[Full-disclosure] Hacking The Interwebs
http://www.gnucitizen.org/blog/hacking-the-interwebs When the victim visits a malicious SWF file, a 4 step ATTACK will silently execute in the background. At that moment the attacker will have control over their router, pretty much regardless of its model. *Many of the home routers are vulnerable to this attack as many of them support UPnP to one degree or another.* The attack does not rely on any bugs. Simply put, when two completely legitimate technologies, Flash and UPnP, are combined together, they compose a vulnerability, which exposes many home networks to a great risk. The attack depends on the fact that most, if not all, routers are UPnP enabled. The UPnP SOAP service can be accessed without authorization over the default Web Admin Interface. With the help of Flash, the attacker can send arbitrary SOAP messages to the router's UPnP control point and as such reconfigure the device in order to enable further attacks.. The most malicious of all malicious things to do when a device is compromised via the attack described in the link pointed at the top of this email, is to change the primary DNS server. That will effectively turn the router and the network it controls into a zombie which the attacker can take advantage of whenever they feel like it. It is also possible to reset the admin credentials and create the sort of onion routing network all bad guys want. Many routers come with Layer3 portforwarding UPnP service. This is also a potential vector that attackers can use. In cases like this, they will simply expose ports behind the router on the Internet facing side. ***We hope that by exposing this information, we will drastically improve the situation for the future. I think that this is a lot better than keeping it for ourselves or risking it all by given the criminals the opportunity to have in possession a secret which no one else is aware of.* The best way to protect against this attack is turn off UPnP if your router's Admin Interface allows it. It seams that many routers simply does not have this feature. More information on related UPnP research can be found here: http://www.gnucitizen.org/ http://www.gnucitizen.org/blog/steal-his-wi-fi http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub-5 http://www.gnucitizen.org/blog/hacking-with-upnp-universal-plug-and-play GNUCITIZEN is a Cutting Edge, Ethical Hacker Outfit, Information Think Tank, which primarily deals with all aspects of the art of hacking. Our work has been featured in established magazines and information portals, such as Wired, Eweek, The Register, PC Week, IDG, BBC and many others. The members of the GNUCITIZEN group are well known and well established experts in the Information Security, Black Public Relations (PR) Industries and Hacker Circles with widely recognized experience in the government and corporate sectors and the open source community. GNUCITIZEN is an ethical, white-hat organization that doesn't hide anything. We strongly believe that knowledge belongs to everyone and we make everything to ensure that our readers have access to the latest cutting-edge research and get alerted of the newest security threats when they come. Our experience shows that the best way of protection is mass information. And we mean that literally!!! It is in the public's best interest to make our findings accessible to vast majority of people, simply because it is proven that the more people know about a certain problem, the better. -- pdp (architect) | petko d. petkov http://www.gnucitizen.org http://www.hakiri.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1460-1] New postgresql-8.1 packages fix several vulnerabilities
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1460-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq - Package: postgresql-8.1 Vulnerability : several Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-3278 CVE-2007-4769 CVE-2007-4772 CVE-2007-6067 CVE-2007-6600 CVE-2007-6601 Several local vulnerabilities have been discovered in PostgreSQL, an object-relational SQL database. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-3278 It was discovered that the DBLink module performed insufficient credential validation. This issue is also tracked as CVE-2007-6601, since the initial upstream fix was incomplete. CVE-2007-4769 Tavis Ormandy and Will Drewry discovered that a bug in the handling of back-references inside the regular expressions engine could lead to an out of bands read, resulting in a crash. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-4772 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked into an infinite loop, resulting in denial of service. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-6067 Tavis Ormandy and Will Drewry discovered that the optimizer for regular expression could be tricked massive ressource consumption. This constitutes only a security problem if an application using ProgreSQL processes regular expressions from untrusted sources. CVE-2007-6600 Functions in index expressions could lead to privilege escalation. For a more in depth explanation please see the upstream announce available at http://www.postgresql.org/about/news.905. For the unstable distribution (sid), these problems have been fixed in version 8.2.6-1 of postgresql-8.2. For the stable distribution (etch), these problems have been fixed in version postgresql-8.1 8.1.11-0etch1. The old stable distribution (sarge), doesn't contain postgresql-8.1. We recommend that you upgrade your postgresql-8.1 (8.1.11-0etch1) package. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.diff.gz Size/MD5 checksum:35762 c4858189bfd1ef7b426d7ad337293a00 http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11.orig.tar.gz Size/MD5 checksum: 1100 9eadd7e16f547a8ce1e0eec5de96632e http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1.dsc Size/MD5 checksum: 1171 118e1cfc403a8299dfa76fc1e267342e Architecture independent packages: http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-doc-8.1_8.1.11-0etch1_all.deb Size/MD5 checksum: 1597344 fc757ca9e80c49309458624a4d6fd3ab alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-contrib-8.1_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 671056 d60a96a721b26b2b5bd1c5ee7ef10de0 http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-8.1_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 4485032 288e073ec4ba0291155d26e8bda27d89 http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-server-dev-8.1_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 615002 9f7b83a128b100c1848f791aa3fd4bc5 http://security.debian.org/pool/updates/main/p/postgresql-8.1/postgresql-plpython-8.1_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 179300 bf2196f4fe7fa598045630d8cf6182bd http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpq4_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 288728 451ad14dc38e9dd85854b0bce01f9074 http://security.debian.org/pool/updates/main/p/postgresql-8.1/libpgtypes2_8.1.11-0etch1_alpha.deb Size/MD5 checksum: 194344 3e900434f89cbcaf48ebac01df90acfd
[Full-disclosure] [SECURITY] [DSA 1462-1] New hplip packages fix privilege escalation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1462-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq - Package: hplip Vulnerability : missing input sanitising Problem type : local Debian-specific: no CVE Id(s) : CVE-2007-5208 Kees Cook discovered that the hpssd tool of the HP Linux Printing and Imaging System (HPLIP) performs insufficient input sanitising of shell meta characters, which may result in local privilege escalation to the hplip user. For the unstable distribution (sid), this problem has been fixed in version 1.6.10-4.3. For the stable distribution (etch), this problem has been fixed in version 1.6.10-3etch1. The old stable distribution (sarge) is not affected by this problem. We recommend that you upgrade your hplip packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1.dsc Size/MD5 checksum: 909 d7045ceab044d91ae541bda2ea59bc00 http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10.orig.tar.gz Size/MD5 checksum: 10561620 01519018343978776fe4acfbdb7cb6df http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1.diff.gz Size/MD5 checksum: 256240 1a0df06890cce015d0ff0c1cebb47b33 Architecture independent packages: http://security.debian.org/pool/updates/main/h/hplip/hpijs-ppds_2.6.10+1.6.10-3etch1_all.deb Size/MD5 checksum: 1768320 f9fe84711c29f7c909b01e1d37974fc4 http://security.debian.org/pool/updates/main/h/hplip/hplip-data_1.6.10-3etch1_all.deb Size/MD5 checksum: 6294792 4c8c872e73cf39a608be688247e9a075 http://security.debian.org/pool/updates/main/h/hplip/hplip-doc_1.6.10-3etch1_all.deb Size/MD5 checksum: 1621540 a19ce96589c54dc339440d79639bfd3b alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_alpha.deb Size/MD5 checksum: 854400 b69812ded55c698618d717f6618d6c2d http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_alpha.deb Size/MD5 checksum: 608062 5e060ec2bfcc19bcc79bef5ee4927573 http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_alpha.deb Size/MD5 checksum: 395804 516d79f02a240ba0909f0721d7d0892b amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_amd64.deb Size/MD5 checksum: 352596 22690bfaa68ad839d87cb91cc6141f86 http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_amd64.deb Size/MD5 checksum: 574128 a7838c8936cd402d36f862d166ca6cfa http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_amd64.deb Size/MD5 checksum: 848322 dd893cce9c62b386cf7b5693d840ede9 arm architecture (ARM) http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_arm.deb Size/MD5 checksum: 341896 484e49772401df9f4abacea15dbdc6f5 http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_arm.deb Size/MD5 checksum: 567086 24dde0f72c7ff22dec903f282e4affb3 http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_arm.deb Size/MD5 checksum: 815130 144b3ccdd9a2fc784f6abe313baeba6d hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_hppa.deb Size/MD5 checksum: 391326 60c0718d9387824ac932bbd55d5d70d4 http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_hppa.deb Size/MD5 checksum: 598240 2c61260f7aa069fcb212d96950cd794d http://security.debian.org/pool/updates/main/h/hplip/hplip-dbg_1.6.10-3etch1_hppa.deb Size/MD5 checksum: 829476 44e43ba5bfa042384328223b646c41ad i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/h/hplip/hpijs_2.6.10+1.6.10-3etch1_i386.deb Size/MD5 checksum: 349776 c4a59d79282d7fe21153772571e08a07 http://security.debian.org/pool/updates/main/h/hplip/hplip_1.6.10-3etch1_i386.deb Size/MD5 checksum: 570118 0178b5c6b2fb076349d8a1c7a1d6f401
[Full-disclosure] [SECURITY] [DSA 1461-1] New libxml2 packages fix denial of service
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1461-1 [EMAIL PROTECTED] http://www.debian.org/security/ Moritz Muehlenhoff January 13, 2008 http://www.debian.org/security/faq - Package: libxml2 Vulnerability : missing input validation Problem type : local(remote) Debian-specific: no CVE Id(s) : CVE-2007-6284 Brad Fitzpatrick discovered that the UTF-8 decoding functions of libxml2, the GNOME XML library, validate UTF-8 correctness insufficiently, which may lead to denial of service by forcing libxml2 into an infinite loop. For the unstable distribution (sid), this problem will be fixed soon. For the stable distribution (etch), this problem has been fixed in version 2.6.27.dfsg-2. For the old stable distribution (sarge), this problem has been fixed in version 2.6.16-7sarge1. We recommend that you upgrade your libxml2 packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.dsc Size/MD5 checksum: 884 991cf7cfdaf3ef05e95ec11f1b99b345 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1.diff.gz Size/MD5 checksum: 127107 b142c10e523b8d72ec427382849f2d39 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16.orig.tar.gz Size/MD5 checksum: 4008551 7b28b412498625b51d86e58e30fbdd31 Architecture independent packages: http://security.debian.org/pool/updates/main/libx/libxml2/python-libxml2_2.6.16-7sarge1_all.deb Size/MD5 checksum:17242 ebfb4ef8a14dec1a34ad62fe6955afef http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-python2.3_2.6.16-7sarge1_all.deb Size/MD5 checksum:10850 7a426e3c11a74852fc695612e2bfca25 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-doc_2.6.16-7sarge1_all.deb Size/MD5 checksum: 930164 e4458eaa1f1080dfe1745a92c8f667e5 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_alpha.deb Size/MD5 checksum: 178380 39cec4bba77bc3aef4aefd5f7303470d http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_alpha.deb Size/MD5 checksum: 178364 2ce12c73236c4c341b358c92b198dbae http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_alpha.deb Size/MD5 checksum: 177434 0fb0c05e5397d45ef0f3b46ade61b9a5 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_alpha.deb Size/MD5 checksum:32144 a8e00165ef4f0394e56b19d5b53689c2 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_alpha.deb Size/MD5 checksum: 693524 6d2d2b24908645d3e7eb18a2a68f55bf http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_alpha.deb Size/MD5 checksum: 797876 d1f891c9bc973625fe9630417d1736c8 amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-dev_2.6.16-7sarge1_amd64.deb Size/MD5 checksum: 639976 c7e4f773476dcd7160db8f7dde721acc http://security.debian.org/pool/updates/main/libx/libxml2/python2.3-libxml2_2.6.16-7sarge1_amd64.deb Size/MD5 checksum: 177492 036dac53f32c6de1687db56091ce7053 http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.16-7sarge1_amd64.deb Size/MD5 checksum: 629976 57128d940cbf7a3c7b0fc33c959a4412 http://security.debian.org/pool/updates/main/libx/libxml2/python2.2-libxml2_2.6.16-7sarge1_amd64.deb Size/MD5 checksum: 176350 bb18c925d5ac4a32b9671b2d10a5a3ec http://security.debian.org/pool/updates/main/libx/libxml2/libxml2-utils_2.6.16-7sarge1_amd64.deb Size/MD5 checksum:30478 f089b56d3a85b90aaef374e7334670f6 http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_amd64.deb Size/MD5 checksum: 177470 299fbaab814c6602dbe828be31857703 arm architecture (ARM) http://security.debian.org/pool/updates/main/libx/libxml2/python2.4-libxml2_2.6.16-7sarge1_arm.deb Size/MD5 checksum: 159118 37b60276f1605a208923b20b5b35e937
Re: [Full-disclosure] what is this?
more,its not a java script,looks like a html page[notice the html and body tag n the file] there is also a random function,which generate the random string which is used to store teh files on c drive and may be for the random url.its trying to play mp3 and other files.all looks like messed up.may be there is another script which is getting embeded in pages which infect calling this script? On Jan 13, 2008 9:31 PM, crazy frog crazy frog [EMAIL PROTECTED] wrote: Hi, Recently on opening one of my site,my antivirus pops up saying that it has found on malicious script.the url is random and i have managed to get tht script.it is using some flaw in apple quick time. u can get the zip file for java script here: http://secgeeks.com/what.zip password is 12345 can somebody guide/help me what is this and how can i remove it? -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com -- advertise on secgeeks? http://secgeeks.com/Advertising_on_Secgeeks.com http://newskicks.com ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] [SECURITY] [DSA 1459-1] New gforge packages fix SQL injection
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - Debian Security Advisory DSA-1459-1 [EMAIL PROTECTED] http://www.debian.org/security/ Thijs Kinkhorst January 13, 2008 http://www.debian.org/security/faq - Package: gforge Vulnerability : insufficient input validation Problem-Type : remote Debian-specific: no CVE ID : CVE-2008-0173 It was discovered that Gforge, a collaborative development tool, did not properly sanitise some CGI parameters, allowing SQL injection in scripts related to RSS exports. For the stable distribution (etch), this problem has been fixed in version 4.5.14-22etch4. For the old stable distribution (sarge), this problem has been fixed in version 3.1-31sarge5. For the unstable distribution (sid), this problem has been fixed in version 4.6.99+svn6330-1. We recommend that you upgrade your gforge packages. Upgrade instructions - wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian 3.1 (oldstable) - -- Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, m68k, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.diff.gz Size/MD5 checksum: 298148 fd78915a83bd2c0ebf907adb10369846 http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1.orig.tar.gz Size/MD5 checksum: 1409879 c723b3a9efc016fd5449c4765d5de29c http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5.dsc Size/MD5 checksum: 868 336e19234bd80dd1856259700146978a Architecture independent packages: http://security.debian.org/pool/updates/main/g/gforge/gforge-web-apache_3.1-31sarge5_all.deb Size/MD5 checksum: 1108124 36e222e23527c67affc8d103bc483351 http://security.debian.org/pool/updates/main/g/gforge/gforge-lists-mailman_3.1-31sarge5_all.deb Size/MD5 checksum:58324 639ec6b4b363a4526d6d459858b230ce http://security.debian.org/pool/updates/main/g/gforge/gforge-ftp-proftpd_3.1-31sarge5_all.deb Size/MD5 checksum:59936 1201c29fe43d659ba1fa1ec8d1c97dcb http://security.debian.org/pool/updates/main/g/gforge/gforge-db-postgresql_3.1-31sarge5_all.deb Size/MD5 checksum: 148510 c4eeb3e6b1fb6d1d5d8b7a5dcbdc2b5a http://security.debian.org/pool/updates/main/g/gforge/gforge-common_3.1-31sarge5_all.deb Size/MD5 checksum:93948 8b3b2651d9c87db5001a3207174f0620 http://security.debian.org/pool/updates/main/g/gforge/gforge-dns-bind9_3.1-31sarge5_all.deb Size/MD5 checksum:72540 3c46ebf2c9c7790913b4138fda70abf7 http://security.debian.org/pool/updates/main/g/gforge/gforge_3.1-31sarge5_all.deb Size/MD5 checksum:56466 2b16eefa372e82788db9d8628f689763 http://security.debian.org/pool/updates/main/g/gforge/gforge-cvs_3.1-31sarge5_all.deb Size/MD5 checksum:99274 63cd91f21d6c1c8070cab36e8c116b57 http://security.debian.org/pool/updates/main/g/gforge/gforge-sourceforge-transition_3.1-31sarge5_all.deb Size/MD5 checksum:59412 6ad709e90b0071acf6b002824c99a996 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim_3.1-31sarge5_all.deb Size/MD5 checksum:64758 552a93aa07b144e643dfbcc97cb84064 http://security.debian.org/pool/updates/main/g/gforge/sourceforge_3.1-31sarge5_all.deb Size/MD5 checksum:55908 bfc08b5a188699a7b524ca8849d123db http://security.debian.org/pool/updates/main/g/gforge/gforge-ldap-openldap_3.1-31sarge5_all.deb Size/MD5 checksum:70838 f699bb5444a9b7bb8e096c44e3cd0650 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-postfix_3.1-31sarge5_all.deb Size/MD5 checksum:64858 efd816ced0348fa8b56f4c3e5256a840 http://security.debian.org/pool/updates/main/g/gforge/gforge-mta-exim4_3.1-31sarge5_all.deb Size/MD5 checksum:65220 b9e32d3ccfa6a1de77393da4563e5fb2 http://security.debian.org/pool/updates/main/g/gforge/gforge-shell-ldap_3.1-31sarge5_all.deb Size/MD5 checksum:61078 3374d78c0cef648a6aad1725a1e6cb1a Debian 4.0 (stable) - --- Stable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gforge/gforge_4.5.14.orig.tar.gz Size/MD5 checksum: 2161141 e85f82eff84ee073f80a2a52dd32c8a5