  : CVE-2007-2754
Debian Bug : 425625


A problem was discovered with freetype, a FreeTyp2 font engine, which
could allow the execution of arbitary code via an integer overflow in
specially crafted TTF files.

For the stable distribution (etch), this problem has been fixed in 
version 2.2.1-5+etch1.

For the unstable distribution (sid), this problem has been fixed in
version 2.2.1-6.

We recommend that you upgrade your freetype (2.2.1-5+etch1) package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, 
mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.dsc
Size/MD5 checksum:  798 187a09fa137f44644a826cc561851023
  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1.orig.tar.gz
Size/MD5 checksum:  1451392 a584e84d617c6e7919b4aef9b5106cf4
  
http://security.debian.org/pool/updates/main/f/freetype/freetype_2.2.1-5+etch1.diff.gz
Size/MD5 checksum:30963 83f454db44bdb8929e0f0381143dc5db

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum:   385008 7d52ba8722e4b357f68abb578b60a52a
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum:   170448 7f2728c29efd7ca024531d8ebf88addc
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_alpha.deb
Size/MD5 checksum:   732032 116feac33169db3e45c3dc53e4f3157b
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_alpha.udeb
Size/MD5 checksum:   279204 e62e7644d9d1e22b23e81c6fda87b6d1

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum:   353436 afa12b9f6f0e6bda42de60aa1e019b50
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum:   150526 825c996331a2c0cd274e2b15a8fee7d4
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_amd64.udeb
Size/MD5 checksum:   248150 f8b87164256e2c6670ab72c07700dbd8
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_amd64.deb
Size/MD5 checksum:   668724 77394a0182401d64247d41e5877cbe9b

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_arm.deb
Size/MD5 checksum:   64 0d7346c0579975150072ce120d99c304
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_arm.deb
Size/MD5 checksum:   641304 4bb19236147b7dcc902d12ca757d6473
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_arm.deb
Size/MD5 checksum:   134424 6ea68e623f447fddc5f8cb70a24d6859
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_arm.udeb
Size/MD5 checksum:   227222 ecc5609d412cf0c093ff11ad678bd5b8

hppa architecture (HP PA RISC)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-dev_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum:   680184 7e3cb9e8883b4d1f867ca4a540ce809f
  
http://security.debian.org/pool/updates/main/f/freetype/freetype2-demos_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum:   150926 461bcc2b91d791e5f53d0ad9e7f9dbec
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6-udeb_2.2.1-5+etch1_hppa.udeb
Size/MD5 checksum:   260406 058fbb02c754707bd01a37bbb0de5a35
  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_hppa.deb
Size/MD5 checksum:   366546 5a6c3b19844f9b1d0275ffae21c87871

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/f/freetype/libfreetype6_2.2.1-5+etch1_i386.deb
Size/MD5 checksum:   341778 f800ba2ee94137591a764136ec71cbd9
  
http

[SECURITY] [DSA 1303-1] New lighttpd packages fix denial of service

2007-06-11 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- --
Debian Security Advisory DSA 1303-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 10, 2007   http://www.debian.org/security/faq
- --

Package: lighttpd 
Vulnerability  : denial of service
Problem-Type   : local  remote
Debian-specific: no
CVE ID : CVE-2007-1870 CVE-2007-1869
Debian Bug : 422254 

Two problems were discovered with lighttpd, a fast webserver with
minimal memory footprint, which could allow denial of service.
The Common Vulnerabilities and Exposures project identifies the
following problems:

CVE-2007-1869

  Remote attackers could cause denial of service by disconnecting
  partway through making a request.

CVE-2007-1870

  A NULL pointer dereference could cause a crash when serving files
  with a mtime of 0.


For the stable distribution (etch) these problems have been fixed in
version 1.4.13-4etch1.

For the unstable distribution (sid) these problems have been fixed in
version 1.4.14-1.

We recommend that you upgrade your lighttpd package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


  Source archives:


http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.dsc
  Size/MD5 checksum: 1098 ef3730d86ea77e526e66127d934f03c6

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1.diff.gz
  Size/MD5 checksum:15173 411d82d078a5303943389fc3521e7fba

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13.orig.tar.gz
  Size/MD5 checksum:   793309 3a64323b8482b0e8a6246dbfdb4c39dc

  Architecture independent components:


http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-doc_1.4.13-4etch1_all.deb
  Size/MD5 checksum:99474 8a94fa9556f1429528319f1a1fa568f1

  Alpha architecture:


http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:   318162 283fd8d6c7c27f4bd61898247da07db9

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:64510 d0944bbc86a22daa45999afd00676920

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:64070 d685ea88c4b629bab5771d08621aa81c

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:59074 aad74a6b17e86c8c68b63717b4448e22

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:60828 c136287cae4f4cea113657ea6b01ce41

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_alpha.deb
  Size/MD5 checksum:71320 bc0aa14a9955e2f386fbb43c6061ff8b

  AMD64 architecture:


http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:   296426 7cbf0ee2b5a3c27b3478ae096419beef

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:63922 981c2f63505bd5394c639a1aa93fa25a

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:63646 d4ec90dda80422e47115faf57396bb05

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-mysql-vhost_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:59132 a6cc6145c017eae377b20887dae4618c

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-trigger-b4-dl_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:60724 6a6af3f67680ea042ea5e8a6d2170139

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-webdav_1.4.13-4etch1_amd64.deb
  Size/MD5 checksum:69976 739708ec1200c70a6cc4b468080b49ae

  ARM architecture:


http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd_1.4.13-4etch1_arm.deb
  Size/MD5 checksum:   288014 1114e00e94dc60364fa9aaad59183836

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-cml_1.4.13-4etch1_arm.deb
  Size/MD5 checksum:62602 9947d36ac758e7d7cd78064c147ddbe2

http://security.debian.org/pool/updates/main/l/lighttpd/lighttpd-mod-magnet_1.4.13-4etch1_arm.deb

[SECURITY] [DSA 1251-1] New netrik packages fix arbitary shell command execution

2007-01-22 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1251-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
January 21, 2007
- 

Package: netrik
Vulnerability  : insufficient escaping
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2006-6678
Debian Bug : 404233

It has been discovered that netrik, a text mode WWW browser with vi like
keybindings, doesn't properly sanitize temporary filenames when editing
textareas which could allow attackers to execute arbitrary commands via
shell metacharacters.

For the stable distribution (sarge), this problem has been fixed in version
1.15.4-1sarge1.

For the upcoming stable distribution (etch) this problem has been fixed in
version 1.15.3-1.1.

For the unstable distribution (sid) this problem has been fixed in version
1.15.3-1.1.

We recommend that you upgrade your netrik package.

Upgrade instructions
- 

Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 


  Source archives:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.dsc
  Size/MD5 checksum:  620 31e1673b4ac99919469faf3dc9c54a08

http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1.diff.gz
  Size/MD5 checksum:22821 7a55e2a9d74a24cb891afd4e9a44c703

http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3.orig.tar.gz
  Size/MD5 checksum:   216160 1d0a41153b93b07b8cdaa9e7e9556848

  Alpha architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_alpha.deb
  Size/MD5 checksum:   278212 a6b2f7f278cfe2f30d3f0fd954ad3e53

  AMD64 architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_amd64.deb
  Size/MD5 checksum:   273334 b6b7826f7d876a963ce423bee53121b3

  ARM architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_arm.deb
  Size/MD5 checksum:   270014 dc2dfdb7e203515859391e57207a224c

  HP Precision architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_hppa.deb
  Size/MD5 checksum:   275476 8184e4e6ea4f08cb6ce7d9a2350860af

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_i386.deb
  Size/MD5 checksum:   276780 a8ed3c443444e5090d58c7d422825381

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_ia64.deb
  Size/MD5 checksum:   292688 7efd26ab39d1056f6c520498fdf352a1

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_m68k.deb
  Size/MD5 checksum:   264084 2ebb4ec950c7bb92fe8c257f70905ba0

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mips.deb
  Size/MD5 checksum:   272624 9764fbbb151dcd282582c163c2457aeb

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_mipsel.deb
  Size/MD5 checksum:   272788 9007ba43c4539f3620509a51889729c8

  PowerPC architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_powerpc.deb
  Size/MD5 checksum:   272240 4700e9b69cd678582ccfc29e5ab05633

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_s390.deb
  Size/MD5 checksum:   271492 dd41604dce1d89ec3b3dfec99a56a5b2

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/n/netrik/netrik_1.15.3-1sarge1_sparc.deb
  Size/MD5 checksum:   269562 bb4650deeda9ee6089bc9021e54a3e86

   These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFs2U8wM/Gs81MDZ0RAmPwAJsHMHzDBpZjY1yR4jN0Th7VkpccPQCg3+hF
k00YfNiLWl2CGCWK3pHvwvI=
=SsAO

[SECURITY] [DSA-1240-1] New links2 packages fix arbitrary shell command execution

2006-12-21 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1240-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 21, 2006
- 

Package: links2
Vulnerability  : insufficient escaping
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2006-5925
Debian Bug : 400718

Teemu Salmela discovered that the links2 character mode web browser
performs insufficient sanitising of smb:// URIs, which might lead to the
execution of arbitrary shell commands.

For the stable distribution (sarge) this problem has been fixed in
version 2.1pre16-1sarge1.

For the upcoming stable distribution (etch) this problem has been
fixed in version 2.1pre26-1.

For the unstable distribution (sid) this problem has been fixed in
version 2.1pre26-1.

We recommend that you upgrade your links2 package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.diff.gz
Size/MD5 checksum:28658 a83c79990bbfb6f9ec26d737f767ee90
  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16.orig.tar.gz
Size/MD5 checksum:  4217483 7baf4fc20cc244d80ead21cebff07d89
  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1.dsc
Size/MD5 checksum:  841 ed4853334b7eebef055271df06cdcd7a

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_alpha.deb
Size/MD5 checksum:  2110324 b3633fddb199c45339d3837bb0a519a0

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_amd64.deb
Size/MD5 checksum:  2040922 5fb402e6a833709741d20238346c7597

arm architecture (ARM)

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_arm.deb
Size/MD5 checksum:  1996004 c7c79ddcb82d5758668ed71d74b9685f

i386 architecture (Intel ia32)

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_i386.deb
Size/MD5 checksum:  1997426 4c1ef611e31c57583f7471653962a84a

m68k architecture (Motorola Mc680x0)

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_m68k.deb
Size/MD5 checksum:  1904084 e5c777a07eaa88f4367b51d88c556a14

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/l/links2/links2_2.1pre16-1sarge1_mips.deb
Size/MD5 checksum:  2034596 22854de6eaf3aa1e392291760e85e5e8


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFil26wM/Gs81MDZ0RAvPPAJ9cxthVIvv2w2UmXuzhiiPR21aOjgCgo7J8
vA5Gql5VNhz4zm/QV5K4pig=
=JT/Q
-END PGP SIGNATURE-

[SECURITY] [DSA-1234-1] New ruby1.6 package fix denial of service

2006-12-13 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1234-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 13, 2006
- 

Package: ruby1.6 (1.6.8-12sarge3)
Vulnerability  : Denial of service
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2006-5467
Debian Bug : 398457


A denial of service vulnerability has been discovered in the CGI library
included with Ruby, the intepreted scripting langauge for quick and easy
object-orientated programming.

For the stable distribution (sarge), this problem has been fixed in version 
1.6.8-12sarge3.

We recommend that you upgrade your ruby1.6 package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.dsc
Size/MD5 checksum:  995 afe54a8363d4d14b066f32b07b095dde
  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3.diff.gz
Size/MD5 checksum:78860 73e5ba7c3a427ceb1bf4926cf9e440a9
  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8.orig.tar.gz
Size/MD5 checksum:  1022364 aa1e272added83a5206c565d62c9c8ed

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-elisp_1.6.8-12sarge3_all.deb
Size/MD5 checksum:   152700 0086c6b5b4d81a689ec8ab938e495e33
  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-examples_1.6.8-12sarge3_all.deb
Size/MD5 checksum:   160374 ad819f654e8b072a38ebbf2e6aa24fd5
  
http://security.debian.org/pool/updates/main/r/ruby1.6/irb1.6_1.6.8-12sarge3_all.deb
Size/MD5 checksum:   174876 7518ee339c9c8450d13097c25d1ab034

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/r/ruby1.6/libtk-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   178640 225d0be161efb37087a2ce9de3b37566
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   688428 154f8e9a83bd637ff39df9023fad0bbb
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libsyslog-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   145022 cba2af385573937052fe3f00664841d3
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libcurses-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   146562 eabbf08274f6cce027ace854627157cb
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libgdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   146560 5e49af7b3cbb7a60cf6d8ab3c453c1f2
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libsdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   149118 dfcee284ca8d7e913b264f12de7d260f
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libdbm-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   145046 5dd5914d57db7623cc2e25e4c0a7287a
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libreadline-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   144908 d088c80629003bd8a800b2b8da360b11
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libruby1.6-dbg_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   726692 a1d9bcf1e1c34576113b7c65a57f0576
  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6-dev_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   700268 f0097fe8617fa00e30bfe746eb13706b
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   165542 13bf6ffc763f2ca0d9af8522e2638dfd
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   148628 940fbeb69ccec2ab3b4956511642dccc
  
http://security.debian.org/pool/updates/main/r/ruby1.6/ruby1.6_1.6.8-12sarge3_alpha.deb
Size/MD5 checksum:   159290 b403a9bb1d6e5c3007b4d283620c0302

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/r/ruby1.6/libtcltk-ruby1.6_1.6.8-12sarge3_amd64.deb
Size/MD5 checksum:   164818 aff47f4b190bf00d9b8e9903373c6333
  
http://security.debian.org/pool/updates/main/r/ruby1.6/libpty-ruby1.6_1.6.8-12sarge3_amd64.deb
Size/MD5 checksum:   148026 21e694282148b8631aee26ca6b2ad9b8
  
http

[SECURITY] [DSA-1235-1] New ruby1.8 package fix denial of service

2006-12-13 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1235-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 13, 2006
- 

Package: ruby1.8
Vulnerability  : Denial of service
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2006-5467
Debian Bug : 398457

A denial of service vulnerability has been discovered in the CGI library
included with Ruby, the intepreted scripting langauge for quick and easy
object-orientated programming.

For the stable distribution (sarge), this problem has been fixed in version
1.8.2-7sarge5.

We recommend that you upgrade your ruby1.8 package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.dsc
Size/MD5 checksum: 1024 912f2bb9a68ba4c1dcad47ebded0946f
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2.orig.tar.gz
Size/MD5 checksum:  3623780 4bc5254bec262d18cf1ceef03aae8bdf
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5.diff.gz
Size/MD5 checksum:   537107 452d8fc55dd8b09fcce1fa843146316e

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/r/ruby1.8/rdoc1.8_1.8.2-7sarge5_all.deb
Size/MD5 checksum:   234904 3c678d4f692f0a815f8e123ce1ec5cbc
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-elisp_1.8.2-7sarge5_all.deb
Size/MD5 checksum:   142342 8aa7ade9e0b3af75caf49850d61188f8
  
http://security.debian.org/pool/updates/main/r/ruby1.8/irb1.8_1.8.2-7sarge5_all.deb
Size/MD5 checksum:   166572 9d149f07d1d580561c8fd139b2505806
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ri1.8_1.8.2-7sarge5_all.deb
Size/MD5 checksum:   721046 ca07956a53ad6032c5770d36f6b83be6
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-examples_1.8.2-7sarge5_all.deb
Size/MD5 checksum:   219032 4a2eec33f380b225db9c3b73d4925872

alpha architecture (DEC Alpha)

  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8-dev_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   796230 c83c345488cb4d6073af0094e3343657
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   237746 b57a4a2a3d3029098e5ec51456dfbf96
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline-ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   133570 d59fed9aabc5fd7bd85e52a5994885ee
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:  1468624 30354f8ce99453f748a2b73c0ecbe35d
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libgdbm-ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   137664 598deb2773a96cc9a3d6c6aa50d41970
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libtcltk-ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:  1450302 90a592d6acc3c433e3055b7d48d72619
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   152112 30df21197d9c6f4f79173d4010bececa
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libdbm-ruby1.8_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   136106 7bfe56ddd935299f5725d391c7d87c29
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_alpha.deb
Size/MD5 checksum:   827214 cea044e68e0b5c823d99a675c2382e0a

amd64 architecture (AMD x86_64 (AMD64))

  
http://security.debian.org/pool/updates/main/r/ruby1.8/libopenssl-ruby1.8_1.8.2-7sarge5_amd64.deb
Size/MD5 checksum:   234196 3c6eeabc8701ba4362f4688b2806e08d
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8_1.8.2-7sarge5_amd64.deb
Size/MD5 checksum:  1392588 c04ec457b39ebeca3a657b89be94be10
  
http://security.debian.org/pool/updates/main/r/ruby1.8/ruby1.8_1.8.2-7sarge5_amd64.deb
Size/MD5 checksum:   151770 d04f1108db6e218b5ec17f1f63433aa3
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libruby1.8-dbg_1.8.2-7sarge5_amd64.deb
Size/MD5 checksum:   780908 efe048b111da22bc9fa7d0272e9f0e73
  
http://security.debian.org/pool/updates/main/r/ruby1.8/libreadline

[SECURITY] [DSA-1236-1] New enemies-of-carlotta package fix missing sanity checks

2006-12-13 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- 
Debian Security Advisory DSA-1236-1  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
December 13, 2006
- 

Package: enemies-of-carlotta
Vulnerability  : missing sanity checks
Problem type   : remote
Debian-specific: no
CVE Id(s)  : CVE-2006-5875

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple
manager for mailing lists, does not properly sanitise email addresses
before passing them through to the system shell.

For the stable distribution (sarge), this problem has been fixed in version 
1.0.3-1sarge1

We recommend that you upgrade your enemies-of-carlotta package.

Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

Source archives:

  
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3.orig.tar.gz
Size/MD5 checksum:50970 c128776396562ef1c678e438422d11fb
  
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.dsc
Size/MD5 checksum:  615 15c19c6a0ba8b3350f7ada9074713d12
  
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1.diff.gz
Size/MD5 checksum: 3587 c5e36788f3e1375c1f97533f1692de4a

Architecture independent packages:

  
http://security.debian.org/pool/updates/main/e/enemies-of-carlotta/enemies-of-carlotta_1.0.3-1sarge1_all.deb
Size/MD5 checksum:42722 d78136bff713315256626eec51521c83


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFf/GVwM/Gs81MDZ0RAn4jAKCix0rudNOKLzx7KVBq8xxtU0wryACfS2PN
HRjdDPz/0i1ssaEXt00F+Ag=
=rmMW
-END PGP SIGNATURE-

[SECURITY] [DSA-1205-1] New thttpd packages fix insecure temporary file creation

2006-11-03 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- --
Debian Security Advisory DSA 1205-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
November 2rd, 2006  http://www.debian.org/security/faq
- --

Package: thttpd
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: yes
CVE ID : CVE-2006-4248
Debian Bug : 396277


Marco d'Itri discovered that thttpd, a small, fast and secure webserver,
makes use of insecure temporary files when its logfiles are rotated,
which might lead to a denial of service through a symlink attack.

For the stable distribution (sarge) this problem has been fixed in
version 2.23beta1-3sarge2

For the unstable distribution (sid) this problem has been fixed in
version 2.23beta1-5

We recommend that you upgrade your thttpd package.


Upgrade Instructions
- - 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- - 

  Source archives:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.dsc
  Size/MD5 checksum:  614 0f9a3730f341fa0151596a3b9f20764d

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2.diff.gz
  Size/MD5 checksum:14313 8545dd3d0f7a2083ecca36e53e72bd6b

http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1.orig.tar.gz
  Size/MD5 checksum:   128712 d3d91f6596f53d5e2b27cea8607d5bba

  Alpha architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_alpha.deb
  Size/MD5 checksum:59240 f6854853b290fe2ce1a925cbbea3856a

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_alpha.deb
  Size/MD5 checksum:27978 6b4680363644b459e0e47222985f749f

  AMD64 architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_amd64.deb
  Size/MD5 checksum:56034 9848065d7700f2f6e0a036ee76e8fcf7

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_amd64.deb
  Size/MD5 checksum:26456 befb78e032aa654e5fcfcc7c9fdff21b

  ARM architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_arm.deb
  Size/MD5 checksum:53198 6a9c1e8afaa60a7b4b7787729dd97b9b

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_arm.deb
  Size/MD5 checksum:24610 f35f8b0a749694fea536296d2a41e1f0

  HP Precision architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_hppa.deb
  Size/MD5 checksum:57374 4755b42efc9a48b59b1e745862e01098

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_hppa.deb
  Size/MD5 checksum:26912 557472d5a3e182b86999baa0b89846ba

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge2_i386.deb
  Size/MD5 checksum:51180 991b1072ebd903b6a9ee316b1bfdc8c6

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge2_i386.deb
  Size/MD5 checksum:24776 fd3dddb60d160a6245da4c7efd5dcfe4

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_ia64.deb
  Size/MD5 checksum:71954 924db7bf3beb5ce3c0e5018759aef3d6

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_ia64.deb
  Size/MD5 checksum:30276 530abc02e3c392a91bff06fe1d8ce7af

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_m68k.deb
  Size/MD5 checksum:50132 bcb24b62afb868c5e04b8c1db66e6cc3

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_m68k.deb
  Size/MD5 checksum:24756 4b30d87639b3d6b7ca58537cf16c6953

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/thttpd/thttpd_2.23beta1-3sarge1_mips.deb
  Size/MD5 checksum:57044 410e480e061a3876b7ff01beaffb571e

http://security.debian.org/pool/updates/main/t/thttpd/thttpd-util_2.23beta1-3sarge1_mips.deb
  Size/MD5 checksum:30980 2cda342ba6a04fdbe0a938359eeff813

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/thttpd

[SECURITY] [DSA 1166-2] New cheesetraceker packages fix buffer overflow

2006-10-13 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- 
Debian Security Advisory DSA-1166-2  [EMAIL PROTECTED]
http://www.debian.org/security/   Steve Kemp
October 13, 2006
- 

Package: cheesetracker (0.9.9-1sarge1)
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE ID : CVE-2006-3814
BugTraq ID : 20060723
Debian Bug : 380364

This update to DSA-1166 adds the architectures which were missing from
the previous advisory.

Luigi Auriemma discovered a buffer overflow in the loading component
of cheesetracker, a sound module tracking program, which could allow a
maliciously constructed input file to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.9-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.9-6.

We recommend that you upgrade your cheesetracker package.


Upgrade instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian 3.1 (stable)
- ---

Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, 
mips, mipsel, powerpc, s390 and sparc.

mips architecture (MIPS (Big Endian))

  
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mips.deb
Size/MD5 checksum:  1050496 e5a01ae14aa451723afad8e18bbe748f

mipsel architecture (MIPS (Little Endian))

  
http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_mipsel.deb
Size/MD5 checksum:  1043988 0e4a9ee9244b41311eea39b2f90528c9


  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFFL5f5wM/Gs81MDZ0RAp1TAJ9uSR+XWiU/HAEKgGREFQe/U+RmHgCdFOqU
ZjgRra+RqfGfMy90mAtHXso=
=VhBo
-END PGP SIGNATURE-

[SECURITY] [DSA 1166-1] New cheesetraceker packages fix buffer overflow

2006-09-04 Thread Steve Kemp


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1166-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 3rd, 2006 http://www.debian.org/security/faq
- --

Package: cheesetracker 
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE ID : CVE-2006-3814
BugTraq ID : 20060723
Debian Bug : 380364

Luigi Auriemma discovered a buffer overflow in the loading component
of cheesetracker, a sound module tracking program, which could allow a
maliciously constructed input file to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in
version 0.9.9-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.9.9-6.

We recommend that you upgrade your cheesetracker package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.dsc
  Size/MD5 checksum:  659 94fe4cfb651e3fd373a79d8928b7c24c

http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1.diff.gz
  Size/MD5 checksum:14286 c3e831161af73cb234e5ccee329e90ae

http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9.orig.tar.gz
  Size/MD5 checksum:   842246 d2cb55cd35eaaaef48454a5aad41a08d

  Alpha architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_alpha.deb
  Size/MD5 checksum:  1138458 aa9cab8b149d4824c4f19ef8f89f2200

  AMD64 architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_amd64.deb
  Size/MD5 checksum:   929228 67b42bf5ca9b7b7c230bb21a5ec3942d

  ARM architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_arm.deb
  Size/MD5 checksum:  1159110 04e55102d781a572aa1e091a75c7c615

  HP Precision architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_hppa.deb
  Size/MD5 checksum:  1248130 547aa7324369bb2572d28558a418bd6f

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_i386.deb
  Size/MD5 checksum:   904204 286d04ae0c9893c894b67d2336e9aae9

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_ia64.deb
  Size/MD5 checksum:  1292230 d6e5e7d89f45509cccb1a51498629bdf

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_m68k.deb
  Size/MD5 checksum:   977470 6287cf1f532affc53921547dd9b9a6a4

  PowerPC architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_powerpc.deb
  Size/MD5 checksum:   968684 839f5a35fe36eb2f12627d5b9e6bbd8b

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_s390.deb
  Size/MD5 checksum:   871530 9b6f802a60f568a537d7f6e40f15e4da

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/c/cheesetracker/cheesetracker_0.9.9-1sarge1_sparc.deb
  Size/MD5 checksum:   975272 c0cc12c0095961806788d1871acbbf54

  These files will probably be moved into the stable distribution on
  its next update.

- 
-
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security 
dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show pkg' and http://packages.debian.org/pkg
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFE+ssowM/Gs81MDZ0RAu/EAJ44jroCmofByWjRsIWvZvD64hofSgCglyET
egUPEuZnuJ9jAtrdAIikfhE=
=xuCl
-END PGP SIGNATURE-

[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities

2006-09-04 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


- --
Debian Security Advisory DSA 1167-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
September 4th, 2005 http://www.debian.org/security/faq
- --

Package: apache
Vulnerability  : missing input sanitising 
Problem-Type   : remote
Debian-specific: no 
CVE ID : CVE-2006-3918 CVE-2005-3352
Debian Bug : 381381 343466

Several remote vulnerabilities have been discovered in the Apache, the
worlds most popular webserver, which may lead to the execution of arbitrary
web script.  The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2005-3352

   A cross-site scripting (XSS) flaw exists in the mod_imap component of
   the Apache server.

CVE-2006-3918

   Apache does not sanitize the Expect header from an HTTP request when 
   it is reflected back in an error message, which might allow cross-site 
   scripting (XSS) style attacks.

For the stable distribution (sarge) these problems have been fixed in
version 1.3.33-6sarge3.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.34-3.

We recommend that you upgrade your apache package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.dsc
  Size/MD5 checksum: 1119 38df6fe54a784dfcbf3e1510e099865e

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3.diff.gz
  Size/MD5 checksum:   373584 2af62cfb3d6523134bf52d32567d396a

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
  Size/MD5 checksum:  3105683 1a34f13302878a8713a2ac760d9b6da8

  Architecture independent components:


http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge3_all.deb
  Size/MD5 checksum:   334696 494bae0fb839c498146119864a215a45

http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge3_all.deb
  Size/MD5 checksum:  1333060 d580b14b6d0dcd625d2e5d8cd052e172

http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge3_all.deb
  Size/MD5 checksum:   212750 62b603132ddffa8f1d209e25efaf710b

  Alpha architecture:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_alpha.deb
  Size/MD5 checksum:   428394 f046f50e83b2001911b075426a00496e

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_alpha.deb
  Size/MD5 checksum:   904410 11ab4e174f28b2ad55a4b8fe9164ec70

http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_alpha.deb
  Size/MD5 checksum:  9223374 18af7b52030a8235808f758c9adc2233

http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_alpha.deb
  Size/MD5 checksum:   569796 3df0cdde9f4293b732b00535e288638d

http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_alpha.deb
  Size/MD5 checksum:   542832 a76d1fe52c6c7b604a4406b09b553dfb

http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_alpha.deb
  Size/MD5 checksum:   505212 cd448b4a36c588e832fb3450ee568383

  AMD64 architecture:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge3_amd64.deb
  Size/MD5 checksum:   401596 25172b26459154f43f6d6a30ca984223

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge3_amd64.deb
  Size/MD5 checksum:   876800 90566c369fb5bd3aef95cb1a982c4673

http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge3_amd64.deb
  Size/MD5 checksum:  9163050 0039650aceb91734f4d28d71ed03b0b7

http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge3_amd64.deb
  Size/MD5 checksum:   524552 974a82bc6cad36fceca1beb7e6e8a751

http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge3_amd64.deb
  Size/MD5 checksum:   513922 cee41d6c34a440aa2641c6298afaec78

http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge3_amd64.deb
  Size/MD5 checksum:   492634 a42522ddd4b1b0df67c214fe8fe30702

  ARM architecture:


http

[SECURITY] [DSA 1132-1] New apache2 packages fix buffer overflow

2006-08-01 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1132-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
Aug 1st, 2005   http://www.debian.org/security/faq
- --

Package: apache2
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID : CVE-2006-3747
CERT advisory  : VU#395412
Debian Bug : 380182

Mark Dowd discovered a buffer overflow in the mod_rewrite component of
apache, a versatile high-performance HTTP server.  In some situations a
remote attacker could exploit this to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in
version 2.0.54-5sarge1.

For the unstable distribution (sid) this problem will be fixed shortly.

We recommend that you upgrade your apache2 package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.dsc
  Size/MD5 checksum: 1153 4b2aeab1c5578a6879c1d036487c75a2

http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1.diff.gz
  Size/MD5 checksum:   110080 57c824fbbbae3fa68d504797fa8e6341

http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54.orig.tar.gz
  Size/MD5 checksum:  7493636 37d0d0a3e25ad93d37f0483021e70409

  Architecture independent components:


http://security.debian.org/pool/updates/main/a/apache2/apache2-doc_2.0.54-5sarge1_all.deb
  Size/MD5 checksum:  3891046 f860e8207364bbbf05cfd81fa281508e

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-threadpool_2.0.54-5sarge1_all.deb
  Size/MD5 checksum:33564 7d974c7e0f38c6e31017e712f15214fd

  Alpha architecture:


http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:33488 f36f397f92e8946d342d8b939a8e1f41

http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   865320 82e919111eccc60ed021aa196cc3cb00

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   246374 e6d9e455161bad25b178992b109c9375

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   241488 80524503bc76924132c26df38c61e5ad

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   245676 91eab40f8da34595f1a96c1b3c2254a3

http://security.debian.org/pool/updates/main/a/apache2/apache2-prefork-dev_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   167694 81b924d7aca297e86e600a3439d31d4a

http://security.debian.org/pool/updates/main/a/apache2/apache2-threaded-dev_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   168422 fa3bf3865b48d5a8324a6e6135ffaab1

http://security.debian.org/pool/updates/main/a/apache2/apache2-utils_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:97552 67c989219009488916ba16f399fa33fb

http://security.debian.org/pool/updates/main/a/apache2/libapr0_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   155792 ff3355874d8b7fa7c6ad1c55f8eabb8c

http://security.debian.org/pool/updates/main/a/apache2/libapr0-dev_2.0.54-5sarge1_alpha.deb
  Size/MD5 checksum:   315260 ed3c2bc91b3be333c535aae01959f5f0

  AMD64 architecture:


http://security.debian.org/pool/updates/main/a/apache2/apache2_2.0.54-5sarge1_amd64.deb
  Size/MD5 checksum:33482 431da06ae2973e4ab7e6195652b4f8b6

http://security.debian.org/pool/updates/main/a/apache2/apache2-common_2.0.54-5sarge1_amd64.deb
  Size/MD5 checksum:   826686 3e2d13f95a82053ec6afa782ae62ffec

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-perchild_2.0.54-5sarge1_amd64.deb
  Size/MD5 checksum:   221350 7f3384834425befc9437ff16795fe827

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-prefork_2.0.54-5sarge1_amd64.deb
  Size/MD5 checksum:   216820 76034c08d148bf01b7eb72f5156fe2bc

http://security.debian.org/pool/updates/main/a/apache2/apache2-mpm-worker_2.0.54-5sarge1_amd64.deb
  Size/MD5 checksum:   220588 382bd5f3a47262c68c72566ae45aa005

[SECURITY] [DSA 1131-1] New apache package fix buffer overflow

2006-08-01 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1131-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
Aug 1st, 2006   http://www.debian.org/security/faq
- --

Package: apache
Vulnerability  : buffer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID : CVE-2006-3747
CERT advisory  : VU#395412
Debian Bug : 380231

Mark Dowd discovered a buffer overflow in the mod_rewrite component of
apache, a versatile high-performance HTTP server.  In some situations a
remote attacker could exploit this to execute arbitary code.

For the stable distribution (sarge) this problem has been fixed in version 
1.3.33-6sarge2.

For the unstable distribution (sid) this problems will be fixed shortly.

We recommend that you upgrade your apache package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 


  Source archives:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.dsc
  Size/MD5 checksum: 1119 8188c2fe660d475970139af295b07b86

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2.diff.gz
  Size/MD5 checksum:   372930 40c5ca3d91d1307a191915459bc94237

http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33.orig.tar.gz
  Size/MD5 checksum:  3105683 1a34f13302878a8713a2ac760d9b6da8

  Architecture independent components:


http://security.debian.org/pool/updates/main/a/apache/apache-dev_1.3.33-6sarge2_all.deb
  Size/MD5 checksum:   334562 a6a506713c09c27143feffe738aed3f9

http://security.debian.org/pool/updates/main/a/apache/apache-doc_1.3.33-6sarge2_all.deb
  Size/MD5 checksum:  1332888 f24fa9421e8dc9acec2467b58468f2dd

http://security.debian.org/pool/updates/main/a/apache/apache-utils_1.3.33-6sarge2_all.deb
  Size/MD5 checksum:   212626 b9a5198ee442212cdd248be8827400a1

  Alpha architecture:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_alpha.deb
  Size/MD5 checksum:   428152 a58caae837e1025d97cf44bf8fb23f0f

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_alpha.deb
  Size/MD5 checksum:   904242 ce2a0e4b97c1926dafdf31e589883995

http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_alpha.deb
  Size/MD5 checksum:  9223072 182f1789104e294f72fede75dc13b875

http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_alpha.deb
  Size/MD5 checksum:   569406 185346b21b2adbc248a06f689f094b97

http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_alpha.deb
  Size/MD5 checksum:   542576 dfe389cdb48d38ee2a27a3a622a6c6e0

http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_alpha.deb
  Size/MD5 checksum:   505050 36759af8debeceeebdd083a337e590cb

  AMD64 architecture:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_amd64.deb
  Size/MD5 checksum:   401466 6d45b8e9a23382f6b2eadc28af28e4a4

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_amd64.deb
  Size/MD5 checksum:   876652 7474a08ccd74235787761b8e1ffe8c0e

http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33-6sarge2_amd64.deb
  Size/MD5 checksum:  9162572 b55d8df232edbd900372fe339a065fd1

http://security.debian.org/pool/updates/main/a/apache/apache-perl_1.3.33-6sarge2_amd64.deb
  Size/MD5 checksum:   524410 41142b30d22c99476977c339cf071504

http://security.debian.org/pool/updates/main/a/apache/apache-ssl_1.3.33-6sarge2_amd64.deb
  Size/MD5 checksum:   513708 5377d3aa2ad92e07db2654d3fd3761d1

http://security.debian.org/pool/updates/main/a/apache/libapache-mod-perl_1.29.0.3-6sarge2_amd64.deb
  Size/MD5 checksum:   492544 2d15619f2db2d39d6abdaf25574fbf4c

  ARM architecture:


http://security.debian.org/pool/updates/main/a/apache/apache_1.3.33-6sarge2_arm.deb
  Size/MD5 checksum:   384260 7785f5fa4d814bd1a1ec946fe007ec53

http://security.debian.org/pool/updates/main/a/apache/apache-common_1.3.33-6sarge2_arm.deb
  Size/MD5 checksum:   841372 83ed59ba296d64b5b6731c3a57902810

http://security.debian.org/pool/updates/main/a/apache/apache-dbg_1.3.33

[SECURITY] [DSA 1102-1] New pinball packages fix privilege escalation

2006-06-26 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1102-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
June 26th, 2006 http://www.debian.org/security/faq
- --

Package: pinball
Vulnerability  : design error
Problem type   : local
Debian-specific: no
CVE ID : CVE-2006-2196

Steve Kemp from the Debian Security Audit project discovered that
pinball, a pinball simulator, can be tricked into loading level
plugins from user-controlled directories without dropping privileges.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.1-6.

We recommend that you upgrade your pinball package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.dsc
  Size/MD5 checksum:  811 17ac5604e5bb7e13b938d84012c6ea7c

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1.diff.gz
  Size/MD5 checksum:   320626 5473ae87027018899b08f12c34ddd538

http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1.orig.tar.gz
  Size/MD5 checksum:  6082982 f28e8f49e0db8e9491e4d9f0c13c36c6

  Architecture independent components:


http://security.debian.org/pool/updates/main/p/pinball/pinball-data_0.3.1-3sarge1_all.deb
  Size/MD5 checksum:  5542524 c586ed47103f89443cf32f57984ac95c

  Alpha architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_alpha.deb
  Size/MD5 checksum:   189898 6168d325d265c72da1007aaa83c7b9bd

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_alpha.deb
  Size/MD5 checksum:   325654 caeae82e416a40ad943ff38ce8c5eb98

  AMD64 architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_amd64.deb
  Size/MD5 checksum:   167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_amd64.deb
  Size/MD5 checksum:   242432 36c44eed9de2d48089e7c396e270c98e

  ARM architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_arm.deb
  Size/MD5 checksum:   193056 52d5e3fb06e529326ae361f739915169

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_arm.deb
  Size/MD5 checksum:   294198 4bc5b7e9d5b1cc0f0b90f91290cf0999

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_i386.deb
  Size/MD5 checksum:   159576 b7fcaf42621d2c356de66c90ea19fab0

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_i386.deb
  Size/MD5 checksum:   219780 7a4877a175b976ca20d25040e0fcab11

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_ia64.deb
  Size/MD5 checksum:   221146 717fb85a21f4bd4a535200a7420e16b9

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_ia64.deb
  Size/MD5 checksum:   315856 a9a8496a1d029a0d64afb00b0c5fd116

  HP Precision architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_hppa.deb
  Size/MD5 checksum:   191708 e97c652fb430dbaeb5d367f196ea1ba0

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_hppa.deb
  Size/MD5 checksum:   300260 606404a0da99b9884229bee10849413e

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_m68k.deb
  Size/MD5 checksum:   160442 1ff1dd9d285de6e7300f8e7eb027c766

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1-3sarge1_m68k.deb
  Size/MD5 checksum:   223038 a7a4a5a997a05cf929b45529cd81942f

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/p/pinball/pinball_0.3.1-3sarge1_mips.deb
  Size/MD5 checksum:   166400 05f3ea274037ffb1a2b76fa5a802ff87

http://security.debian.org/pool/updates/main/p/pinball/pinball-dev_0.3.1

[SECURITY] [DSA 1084-1] New typespeed packages fix arbitrary code execution

2006-05-31 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1084-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
May 31st, 2006  http://www.debian.org/security/faq
- --

Package: typespeed
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2006-1515

Niko Tyni discovered a buffer overflow in the processing of network
data in typespeed, a game for testing and improving typing speed, which
could lead to the execution of arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 0.4.1-2.4.

For the stable distribution (sarge) this problem has been fixed in
version 0.4.4-8sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.4.4-10.

We recommend that you upgrade your typespeed packages.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- 

  Source archives:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.dsc
  Size/MD5 checksum:  575 dde5c050b1e67ffe4514b9dedce6b7fc

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4.diff.gz
  Size/MD5 checksum: 8612 c431a405c883545c348dad82ff0c5128

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
  Size/MD5 checksum:35492 0af9809cd20bd9010732ced930090f32

  Alpha architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_alpha.deb
  Size/MD5 checksum:44616 e12714bb06b857244da1dd39bdb17a6e

  ARM architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_arm.deb
  Size/MD5 checksum:39268 e6652cd262056a06c92c9a6715033ec5

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_i386.deb
  Size/MD5 checksum:39006 e69aa8f0bad65aa5f8b85792b5ea63be

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_ia64.deb
  Size/MD5 checksum:50214 d09c640908ada757a3d37980ea80d6fd

  HP Precision architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_hppa.deb
  Size/MD5 checksum:42168 2b14f1071f09ec1a8a20f1cd62a17654

  Motorola 680x0 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_m68k.deb
  Size/MD5 checksum:37690 79068703c63e95c32d0e9a732065a42b

  Big endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mips.deb
  Size/MD5 checksum:41270 222ba830c5e6d37ee7a9458a84a52074

  Little endian MIPS architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_mipsel.deb
  Size/MD5 checksum:41324 e229b337a3d761192afc307931d6310e

  PowerPC architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_powerpc.deb
  Size/MD5 checksum:41550 02b214201c33b7f678749f56414f6853

  IBM S/390 architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_s390.deb
  Size/MD5 checksum:39120 9d72d98cd5b59e79dc71f5cdd5bffa00

  Sun Sparc architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.4_sparc.deb
  Size/MD5 checksum:43222 1091af6dcd4e56c43a8b981ed2668105


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.dsc
  Size/MD5 checksum:  596 6e67253c4c56b5709eb5829cf4a632c8

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1.diff.gz
  Size/MD5 checksum: 6758 6a41c5d37ffca328987e7197adad8e4a

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4.orig.tar.gz
  Size/MD5 checksum:38526 97ca3e3d0323c41ecc4f453f557287ea

  Alpha architecture:


http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.4-8sarge1_alpha.deb
  Size/MD5 checksum:48440 6ff82fd7eedb568a2be2f5c4700684d1

  AMD64 architecture:


http://security.debian.org/pool

[SECURITY] [DSA 1080-1] New dovecot packages fix directory traversal

2006-05-29 Thread Steve Kemp

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- --
Debian Security Advisory DSA 1080-1[EMAIL PROTECTED]
http://www.debian.org/security/ Steve Kemp
May 29th, 2006  http://www.debian.org/security/faq
- --

Package: dovecot
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID : CVE-2006-2414

A problem has been discovered in the IMAP component of Dovecot, a
secure mail server that supports mbox and maildir mailboxes, which can
lead to information disclosure via directory traversal by
authenticated users.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.99.14-1sarge0.

For the unstable distribution (sid) this problem has been fixed in
version 1.0beta8-1.

We recommend that you upgrade your dovecot-imapd package.


Upgrade Instructions
- 

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- 

  Source archives:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.dsc
  Size/MD5 checksum:  760 5365f712ee15d1c3b825af2ef95f583e

http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0.diff.gz
  Size/MD5 checksum:26557 e30859421db7ebe8478dacb02110f3f0

http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14.orig.tar.gz
  Size/MD5 checksum:   871285 a12e26fd378a46c31ec3a81ab7b55b5b

  Architecture independent components:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot_0.99.14-1sarge0_all.deb
  Size/MD5 checksum: 7516 b6813e75e60e5094ac114fcc198d2ea2

  Alpha architecture:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_alpha.deb
  Size/MD5 checksum:   283796 06751f47fe61b4f9fd410cd055288be2

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_alpha.deb
  Size/MD5 checksum:   364838 e6e564cf60e92b4bd12f5209f56ed4c1

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_alpha.deb
  Size/MD5 checksum:   331290 e6bf35a49d23636b53378e996ce9c1d2

  AMD64 architecture:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_amd64.deb
  Size/MD5 checksum:   258846 990b811364af83c3223e6a733fb6856b

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_amd64.deb
  Size/MD5 checksum:   311520 642e17490997baa93857b282c4b13f7a

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_amd64.deb
  Size/MD5 checksum:   285308 6ea57ba9b419b77964812a93f959b98c

  ARM architecture:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_arm.deb
  Size/MD5 checksum:   244796 64574178089a5c8ee75912adbe0aaf33

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_arm.deb
  Size/MD5 checksum:   289624 5d4b172a52f4f23d9702348d03b35ff3

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_arm.deb
  Size/MD5 checksum:   265496 3284fc52fd054f5545e8327cc0d39e7a

  Intel IA-32 architecture:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_i386.deb
  Size/MD5 checksum:   245230 ba2e1bccd3d12180c2ec50d41102dde7

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_i386.deb
  Size/MD5 checksum:   292656 00c0245e231a07bc05104c2b3113951b

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_i386.deb
  Size/MD5 checksum:   268158 9c061cc01ca82178530b6c47aad1120c

  Intel IA-64 architecture:


http://security.debian.org/pool/updates/main/d/dovecot/dovecot-common_0.99.14-1sarge0_ia64.deb
  Size/MD5 checksum:   308824 fab290d2d317aa96a029214cf05e

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-imapd_0.99.14-1sarge0_ia64.deb
  Size/MD5 checksum:   429626 287f26ebef5de68a0867ef38fcba4aa0

http://security.debian.org/pool/updates/main/d/dovecot/dovecot-pop3d_0.99.14-1sarge0_ia64.deb
  Size/MD5 checksum:   389276 f4cc53876bae4f3780eeb89465700c8f

  HP Precision architecture:


http

88 matches

Mail list logo